The CyberWire Daily Briefing 09.20.16

Summary

By The CyberWire Staff

The FBI is looking for some legal scunnion to bring against Fancy Bear and Cozy Bear for their role in US election-related hacking. As they do, worries about voting hacks mount, with attendant Congressional jockeying for moral advantage.

As investigation into the weekend's attacks in New York, New Jersey, and Minnesota continues, many call for counter-radicalization. This has been cast (by the White House, among others) as a struggle of "narratives," and while that formulation is easy for many to mock as sad stuff (as if one could spin one's way to victory in combat as easily as one might to victory in elections or marketing) there's something to it. It's difficult for many to see, however, the ways in which post-modern Westerners might win this particular information battle: what's on offer that could compete with the houris of paradise?

A researcher reports finding backdoors in Xiaomi smartphones.

Zscaler describes the iSpy keylogger.

Cisco has patched another vulnerability similar to one the Shadow Brokers released (and Cisco subsequently fixed). It's unclear from reports whether the bug was in the Equation Group tranche of zero-days or whether the revelation of the BENIGNCERTAIN exploit prompted the research that disclosed similar flaws. Probably the latter; in any case, patch.

Mozilla is expected to patch Firefox later today.

In industry news, Vista Equity Partners is taking Infoblox private, acquiring it for $1.6 billion. Webroot has acquired San Diego based machine-learning shop CyberFlow Analytics for an undisclosed sum. KBR has picked up Honeywell Technology Solutions.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Argentina, Australia, Belgium, Burundi, Canada, Denmark, European Union, France, Hungary, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand. Russia, Saudi Arabia, Spain, United Kingdom, United States

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Virginia Tech's Hume Center, as Charles Clancy weighs in on the Muddy Waters Capital vulnerability-connected shorting of St. Jude stock. Our Guest is Casey Ellis of BugCrowd, the company that offers bug-bounty-hunting-as-a-service. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

CYBERSEC - European Cybersecurity Forum (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC Forum is the first conference of its kind in Poland and one of just a few regular public policy conferences devoted to the strategic issues of cyberspace and cybersecurity in Europe.

Selected Reading

Cyber Trends

The Biggest Cybersecurity Threats Are Inside Your Company (Harvard Business Review) When security breaches make headlines, they tend to be about nefarious actors in another country or the catastrophic failure of technology. These kinds of stories are exciting to read and easier for the hacked company to admit to. But the reality is that no matter the size or the scope of a breach, usually it’s caused by an action, or failure, of someone inside the company

Survey Reveals InfoSec is Doing it all Wrong! (Gigaom) While, “doing it all wrong” may be an exaggeration, no one can deny the fact that breaches are on the rise, and IT security solutions seem to be falling behind the attack curve. Yet, those looking to place blame may need only look in the mirror. At least that what a survey from cyber security vendor BeyondTrust is indicating

Energy sector IT pros overconfident in data breach detection skills (Help Net Security) A new study by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 100 participants from the energy sector

Legislation, Policy and Regulation

Belgian Cybersecurity Centre to take over CERT.be from 2017 (Telecompaper) The Belgian government has approved the transfer of the CERT.be team from Belnet to the Cybersecurity Centre from 01 January 2017. The research network operator Belnet has handled the cyber emergency response team since 2009, while the Cybersecurity Centre was created in late 2014 to develop a more coordinated response to cybersecurity threats in Belgium

‘Cyber terrorism could be next nuclear weapon’ (Korea Herald) Cybersecurity expert and former presidential advisor urges vigilance against growing threat

Cyber commission should aim for U.S. global leadership (FedScoop) The U.S. should set itself a goal — as it did with President Kennedy’s moonshot — to be the nation with the world’s most cyber-secure infrastructure

Online recruitment of terrorists should be a top target for intelligence agencies, Clinton says (Washington Post) Democratic presidential nominee Hillary Clinton said that preventing radicalization is a key part of the war on terror, during a Sept. 19 press conference

Pentagon 'struggling' with cybersecurity of weapons hardware (FedScoop) The Joint Federated Assurance Center works to ensure that neither hardware nor software in weapons systems has been compromised by U.S. adversaries

Dateline

Air, Space, and Cyber: Warfighting in a Cyber-contested Environment (The CyberWire) The Air Force general officers who participated in this panel were guarded and general in their remarks, clearly unwilling to give much away in terms of specifics but equally concerned to express the Service's commitment to developing and exercising a full range of capabilities in the cyber domain. Their two civilian interlocutors were somewhat more forthcoming. The overflow crowd, in which uniformed USAF personnel were a heavy majority, listened attentively

Air, Space, and Cyber Conference (Air Force Association) Attend more than 38 sessions, ranging from workshops to major addresses by DoD and Air Force Leadership

Products, Services, and Solutions

Kudelski Security Forms Global Partnership With CrowdStrike to Bring Next-Gen Cybersecurity Solutions to Customers (PRNewswire) Kudelski Security joins CrowdStrike partner program, creates teams to facilitate sales, support, training; Companies to leverage synergies and infrastructure to design, introduce and deliver new offerings

Device Authority Announces New Keyscaler™ IoT Security Platform () KeyScaler™ converges Device Authority and Cryptosoft security solutions and adds policy-driven key & certificate management

Protenus offers hospitals a dynamic patient-monitoring platform (Privacy Tech) Protenus co-founders Robert Lord and Nick Culberson spent a lot of time working with electronic health records when they were in med school. Despite the fact the U.S. government spent a lot of money to launch EHR technology, one important attribute was sorely lacking

Schneider launches Australia’s first cybersecurity firm for industry (The Australian) Schneider Electric is doing its bit to secure the advent of the hyper-connected world with the energy management and automation specialist launching Australia’s first cybersecurity practice dedicated to the industrial space

Symantec Launches Endpoint Protection Cloud (Small Business Computing) Small businesses face a complex and unforgiving security landscape. Responding to their plight, Symantec has launched a new offering that lets small companies mount strong defenses against cyber-attacks while—at the same time—simplifying security management

OATI Cybersecurity Leadership Compliments Presidential Policy Directive – United States Cyber Incident Coordination (Benzinga) Open Access Technology International, Inc. (OATI) proudly maintained strategic relationships for cyber incident response coordination prior to issuance of Presidential Policy Directive

ISARA Corporation Readies Security Measures for the Quantum Age (Yahoo! Finance) ISARA Corporation today announced the availability of its ISARA Quantum Resistant (IQR) Toolkit. The toolkit helps software and hardware solution providers build robust commercial products that protect vulnerable infrastructure against the threat quantum computing already poses to widely-used security standards

Sophos releases product to address global cybersecurity skills shortage (Security Brief) Sophos recently announced their latest security product

Thycotic Unveils Secret Server Cloud for Privileged Accounts (PRNewswire) Cloud-based PAM solution helps organizations combat cyberattacks

New partnership to Increase Cyber Security in the Hospitality Industry (FTN News) Netragard, a leader in Penetration Testing, announced that they are partnering with Hotel Defenders, LLC to decrease cyber security threats in the hospitality industry

LightCyber Closes Breach Detection Gap in Cloud Data Centers by Extending Behavioral Attack Detection to Amazon Web Services (BusinessWire) New Magna products deliver attack detection for public cloud data centers and additional detection for Linux data center workloads

Technologies, Techniques, and Standards

NIST Seeks Comments on Cybersecurity Reports (EE Times) The US National Institute of Standards and Technology (NIST) has recently issued two draft reports on cybersecurity issues of interest to industrial IoT users, and is seeking industry comment before making their final revisions. One report describes the proposed manufacturing profile for NIST's Cybersecurity Framework. The other addresses cryptography standards and practices for resource-constrained processors

The Cryptographic Key That Secures the Web Is Being Changed for the First Time (Motherboard) Soon, one of the most important cryptographic key pairs on the internet will be changed for the first time

Backups aren't just for smoking crater scenarios (CSO) Every company I had worked for in the past was another piece in my continuing education. Along the way there have been some lessons that were recurring. One of the main ones was around backups. Time and again I would encounter the most curious backup…um, strategies

IT asset managers must be proactive with up-front risk mitigation strategies (Help Net Security) Recent Iron Mountain research reveals the risks associated with licensing critical software applications, and why procurement professionals and IT asset managers must take protections to safeguard the software that is at the heart of their business operations

10 steps to protect against higher ed “hacktivism” (eCampus) The how’s, why’s and what-to-do’s of cloud security in higher education

What Smart Cities Can Teach Enterprises About Security (Dark Reading) The more you simplify your security program while still being effective, the better, says San Diego's chief information security officer. Here's his three-step process

Marketplace

Security Specialist Infoblox Taken Private in $1.6B Deal (Light Reading) Network control specialist Infoblox is to be acquired for $1.6 billion by Vista Equity Partners after announcing in June plans to cut 12% of its workforce

Online fraud detector White Ops closes Series B round (New York Business Journal) New York-area startups and venture capitalists are making funding deals with the hopes of creating the next profitable company. Here's one deal announced Monday

Webroot acquires San Diego's CyberFlow Analytics (San Diego Union-Tribune) San Diego cybersecurity start-up CyberFlow Analytics, which developed machine learning algorithms to spot malware creeping around in corporate networks, has been acquired by Webroot for an undisclosed price

KBR acquires Honeywell Technology Solutions (Trade Arabia) KBR, a global technology, engineering, procurement and construction company, announced today that it has completed the acquisition of Honeywell Technology Solutions (HTSI)

Oracle Snaps Up This Startup to Boost Cloud Security (Fortune) Purchase announced just before OpenWorld conference

Machine Brains Start Learning Unsupervised: Elastic Acquires Prelert (Forbes) As we know, planet Earth is now under the control of intelligent machines and, in this new ‘rise of the robots’ dystopia, we have seen machines start to become ‘self-aware’ sentient, emotional and even a little moody from time to time. Okay so that hasn’t happened yet has it? But machine learning and artificial intelligence is on the rise… and so-called ‘behavioral analytics’ technologies are expanding, proliferating and positively diverging all the time

9 Hot Cybersecurity Startups (Nanalyze) In a recent article we discussed the topic of cybersecurity and gave you 10 publicly traded cyber security companies you could invest in to play this theme. As with any technology niche, some of the most exciting players are often startups because they are high risk and high reward. For retail investors, it becomes very difficult to invest in startups but nonetheless you should be aware of what they are up to because those publicly traded stocks you hold might just be displaced by a nimble startup

Fortinet: Still Undervalued (Seeking Alpha) Fortinet is growing revenue slower than its competitors. The unique innovation and product offering can unlock more growth headways. In light of these, Fortinet can be considered undervalued with more upside volatility

InfoZen Wins $200M Contract to Support Modernization of U.S. Citizenship and Immigration Services (Infozen) Agile and DevOps will be used to deliver more secure, efficient services and products

Cryptzone Boosts Channel Program: Big Margins, Plan-Ahead MDFs Among Incentives (Channel Partners) Channel Partners recently visited Cryptzone's Waltham, Massachusetts, offices to hear about the company’s cutting-edge technology and new channel-program enhancements, and to find out how it aims to help partners enter an IT security market that Gartner says generated $75 billion in 2015 and is growing at about 8 percent annually

Australia has plenty of cyber potential, but will it do anything about it? (ZDNet) Australia's paths to successful cyber innovation are right in front of it, if only it bothers to look, fixes some obvious problems, and takes action

Salient CRGT Achieves ISO Certifications (Learn More – Video) (American Security Today) Salient CRGT, a leading provider of Agile software development, data analytics, mobility, cyber security, and infrastructure solutions, today announced the award of the International Organization for Standardization (ISO) 27001:2013 (Security Management System), ISO 9001:2008 (Quality Management System), and ISO 20000-1:2011 (Service Management System) certifications

Code Dx Appoints Internationally Recognized Security Expert Rebecca Bace to Board of Advisors (Benzinga) Code Dx, Inc., a provider of an award-winning suite of fast and affordable tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced it that internationally-recognized security technology expert, noted author and entrepreneur Rebecca "Becky" Bace has joined its board of advisors

Research and Development

How quantum computing could unpick encryption to reveal decades of online secrets (TechRepublic) The encryption we take for granted as being uncrackable would have a limited shelf-life in the quantum age, says a security expert

Security Patches, Mitigations, and Software Updates

Cisco patches Equation group exploit in IOS, IOS XE and IOS XR devices (CSO) Investigation of a leaked Equation group exploit lead to the discovery of a similar vulnerability

Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K (Threatpost) Facebook quickly resolved a vulnerability in its Business Manager tool late last month that could have let an attacker take over any Facebook page

Mozilla Patching Firefox Certificate Pinning Vulnerability (Threatpost) Mozilla is expected tomorrow to patch a critical vulnerability in Firefox’s automated update process for extensions that should put the wraps on a confusing set of twists surrounding this bug. The flaw also affected the Tor Browser and was patched Friday by the Tor Project

Microsoft won't bundle IE patches with new cumulative updates for Windows 7 and 8.1 (Computerworld) Browser updates will be delivered separately when new process starts Oct. 11

Cyber Attacks, Threats, and Vulnerabilities

Russia, Others Indeed Could Hack The Vote (Dark Reading) DHS official 'confident' in electoral system security, but offers security assistance to localities and urges vigilance

Social Media Now on Conflicts’ Front Lines (Foreign Policy Blogs) The global growth of social media has been so fast, and the effect of ‘trending’ so widespread, that even this observation is outdated

ISIS's Deadliest Weapon Is the Idea of Heaven (RealClear World) Islamic State’s taunt that “we love death more than you love life” was always a threat as well as a fact

Cyber hackers publish medical data for Farah, Nadal and Rose leftright 3/3leftright (Reuters) Olympic champions Mo Farah, Rafael Nadal and Justin Rose were among athletes targeted on Monday in the latest leak of confidential medical documents that the world anti-doping agency (WADA) says were hacked by a Russian cyber espionage group

324,000 payment cards breached, CVVs included, source still unknown! (Naked Security) About two months ago, a Twitterer going by 0x2Taylor announced a sizeable data dump

Spyware Targeting Overseas Travelers Removed from Google Play (Threatpost) Google booted four spyware-laced apps from Google Play that targeted oversees travelers seeking embassy information and news for specific European countries

BENIGNCERTAIN-like flaw affects various Cisco networking devices (Help Net Security) The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products – and they found one

Cisco warns of another 'Shadow Brokers' leaked zero-day (IT News) PIX firewall flaw being exploited

Xiaomi smartphones come equipped with backdoor (Help Net Security) When you buy a new mobile device with certain apps already pre-installed on, you’re effectively forced to trust that the device maker or reseller (depending on who pre-loaded the apps) is not up to anything shady or try to remove them (sometimes you can’t)

Microsoft snubs alert over Exchange hole (Rgister) It only applies to 'compromised' servers, says Redmond

What’s The Risk? 3 Things To Know About Chatbots & Cybersecurity (Dark Reading) Interactive message bots are useful and becoming more popular, but they raise serious security issues

Mobile users actively spammed from compromised iCloud accounts (Help Net Security) Spammers have been compromising North American Apple users’ iCloud accounts, and using them to send spammy text messages to mobile users in China

iSpy Keylogger (Zscaler) Keyloggers have always been present in attackers’ toolkits. They give attackers the power to record every keystroke from a victim’s machine and steal sensitive information

Trend Micro warns NZ & Australian firms about Crysis ransomware (Security Brief) New Zealand and Australian businesses are being warned to watch out for Crysis ransomware, which operates through remote desktop protocol (RDP) attacks

Ransomware families and volume of attacks continue to rise (Help Net Security) Both the number of variants of ransomware and volume of malware attacks were on the rise in August, according to Check Point

Is your connected car open to cyber attack? (Stuff Motoring) Technology in today's cars is so hackable that those aboard are now at physical risk of their vehicles being intentionally crashed, warns a leading New Zealand cyber-security company

US Election 2016: 3 Privacy threats to voter data this campaign season (HackRead) oday, politicians are tracking voters’ every move on social media, including Facebook “friends” and “likes,” YouTube views, LinkedIn activity, Pinterest pins and so much more. They’re also able to get their hands on information such as which magazines voters subscribe to and which charities they donate to. Creepy – but legal. Andrew Hay, CISO of DataGravity, believes that the collection of data isn’t what voters should be worried about – they should be more concerned with the security behind it. Are politicians taking the necessary steps to make sure voters’ data is secure?

Academia

Turnbull kicks off AU$4m digital literacy school grants (ZDNet) The federal government has launched its 2016 Digital Literacy School Grants program to find projects that demonstrate new methods for enhancing digital literacy in schools

Top Colleges For Cybersecurity (Dark Reading) Check out these respected post-secondary U.S. cybersecurity education programs at both undergraduate and graduate levels

Litigation, Investigation, and Enforcement

What we know about the suspect in the New York, N.J. bombings: Ahmad Khan Rahami (Washington Post) The man arrested by authorities Monday in connection with bombings in New York and New Jersey is named Ahmad Khan Rahami, 28, a U.S. citizen who was born in Afghanistan, according to authorities

How Police Trace Cellphones in IEDs Like the Ones in NYC (Wired) A cellphone makes a convenient detonator for an improvised explosive device. But it’s also one of the most conveniently trackable devices under the eye of American law enforcement

Minnesota Mall Stabbing Could Be Realization of Terror Fears (MIlitary.com) Authorities are investigating the stabbings of nine people at a Minnesota mall as a potential act of terrorism, a finding that would realize long-held fears of an attack in the immigrant-rich state that has struggled to stop the recruiting of its young men by groups including the Islamic State

Undercover FBI Agent Busts Alleged Explosives Buyer on the Dark Web (Motherboard) The FBI has arrested a Houston man who allegedly tried to purchase explosives from the dark web, according to court documents unsealed in the Southern District of Texas on Monday. Cary Lee Ogborn, 50, is charged with attempting to transport explosives with the intent they be used to kill, injure, or intimidate an individual or damage or destroy a building or vehicle

FBI May Seek Legal Action Against Russian Hackers (Dark Reading) US government under pressure to take action against cyberattackers believed to be part of Russian intelligence groups, say sources

Password-protect your Wi-Fi hotspots and ask for user details too, rules ECJ (Naked Security) Europeans who provide Wi-Fi hotspots aren’t liable for copyright violations by the strangers who use them, according to Europe’s top court

Man accused of Children's cyber attack speaks out (WXFT) The wife of the man accused of a cyber-attack on Boston Children’s Hospital says her husband tried many other routes before the attack

High-ranking official at Cyber Command Center arrested on child pornography charges (WFXG) A high-ranking official at the U.S. Army Cyber Command Center of Excellence at Fort Gordon is behind bars, facing child pornography charges

Design and Innovation

The Future Of AI-Based Cybersecurity: It's Here Now (Dark Reading) The concept of artificial intelligence may conjure up a future of scary robots for some. But fear not, because AI can help us better identify cyberthreats faster. Stuart McClure, president and CEO of Cylance, discusses just how far AI has come in helping companies determine not just the existence of threats, but how malware and zero-day intrusions make their way into our systems

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security Conclave India (SCSC) Conference and Exhibition (Hyderabad, India, September 22 - 23, 2016) Understanding the intensity and effects of growing cyber frauds, SCSC – Society for Cyberabad Security Council has come up with the very first edition of the Annual Cyber Security Conclave in 2015. This event is exclusively designed to create a mutual platform for experts and the public to come together and share knowledge on one pestering issue – cyber-crime and how to keep yourself within the boundaries of cyber security.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

upcoming Events

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company " for insider threat program development training.

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and business practices to make them safe in an era with quantum computers. Attendees and presenters will include leaders from the fields of post-quantum (quantum resistant) cryptography, quantum key distribution (QKD), theoretical and commercial integration of cryptography and security tools, first-adopters of quantum-safe tools from industry and government, and members of standards bodies. Anyone interested in joining the growing community that is working to mitigate the quantum risk and creating quantum safe cryptosystems for the future should attend this workshop.

AFA AIr, Space, and Cyber Conference (National Harbor, Maryland, USA, September 19 - 21, 2016) The Air Force Association’s Air, Space & Cyber Conference is the must-attend event by Airmen each fall. This annual gathering provides attendees with an unrivaled platform to debate and discuss the most pressing trends and topics shaping the defense industry

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.