The CyberWire Daily Briefing 09.23.16

Summary

By The CyberWire Staff

Rumors of several months' standing that Yahoo! had sustained a significant breach were confirmed yesterday afternoon when Yahoo! disclosed that user account information was stolen from its networks by what the company described as "a state-sponsored actor." The breach was discovered when the company began investigating dark web chatter that a large tranche of Yahoo! account credentials was being hawked by the criminal known as "Peace."

It turns out that the actual breach was far larger than anything claimed by Peace (and indeed whatever Peace has is probably unrelated to the compromise disclosed yesterday). More than 500 million customer accounts were copied and stolen in late 2014. The stolen data are not thought to contain any credit card or other financial information, but they do include passwords, security questions, and the like.

Yahoo!, which has been struggling in recent years, had apparently achieved what analysts characterized as a "soft landing" in its agreement to an acquisition of its core business by Verizon. That acquisition is now, as the Washington Post notes, under a "cloud." It may still go through, but the deal will certainly receive additional scrutiny. Verizon learned of the breach Tuesday.

Leading Congressional Democrats warn Russia against attempting to influence US elections.

Reuters reports that investigation into the Shadow Brokers' leak of apparent US NSA hacking tools is focused on the theory that an NSA operator inadvertently left the tools exposed on a server.

KrebsOnSecurity remains offline as we write. Akamai will no longer provide Krebs DDoS-resistant hosting.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting European Union, India, Russia, Singapore, United Kingdom, and United States.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll look back at the week just ending, and talk with experts in the field: Emily Wilson from Terbium Labs explains the importance of reputation on the Dark Web, and our guest Brian White of RedOwl discusses the nature of the insider threat. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

CYBERSEC - European Cybersecurity Forum (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC Forum is the first conference of its kind in Poland and one of just a few regular public policy conferences devoted to the strategic issues of cyberspace and cybersecurity in Europe.

Selected Reading

Cyber Trends

Rise of cyber attacks against the public sector (Help Net Security) The use of information and communication technologies in the public sector, specifically online government services, is a key factor for being targeted by cybercriminals. Technological advances have made it possible to store personal data in digital format, a great benefit to users, but also a highly-prized target

40 Percent of Organizations Store Admin Passwords in Word Documents (eSecurity Planet) Still, 55 percent say they have evolved processes for managing privileged accounts, a recent survey found

Legislation, Policy and Regulation

Juncker intervenes over technology red tape (Engineering and Technology) Business lobbies were annoyed at a European Union (EU) proposal requiring authorisation for the export of mobile phone interceptions equipment, location tracking devices, data retention systems and deep packet inspection systems. The president of the commission has paid heed

Senators renew calls for cyber deterrence (FCW) Senators continue to press the Obama administration to take more assertive action against Russia for its alleged hacking of U.S. political and election systems

Homeland Security issues call to action on IoT security (Network World) Growing national dependency on internet of things requires swift action on security front, DHS official says

Dateline

"Navigating Today’s Cyber Security Terrain:" Advice for Enterprises (The CyberWire) This conference offered the intelligent leader responsible for an enterprise's cyber security useful insights into negotiating the current landscape of threats and defensive measures—executives and entrepreneurs concerned about the realities of what they face in cyberspace received a lot of good advice. Much of it concerned error, and how to avoid it. Some of the advice was encouraging and some of it was dismaying; some of it was expected, but much was surprising

Products, Services, and Solutions

ThreatConnect Adds RSA NetWitness Suite Integration to its Intelligence Platform (ThreatConnect) With ThreatConnect and RSA, use validated threat intelligence to easily spot trends and patterns

Level 3 Launches Adaptive Threat Intelligence (Light Reading) Adaptive Threat Intelligence, the latest security solution from Level 3 Communications, provides customized threat intelligence and alerting for customers. The cloud-based service builds on Level 3's portfolio of flexible, efficient security solutions. It is available in all regions

Use This Tool To Find Your Personal Data On The Dark Web (Fossbytes) An information security company Terbium Labs claims to find your personal data, if it exists, on the dark web. Their product Matchlight compares your search queries with the fingerprint database stored on the company’s server. The process remains private, even Terbium doesn’t know what data you’re trying to find

Palo Alto Networks and Singtel Team Up to Help Organizations Prevent Cyber Breaches in Asia Pacific with New Managed Security Service (PRNewswire) New Singtel Advanced Threat Prevention Service to be initiated in Singtel's Advanced Security Operation Centre in Singapore

Wedge Networks to provide massively scaled Cylance AI security solution (Security Brief) Wedge Networks is a successful start-up that has traditionally focused on security for telcos. More precisely it produced highly scalable tools that enabled huge amounts of network data traffic to be scrubbed clean. This enables telco service providers to offer clean internet connectivity to their clients with virus and malware threats already removed

Lightcyber eliminates breach detection gap for Amazon (The Stack) Lightcyber, an Israeli security company specializing in behavioral attack detection (BAD) services, announced today that it has created BAD services specifically for Amazon, to close the breach detection gap in AWS cloud and hybrid cloud data centers

How This Cloud-Based Security Tool Protected The Super Bowl From Hackers (Fast Company) ProtectWise says handling security analytics in the cloud lets it store more data and move faster than its competitors

Lastline and PhishMe Integrate Solutions to Combat Phishing Attacks (MarketWired) Industry leaders team to elevate enterprise phishing detection and response

No more hiding behind a cloud (Cambridge News) Darktrace, the Cambridge company which can nip cyber threats in the bud, has come up with the goods for everything stored in the cloud

Bitdefender adds ransomware protection (IT Wire) Security software solutions provider Bitdefender has announced a number of features in its product line for 2017

Bugcrowd Partners With NCC Group to Simplify Access to Bug Bounty Programs for Enterprises (MarketWired) New partnership provides bundled solutions for private and public bug bounty programs

Technologies, Techniques, and Standards

FTC Releases Video With Data Breach Recovery Advice (Dark Reading) The US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed

6 expert tips to better secure third-party network access (CSO) Survey shows that enterprises are not worrying enough about outside access to their networks

What Is Threat Intelligence? Definition and Examples (Recorded Future) Threat intelligence is the output of analysis based on identification, collection, and enrichment of relevant data and information

Who you gonna call when the crisis comes (CSO) There will be times in your career when you know that you will face a crisis. These will be times when things will go horribly and irretrievably wrong. The breach news from Yahoo yesterday is a perfect example. One question that I ask folks over and over again is, “What’s your incident response plan and have you tested it?” This will usually illicit a wide variety of responses. Seldom are they 100% positive but, better than I could have hoped for in many cases

5 simple ways you can protect yourself from phishing attacks (We Live Security) As a report from the Anti-Phishing Working Group (APWG) revealed earlier this year, there has been a notable rise in the number phishing attacks. It’s a widespread problem, posing a huge risk to individuals and organizations (there were, for example, more attacks in Q1 2016 than in any other quarter in history)

Air Force sees progress in hardening its weapons against cyber attack, despite no new funding (Federal News Radio) The Air Force is beginning to see glimmers of progress under a sweeping plan that aims to eventually give its weapons systems the same amount of cybersecurity attention the service devotes to its traditional IT networks. But the effort is likely to take between five and seven years, partially because, at least for now, there’s little-to-no money behind it

Marketplace

Report: Twitter wants to sell; potential suitors include Google, Salesforce (Ars Technica) After struggling to grow users and revenue, Twitter's board is interested in a sale

Imperva Said to Draw Acquisition Interest From Cisco, IBM (Bloomberg) Security-software company working with Qatalyst to find buyer. Forcepoint, Akamai also have expressed interest in Imperva

Apple acquires an Indian startup to boost its artificial intelligence game (MobileSyrup) While Apple is reportedly in talks to acquire automaker McLaren, according to TechCrunch, the Cupertino-based tech giant recently snagged an Indian machine learning startup called Tuple

GCHQ, DCMS, Telefonica Team Up to Develop Cyber Security Start-ups (Infosecurity Magazine) The UK government has announced an initiative that will see it join forces with some of the country’s hottest start-ups to develop technologies that will help protect the UK from cyber attacks

Virginia Cybersecurity Startup Accelerator MACH37 Inducts Its New Class (DCInno) 40 startups have graduated the program so far

Should You Be Worried About FireEye? (Seeking Alpha) Momentum traders are signaling that FireEye might be oversold. FireEye’s product portfolio can keep the fire burning. Investors need to wait for a strong value indicator before testing the waters

BlackBerry Collaborates with Zimperium on Mobile Security (Zacks) BlackBerry Ltd. (BBRY - Free Report) recently announced that it has partnered with Zimperium Inc. to enhance mobile security for enterprise and government customers. This deal also highlights BlackBerry’s growing focus on software services as a major source of revenues. Zimperium is well known as a provider of mobile threat detection platforms

Cylance® Named Fastest-Growing Private Cybersecurity Company in the Inc. 5000 with more than 7,000% Growth over Three Years (Cylance) Prestigious Inc. 5000 list ranks Cylance No. 26 overall, No. 7 in all of California and the only cybersecurity company in the top 100

Research and Development

Mystery text’s language-like patterns may be an elaborate hoax (New Scientist) A simple cryptography method can produce the unusual language-like features of a mysterious manuscript from the Middle Ages. The finding suggests that the famous Voynich manuscript may be an elaborate hoax, not a secret language to be decoded

Security Patches, Mitigations, and Software Updates

Drupal Patches Three Vulnerabilities in Core Engine (Threatpost) Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical, according to an advisory posted by the Drupal security team

Cyber Attacks, Threats, and Vulnerabilities

An Important Message About Yahoo User Security (Yahoo!) We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what we believe is a state-sponsored actor

Yahoo says half a billion accounts breached by nation-sponsored hackers (Ars Technica) One of the biggest compromises ever exposes names, e-mail addresses, and much more

Yahoo data breach is among the biggest in history (CNBC) At least 500 million user accounts have been stolen from Yahoo, the company confirmed on Thursday

The massive Yahoo hack ranks as the world's biggest -- so far (CSO) Huge breaches can give hackers a door into other sites

Hackers have a treasure trove of data with the Yahoo breach (CSO) The data breach affects at least half a billion Yahoo accounts

Yahoo uncovered breach after probing a black market sale (CSO) Security experts have been questioning why Yahoo took so long to warn the public

Yahoo Says Information on at Least 500 Million User Accounts Was Stolen (Wall Street Journal) Internet company says it believes the 2014 hack was done by a ‘state-sponsored actor’

Yahoo data breach casts ‘cloud’ over Verizon deal (Washington Post) Yahoo on Thursday reported the largest data breach in history — affecting at least 500 million user accounts — months after first detecting signs of an intrusion that the company blamed on "state-sponsored" hackers

Verizon only learned about Yahoo's massive data breach 2 days ago (CNN Money) Yahoo users aren't the only ones digesting the news about the company's massive data breach

Verizon learned of massive Yahoo data breach just two days ago (Computerworld) Analysts: Full liability should be determined before carrier finishes its $4.8B acquisition

Yahoo-Verizon deal may be complicated by historic hack (CNBC) Yahoo faces fallout from lawmakers, users and even Verizon following what could be the biggest data breach in history

Repercussions of the massive Yahoo breach (Help Net Security) Yahoo has announced on Thursday that they have suffered a breach and that account information of at least half a billion users has been exfiltrated from the company’s network in late 2014

Bear on bear (Economist) What’s worse than being attacked by a Russian hacker? Being attacked by two

It's 'tradition' in Russia to tamper with elections says top US intelligence chief (International Business Times) Kremlin-linked hackers have been accused of hacking a slew of US political groups

Top Dems: Russians Trying to Influence U.S. Election (NBC News) Russian intelligence agencies are trying to interfere with the U.S. presidential election, the top Democrats on the intelligence committee said Thursday

Top Democrats Tell Putin To Halt Hacking Of US Political Parties (Dark Reading) Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff

Someone Left The Data of 2.9 Million Louisiana Voters Online For No Reason (Motherboard) Someone accidentally left a database of 2,919,651 records of Louisiana voters online, in yet another leak of voter’s personal data

Exclusive: Probe of leaked U.S. NSA hacking tools examines operative's 'mistake' (Reuters) A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters

Cisco Warns of Command Injection Flaw in Cloud Platform (Threatpost) It’s already been a busy month of patching for Cisco Systems, and on Wednesday the networking giant rolled out nine more security updates addressing critical vulnerabilities across its core product lines

Biometric Skimmers Pose Emerging Threat To ATMs (Dark Reading) Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them

Brand-Associated Malicious Apps on the Rise (Infosecurity Magazine) The number of malicious apps piggybacking on famous UK brands has grown by 130% year on year, a new study has revealed

Massive web attack hits security blogger (BBC) One of the biggest web attacks ever seen has been aimed at a security blogger after he exposed hackers who carry out such attacks for cash

Akamai Kicks off Brian Krebs from its network after 665 Gbps DDoS attack (HackRead) A couple of days ago Brian Krebs’ blog suffered the largest DDoS attack in the history of Internet – now, his website has been offline probably because the Akamai/Prolexic can’t bear the cost of such attacks anymore

The era of big DDOS? (SANS Internet Storm Center) I have been tracking DDOS's for a number of years, and quite frankly, it has become boring. Don't get me wrong, I am not complaining, just stating a fact

Symantec Research Finds IoT Devices Increasingly Used to Carry out DDoS Attacks (Yahoo! Finance) Symantec Corp. (SYMC), the global leader in cyber security, today revealed new research demonstrating how cybercriminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create zombie networks, or botnets, unbeknownst to their device owners

BitSight Report Finds Ransomware Increases Across Six Industry Sectors (IBM Security Intelligence) The Department of Justice estimated that 4,000 ransomware attacks will occur every day this year, a 300 percent jump compared to 2015, according to Forbes. But the overall number of attacks does not tell the whole story. Even though certain installations, like health care facilities, have suffered high-profile infections, the story of how ransomware is affecting enterprises may be lost in the sheer volume of attacks

5.5 million employee credentials are available online from world’s largest companies (Computer Business Review) 97 percent of the 1000 largest companies have suffered compromise of employee credentials, comprising email and password combinations

Basic file deletion increases exposure to security risks (Help Net Security) The use of improper data removal methods and the poor enforcement of data retention policies have created the perfect storm for confidential, oftentimes sensitive data to be lost or stolen, according to Blancco Technology Group

Hacker attack on satellites could plunge the world into ‘Mad Max' (New York Post) Real-life Star Wars may not be only for a galaxy far, far away, an explosive new report finds

Medical devices: Many benefits, but many insecurities (CSO) Medical device security has a long way to go, according to multiple speakers at the Security of Things Forum this week in Cambridge, Mass. But in most cases, they said, the benefits still outweigh the risks

Litigation, Investigation, and Enforcement

Congress to Reddit: Preserve purported posts of Clinton’s e-mail admin (Ars Technica) /r/Conspiracy leads to the Oversight Committee demanding Paul Combetta's alleged posts

Aide who set up Clinton e-mail held in contempt by House committee (Ars Technica) "Subpoenas are not optional," said Committee Chairman Jason Chaffetz (R-Utah)

GOP to CFPB: You Don't Deserve Credit for Catching Wells Fargo (American Banker) Republican lawmakers are pushing back against claims by the Consumer Financial Protection Bureau's allies that it rooted out fraud at Wells Fargo, arguing the L.A. City Attorney and the Los Angeles Times brought the situation to light

Jury says Sophos owes $15 mln for using Finjan cybersecurity tech (Reuters) British software security company Sophos Ltd infringed five patents held by licensor Finjan Holdings, a federal jury has found, awarding $15 million in damages

BWL cyberattack bills reach nearly $2M (Lansing State Journal) City-owned utility received nearly $2 million in invoices and purchase agreements to address ransomware attack, records show

University Student Arrested for hacking computer and changing grades (HackRead) Hacking your school’s computers is no ordinary feat and it is quite a risky job as well. This we have learned from Chase Arthur Hughes, who attempted to change grades by hacking into his school’s computers and modified his own as well as his four classmates’ grades

Design and Innovation

Fingerprints set to point way to email and online security (Financial Times) The need to remember huge numbers of online passwords will be replaced by using fingerprints to unlock not just smartphones but also websites and services, according to a new report

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia

upcoming Events

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA). hardwear.io is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper.

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential technological changes occurring around us, and the confidence to accelerate tangible next steps. Gigaom Change is designed to empower businesses of today to thrive in a world of tomorrow. Gigaom Change will focus on the seven most disruptive enterprise technologies that are widely known but little understood: Artificial Intelligence, Virtual Reality, Robotics, Nanotechnology, Cybersecurity, 3-D Printing, and Human-Machine Interface.

Cyber Security Conclave India (SCSC) Conference and Exhibition (Hyderabad, India, September 22 - 23, 2016) Understanding the intensity and effects of growing cyber frauds, SCSC – Society for Cyberabad Security Council has come up with the very first edition of the Annual Cyber Security Conclave in 2015. This event is exclusively designed to create a mutual platform for experts and the public to come together and share knowledge on one pestering issue – cyber-crime and how to keep yourself within the boundaries of cyber security.

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals for the implementation of the GPDR. Now we’re bringing the programme to London. Don’t miss this intensive, two-day guided tour of the GDPR with the industry’s most knowledgeable experts.

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information security and project management experts. Featuring a keynote speaker from the FBI Detroit Cyber Task Force. Also featuring speakers from the Dow Chemical Company, UHY LLP, Ally Financial, CBI, and more.

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.