The CyberWire Daily Briefing 09.22.16

Summary

By The CyberWire Staff

Deutsche Welle follows up reports of a spearphishing campaign against German political organizations with more expert assessment that the compromise was probably accomplished on behalf of Russian intelligence services. The Frankfurter Allgemeine quotes Thomas Rid as discerning "forensic evidence" that the hacks were linked to last year's intrusion into Bundestag networks. Many compare the incident to discovery in the US that Fancy Bear and Cozy Bear had the Democratic National Committee's emails. The German incidents disclose no obvious ideological angle, as both the center-right CDU/CSU and the Moscow-aligned Left Party were affected, but there's either a deeper game or an unselective collector's passion at work here.

Legislation introduced yesterday into the US House seeks to address election security, but observers are skeptical that a critical infrastructure designation will have much effect. The proposed bill would significantly Federalize US elections, and, while mandating certain security measures (air-gaps and paper backups) it appears aimed significantly at preventing purges of ostensibly ineligible voters from the rolls.

Russian intelligence services are undergoing a reorganization. President Putin has announced the impending unification of the SVR (foreign intelligence) and FSB (security) into a Ministry of State Security.

Investigation of last weekend's bombings around New York suggests to many observers that the "lone wolf" metaphor is inapt: the suspect shows signs of conscious connection to ISIS inspiration. A lone wolf is an aberration, since wolves are pack animals—if the wolves are within earshot of the howling, they're still in the pack, no matter how physically dispersed.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, Estonia the European Union, Germany, India, Iraq, Israel, Russia, Taiwan, United Kingdom, and United States.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Ben Yelin, of the University of Maryland's Center for Health and Homeland Security--he'll talk us through the debate over a Presidential pardon for Edward Snowden. Our guest today is Steve Durbin, managing director of the Information Security Forum. And, of course, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

CYBERSEC - European Cybersecurity Forum (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC Forum is the first conference of its kind in Poland and one of just a few regular public policy conferences devoted to the strategic issues of cyberspace and cybersecurity in Europe.

Selected Reading

Cyber Trends

Navigating the muddy waters of enterprise infosec (CSO) Information security finally has executives’ attention, but aligning with business needs is still challenging

Ponemon study: business innovation and IT security often do not go hand in hand (SC Magazine) New research from the Ponemon Institute in partnership with Micro Focus claims business innovation and IT security often do not go hand in hand

How Cloud, Mobile Are Changing IT, Security Management: Study (Dark Reading) The evolution of technology is changing the role of IT and security pros as more employees use cloud apps and connect personal devices to corporate networks

Rand Study: Average Data Breach Costs $200K, Not Millions (Dark Reading) Rand taps insurance data and other sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average

Enterprises: Only paying attention to big-name hacks? You may be missing the point (Lookout Blog) Security professionals are more likely to pay attention to breaches if the companies being breached already have recognizable names

Social Media and BYOD Are Biggest Internal Security Threats (Infosecurity Magazine) Access to social media and BYOD are the biggest internal security threats businesses face, while organized cybercrime is the greatest external threat, according to a new report from fraud specialists Callcredit Information Group

Bad Security Habits Persist Despite Rising Awareness (Infosecurity Magazine) While the huge number of cybersecurity incidents are helping to raise awareness of security best practice, many organizations are persisting with bad habits that leave them exposed to hackers and data breaches

IBM: Employees, not outsiders, are responsible for majority of cyber threats (Healthcare IT News) 60 percent of all breaches in 2015 were caused by insiders, such as contractors and third-party vendors. And two-thirds of these attacks are fueled by malicious intent

Majority Of Major Corporations Have User Credentials Stolen And Exposed (Dark Reading) Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows

Legislation, Policy and Regulation

Putin Has Finally Reincarnated the KGB (Foreign Policy) Twenty five years after the end of the Cold War, the Soviet Union’s most infamous spy agency is back in all but name

From Estonia, lessons for the Age of Cyberwar (Christian Science Monitor Passcode) Attackers crippled Estonia's digital networks in 2007. Since then, it has shored up cyberdefenses while expanding connectivity to every corner of daily life

MI6 to recruit hundreds more staff in response to digital technology (Guardian) Worldwide intelligence agencies increasingly rely upon internet and social media rather than running of agents

India's Insurers Face New Security Mandates (InfoRisk Today) Critical customer data must be stored domestically

We have to start thinking about cybersecurity in space (Help Net Security) With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security experts’ minds

Opinion: Two Roads Diverged in Cyberspace (Chertoff Group Point of View) Two roads diverge in cyberspace. In one direction lies a free and open internet, marked by the global flow of data and ideas. In the other, lies a fractured network balkanized along national or regional lines, with restricted flows and an authoritarian character

CYBERCOM not involved in most incidents (C4ISRNET) Despite the fact the U.S. military has a component fully dedicated to cyberspace, this command is typically not involved in the majority of major cyber incidents that occur

Federal CIO Survey: It's Cyber, then Everything Else (Nextgov) In the wake of the Office of Personnel Management hack last year that compromised millions of Americans’ personal information, the government’s top tech officials have made cybersecurity their top priority and concern heading into the 2016 election

Officials Are Scrambling to Protect the Election From Hackers (Wired) As the United States barrels toward November elections, officials are still looking for last-minute fixes to ensure that the patchwork of voting technology used around the country can fend off the increasingly troubling prospect of hacker attacks

Influencers: Calling it 'critical infrastructure' won't protect the vote (Christian Science Monitor Passcode) While US officials and politicians have suggested designating election systems as critical infrastructure in the aftermath of the Democratic National Committee hack, 62 percent of Passcode's Influencers said that's not enough to safeguard voting from hackers

Dateline

Navigating Today’s Cyber Security Terrain (COMPASS Cyber Security) Cyber Security has become a pivotal topic for executives from every industry. We hear of new breaches every month, leaving many executives wondering 'Am I doing enough to protect my organization’s data?' Join us for the 3rd Annual Senior Executive Cyber Security Conference, hosted by COMPASS Cyber Security and Johns Hopkins University Information Security Institute, to discuss the current cyber security landscape and how organizations can work to reduce their risk of a breach

Products, Services, and Solutions

CrowdStrike Falcon Platform Achieves Independent Validation for HIPAA Compliance (CrowdStrike) CrowdStrike Falcon is the first next-generation endpoint security solution to address eight key technical requirements

Aligning Cyber Framework with Organization's Strategy, Goals (BankInfo Security) Audio report: ISMG editors analyze the latest developments

BeyondTrust Announces Free API for Password Management (BusinessWire) Offers developers flexibility and security by eliminating hard-coded passwords

Device Authority Announces KeyScaler IoT Security Platform (Top Tech News) KeyScaler™ converges Device Authority and Cryptosoft security solutions and adds policy-driven key & certificate management

Coretelligent Offers CylancePROTECT for Cybersecurity Threat Detection and Prevention (BusinessWire) Partnership expands Coretelligent’s security offerings with next-generation antivirus capabilities from Cylance

Bitdefender keeps ahead of the race with new cybersecurity tools (Security Brief Asia) Bitdefender has received a new update, new capabilities and new network security that the company helps will aid in the battle against cyber threats

Cybrary Launches Cybersecurity Micro-Skills Certification ProgramBy PR Rocket on September 21, 2016 (Press Release Rocket) MOOC provider actively combating talent gap via the largest cybersecurity community on the Internet

ShieldSquare Bot Detection vs. Web Application Firewalls (ShieldSquare) At least 50% of the Web traffic is composed of bots

Trend Micro Launches Security Plug-in for LabTech by ConnectWise (BusinessWire) Enabling Managed Service Providers (MSPs) to deliver security directly through their existing solution

Thales cybersecurity white papers for the rail industry (Railly News) Thales cybersecurity white papers for the rail industry : To further ensure secure and stable operations, it is of major importance for transport providers to improve their knowledge about cybersecurity in the transportation sector

Kaspersky Lab announces completion of its machine-readable threat intelligence platform (Business Standard) Kaspersky Lab is proud to announce completion and full availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range

Technologies, Techniques, and Standards

National Health ISAC Calls For Collaborative Vuln Disclosure (Dark Reading) St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium

OPM using log files to fight insider threats (FedScoop) Data masking is another of the agency's big pushes right now to defend against insider threats

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack (Dark Reading) This slightly modified model is a practical way to keep attackers out of your systems

Homomorphic Encryption: A New Potential For Cryptography (DataBlog) The need to protect data from unauthorised access is an old story

Plan now for the EU's privacy regulation revolution, says HPE exec (CSO) The EU's personal data protection laws don't change until May 2018, but HPE is launching its compliance tools now

As migration anniversary approaches, only a third of retailers accept chip cards (CSO) A year past the start of the EMV liability shift, two-thirds still haven't done so

Over 6,000 vulnerabilities went unassigned by MITRE's CVE project in 2015 (CSO) The CVE system is faced with bottlenecks and coverage gaps, as thousands of vulnerabilities go without CVE-ID assignments

Marketplace

14 cutting edge firms funded by the CIA (Stamford Advocate) The Central Intelligence Agency has its own investment capital arm, and it's been pumping money into some of Silicon Valley's most innovative companies for years

WISeKey Completes the Acquisition of INSIDE Secure Semiconductor Business and Integrates Vault IC to its Vertical Cybersecurity Platform (BusinessWire) Creating the first ever comprehensive trusted end-to-end vertical cybersecurity platform for people and objects (IoT)

How Risky Is Palo Alto Networks Inc.? (Motley Fool) With its stock price once again on the rise, the data security upstart’s shareholders could be in for a wild ride

Singtel invests $7.9m in security services (Singapore Business Review) The investment is for a 2-year contract with Secura Group

Accelerating Growth Globally, Four Communication Security Experts Join KoolSpan TrustCall Team (BusinessWire) Encrypted communications experts, TK Eppley, Mark Pearson, John Puente and Paul Wood, join leading global secure calling and messaging solution provider

Changes in Executive Management Team at SSH Communications Security (Globe Newswire) Mr. Chris Riley has been appointed as Vice President of Sales, North America of SSH Communications Security

Security Patches, Mitigations, and Software Updates

SWIFT Announces Fraud Pattern Detection Controls (Data Breach Today) 'Daily Validation Reports' will provide out-of-band view of messages

OpenSSL Update Released (SANS Internet Storm Center) As announced earlier this week, OpenSSL released an update today for all currently supported versions (1.0.1, 1.0.2, 1.1.0)

macOS 10.12 Sierra: The Ars Technica review (Ars Technica ) Apple's desktop operating system once again plays second fiddle to iOS

Google weakens Allo privacy promises (Naked Security) When Google first announced its new messaging app, Allo, earlier this year, it sounded like a win for privacy: it would feature end-to-end encrypted chat, a la WhatsApp and Messenger, and hold onto messages only until they’d been delivered. But by the time Google launched Allo on Tuesday, one of those privacy promises had unraveled

Who on earth would want to use Google's Allo chat app? (Graham Clulely) ‘Allo ‘allo. Logging all conversations by default? That sounds bad

A Frustrating Conversation About Privacy With Google's New Allo Chatbot (Motherboard) With news that Google has backtracked on its promise to not log all conversations by default on its new chat app Allo, I decided to take its next-generation artificial intelligence for a spin

Cyber Attacks, Threats, and Vulnerabilities

Signs point to Russia in cyberattacks on Germany (Deutsche Welle) As more details emerge, experts say the "spear phishing" scheme against German politicans and institutions has the hallmarks of Russian intelligence. The German government is staying tight-lipped

The Canadian Government Has Funded a Notorious Censorship Company for a Decade (Motherboard) While Justin Trudeau is busy promoting the image of a newly enlightened Canada on the world stage, a company headquartered in Waterloo, Ontario is allegedly silencing dissidents and religious minorities in Bahrain by censoring the internet on behalf of that country’s repressive government

Signs of panic and rebellion in the heart of Islamic State’s self-proclaimed caliphate (Washington Post) The graffiti that appeared on a wall near the mosque in Mosul where the Islamic State leader declared his caliphate two years ago was a small but symbolic act of rebellion

KrebsOnSecurity Hit With Record DDoS (KrebsOnSecurity) On Tuesday evening, KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed

PoodleCorp DDoS Blizzard Servers Twice in Last 24 Hours (HackRead) PoodleCorp is back with a bang, this time, Blizzard servers are facing the wrath of this ruthless ddosing group

Hackers claim they breached Aussie point-of-sale tech firm, try to sell 'customer DB' (Register) Claim to have backdoored supplier to Woolworths' pub chain

Yahoo 'expected to confirm massive data breach', says Recode (Graham Cluley) "Several hundred million user accounts” reportedly impacted

Ransomware attacks increasing in Taiwan: Trend Micro (Focus Taiwan) Trend Micro Inc. (趨勢科技), a leading global software security company, said Wednesday that ransomware attacks have been escalating in Taiwan, registering 2 million over the past six months

Why Is Ransomware So Successful? (InfoRisk Today) Attackers taking advantage of security misssteps, says Trend Micro's Raimund Genes

Security Bulletin: IBM WebSphere MQ Invalid client protocol flows could cause denial of service (CVE-2016-0379) (Aus-CERT) An invalid MQ client protocol flow could cause a memory access violation on the server which could impact other channels running in the same process

Fortinet Fortiwan up to 4.2.4 Getconn.php IP Cross Site Scripting (Vuldb.com) A vulnerability was found in Fortinet FortiWan up to 4.2.4. It has been classified as problematic. Affected is an unknown function of the file script/statistics/getconn.php. The manipulation of the argument IP with an unknown input leads to a cross site scripting vulnerability. This is going to have an impact on integrity

Advisory: Accellion File Transfer Appliance Vulnerability (Devcore Blog) Accellion File Transfer Appliance (FTA) is a secure file transfer service which enables users to share and sync files online with AES 128/256 encryption. The Enterprise version further incorporates SSL VPN services with integration of Single Sign-on mechanisms like AD, LDAP and Kerberos

Dropbox 'Hacks' Macs, Developer Warns (InfoRisk Today) Dropbox defends SQL trick, saying desktop app needs broad permissions

Demonstration of a destructive cyber attack vector on “air-gapped” systems (Control: Unfettered Blog) All too often, people claim their systems are air-gapped, and therefore have no cyber vulnerability. But Alternating Current (AC) power cords cross the ostensible “air gap”, and power supplies for laptops, servers, ICSs, etc. have rarely been addressed for cyber security vulnerabilities

Malware Evades Detection with Novel Technique (Threatpost) Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment

Bug that hit Firefox and Tor browsers was hard to spot—now we know why (Ars Technica) The curious case of Firefox's (now fixed) certificate pinning failure

Hackers sell tool to spread malware through torrent files (CSO) Popular torrent files, especially games, have been found packaged with malicious coding

SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool (Threatpost) SWIFT’s chief information security officer said Wednesday that the cooperative is still seeing cases where its customers’ environments have been compromised

$81m cyber heist highlights gap between attacker and defenders, says Swift (ComputerWeekly) Secure messaging service Swift was surprised by the gaps in banks’ cyber security practises highlighted by mega cyber heist, says CISO Alain Desausoi

Why Employees Really Shouldn't Use Their Work Emails for Dating Sites (Fortune) Data breaches are making it riskier business than usual

University of Ottawa gets failing grade in data breach (CSO) The University of Ottawa has found itself the subject of an investigation regarding a potential data breach. According to news reports, the information of some 900 students may have been exposed when an external hard drive went missing

Academia

University College London Announces Blockchain Security Student Paper Thesis Competition (CoinDesk) http://www.coindesk.com/press-releases/blockchain-security-student-paper-thesis-competition/

Litigation, Investigation, and Enforcement

With terror in spotlight, government requests for Twitter data surge (Christian Science Monitor Passcode) Washington and other governments are working harder to blunt the spread of Islamic State propaganda and recruitment efforts on the web following terror attacks in the US and Europe

The New York Bomber Was Not a Lone Wolf (Foreign Policy) America's latest terror attack shows why its preferred metaphor to describe terrorism is usually a contradiction in terms

German police arrest Syrian teenager on suspicion of links to Islamic State (Reuters) German police arrested a 16-year-old Syrian at a refugee hostel near Cologne on suspicion of having contact with a supporter of Islamic State abroad and expressing his willingness to carry out a bomb attack, authorities said on Wednesday

Helping Police Solve Cybercrimes (InfoRisk Today) Panel of experts discusses ways to help law enforcement

'Pit bull' Secret Service cyber cop wins public service award (FedScoop) Jarrow Tate was the lead investigative agent in the JPMorgan Chase case, in which hackers based in Israel stole contact information for 80 million customers of the banking giant

Opinion: For the sake of privacy, pardon Snowden (Christian Science Monitor Passcode) While Edward Snowden's leaks damaged US national security, the disclosures also led to crucial surveillance reforms. A pardon would signal to the world the US has learned from its mistakes and respects internet freedom, privacy, and human rights

Washington Post takes heat for Snowden prosecution call (Phys.org) A Washington Post editorial arguing for the prosecution of intelligence leaker Edward Snowden has sparked an outcry in the media community—including from some of the newspaper's own journalists

Design and Innovation

Artificial intelligence: Leveraging machines to dissect ransomware DNA (IT Brief) Ransomware is a big thorn in the side of today’s digital economy

RIP Plaintext Internet (Digital Guardian) It is time to kill the plaintext Internet. Not next year, not a couple years down the line. Now

Bumble will soon let users get verified in an effort to squash impersonators (TechCrunch) For some reason certain people feel the need to create a dating profile using someone else’s pictures. Whether it’s done to impersonate someone else, bully someone or even just pull a prank, it happens more than you’d think

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

Global Institute CISO Series Accelerating the Rise & Evolution of the 21st Century CISO (Scottsdale, Arizona, USA, January 11 - 12, 2017) These intimate workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations. For Chief Security Information Officers, Chief Information Officers, and Chief Risk Officers, by invitation only (apply to attend).

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

upcoming Events

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection of cyber and three vectors – Autonomy, Physical Systems (Mfg), and Critical Infrastructure. Participants in the Summit will engage in conversations surrounding challenges, opportunities, threats, and the associated policy and budgetary implications.

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. – 4:00 p.m., on the Homewood campus of Johns Hopkins University. Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization's data. This year's agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards "shifting their data to being safe and secure."

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry Is Addressing Evolving Threats; Information Currency and Blockchain Vulnerability; Cyber Physical Systems, Cyber Infrastructure, and the Internet of Things; Government Agencies' Strategies for Securing Cyberspace; Cyber Risks of Smart Transportation; and Accelerating Cyber Education and Career Paths.

Cyber Security Conclave India (SCSC) Conference and Exhibition (Hyderabad, India, September 22 - 23, 2016) Understanding the intensity and effects of growing cyber frauds, SCSC – Society for Cyberabad Security Council has come up with the very first edition of the Annual Cyber Security Conclave in 2015. This event is exclusively designed to create a mutual platform for experts and the public to come together and share knowledge on one pestering issue – cyber-crime and how to keep yourself within the boundaries of cyber security.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Russian intelligence services seem responsible for hacking German political groups. Putin will combine SVR and FSB into a Ministry of State Security. US election security debate. ISIS lone wolves seem very much members of the pack.