The CyberWire Daily Briefing 09.27.16

Summary

By The CyberWire Staff

Yahoo! (its deal with Verizon still probable but now in doubt) attributed losing half-billion users' credentials to a "state-sponsored actor," but skeptical industry observers think PII inherently less interesting to states than intellectual property. That may be true, but one notes China's apparent interest in PII held by the US Office of Personnel Management (OPM) and Russia's apparent interest in White House and DNC email credentials. It's fair to say that, while blaming a nation-state for a hack is hardly an admission against interest, it's also entirely possible that US law enforcement agencies may have asked that Yahoo! refrain from saying too much about an ongoing investigation.

Venafi and others call the quality of Yahoo! encryption into question. Several class action suits are in progress, and many observers still have questions about the breach timeline—some think suspicion about a large breach may antedate "Peace's" dark net chatter about Yahoo! credentials for sale. The US Senate has invited the Securities and Exchange Commission to investigate.

Fancy Bear is poking at Western aerospace industry targets with a new Mac Trojan, "Komplex."

The FBI is investigating the exposure of apparent NSA tools released by the Shadow Brokers.

Netskope researchers warn against a new strain of Virlock ransomware. Virlock is now polymorphic—it both encrypts and infects—and it's particularly troublesome in a cloud, where it can spread through syncing and filesharing.

Users didn't much like Facebook's inspection of WhatsApp user data; now a German commissioner finds Facebook in violation of privacy laws.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, Cyprus, Estonia, India, Latvia, Lebanon, Lithuania, Netherlands, Russia, Switzerland, Ukraine, United Kingdom, and United States.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the Johns Hopkins University, as the redoubtable Joe Carrigan gives us news we can use: providing security support for our parents. And our guest is Kathleen Smith of ClearedJobs.net, who will comment on Intel's recent labor market study, "Hacking the Skills Shortage." As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

Maryland Cyber Day (Rockville, MD, USA, October 5, 2016) Highlighting and celebrating Maryland’s cybersecurity entrepreneurs, innovators and companies and connecting them with two vital tools for growth and success – investment capital and customers – from Maryland and beyond.

CyberMaryland Job Fair (Baltimore, MD, USA, October 20, 2016) Top companies looking for cyber security professional, cleared and non-cleared opportunities.

Selected Reading

Cyber Trends

Is Wall Street bad for cybersecurity? (Christian Science Monitor Passcode) After an investment firm released apparent digital flaws in a company's products to profit on Wall Street, experts worry that security researchers may prioritize quick gains over public safety

Mobile Fraud Changes Outlook for Multifactor Authentication (Dark Reading) SMS one-time passcodes just won't cut it anymore. We need new approaches that people will actually use

After Tesla: why cybersecurity is central to the car industry's future (CSO) The Tesla hack is the latest sign of trouble, says Adrian Davis of (ISC)2

How to mitigate hackers who farm their victims (CSO) Feeling raked over? You’re not alone; someone is probably probing your low hanging fruit right now

Opinion: Privacy isn't dead. Here's why (Christian Science Monitor Passcode) The 'Snowden' biopic is reviving the global privacy debate. But for anyone who thinks it's dead, the notion that individuals want control over their personal information is hardly passé

Cyberwar and the Future of Cybersecurity (ZDNet) Today's security threats have expanded in their scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly. And beyond that, cybersecurity will define many of the international conflicts of the future

Brits in Biometrics Boost as 20% Use Fingerprint Tech (Infosecurity Magazine) Over one fifth of the UK’s smartphone users now authenticate via their fingerprint, highlighting the growing influence of biometrics in cybersecurity, according to Deloitte

What worries US consumers and businesses the most? (Help Net Security) The Travelers Risk Index, an annual survey from The Travelers Companies, provides insight into the most pressing concerns of American consumers and business leaders

Legislation, Policy and Regulation

On the Cyber Frontier, Hacking Back is Ethical — and Even Desirable (Defense One) Governments could treat retaliatory cyberattacks as ‘frontier' incidents, which are not necessarily escalatory

The Cyber-War Era (AIJAC) The potential for Israel-Australia cooperation on a new kind of threat

Russian Hacking Claims Resurface In Trump/Clinton Debate (Radio Free Europe/Radio Liberty) Claims of Russian hacking resurfaced during the TV debate between presidential candidates Hillary Clinton and Donald Trump, with Clinton saying there was "no doubt" Russian was hacking various organizations in the United States and Trump responding "I don't think anybody knows it was Russia"

Trump: “The security aspect of cyber is very, very tough” (Ars Technica) Candidates face off during first presidential debate in New York

Donald Trump actually made a valid point, securing the internet is hard (CSO) That headline hurt to write, but he made a fair point

Cybersecurity is not receiving enough attention from presidential candidates (Help Net Security) Heading into the first presidential debate, 58 percent of Americans feel the presidential candidates are not paying enough attention to cybersecurity, according to LifeLock

Military intelligence cyber programs get boost from fund shift (Federal News Radio) The Defense Department is beefing up its cyber investments in the military intelligence arena by shifting some of its 2016 funds

Critics are skeptical of New York's proposed financial cybersecurity rules (CNBC) New York state is proposing regulations aimed at protecting your money from criminal hackers, and the initiative is already drawing criticism from Wall Street

Products, Services, and Solutions

FourV Systems Releases Enhanced Version of GreySpark for Managing IT Security Risk (BusinessWire) For the first time, security practitioners and business executives can speak the same language when discussing cyber risk in their enterprise

Microsoft announces new Office 365 Threat Intelligence (MS Power User) One of the main advantage Microsoft has over its rivals is their experience of running consumer and enterprise services at scale. They have several properties like Office 365, Outlook.com and Bing which gives them some distinct advantages from a security standpoint. With millions of activities going on in Office 365 at any given point in time, they have sea of signals from which they can surface anomalies to quickly identify, anticipate and mitigate real and potential threats

Microsoft pushes its three pillars at Ignite—security, intelligence, and cloud (Ars Technica) It's time for everyone to be all in on the cloud

Palo Alto Networks launches new cybersecurity guide for Australian execs (Security Brief) Palo Alto Networks is taking the cybersecurity fight to print as the company recently published its first book for Australian boards, executives and officers at government and other organisations

Fortinet Expands Security Fabric With New Technology Partner Program, SIEM Integrations (CRN) As part of a building integrated security strategy, Fortinet is extending its Security Fabric ecosystem with the launch of a new Fabric-Ready Partner Program for third-party vendor integration, the company said Monday

No, You Can’t Have a Minute – Avast’s New Call Blocker App Helps Users Avoid Unwanted Calls (BusinessWire) Avast Call Blocker gives iPhone users the ability to block spam and unwanted calls

FBI iPhone Hacking Partner Cellebrite Claims It Can Crack Nearly Any Smartphone (Hot Hardware) Security firm Cellebrite made headlines earlier this year when its services were employed by the FBI to help break into the phone of the San Bernardino shooter. Cellebrite recently invited a bunch of UK press to an event to show off what it's capable of

Valeo-Gemalto partners to turn your smartphone into car key (Economic Times) With Valeo InBlue, drivers can use their smartphone or connected watch to lock, unlock and start their car, control applications and remotely access useful vehicle data using Bluetooth

SafeBreach and Phantom Enable Enterprises to Get Ahead of the Breach With Its Complete Predict-and-Prevent Solution (MarketWired) SafeBreach integration with Phantom Security automation and orchestration platform preemptively discovers future attacks and prevents breaches

Lieberman Software Securely Manages Credentials and Access to Cloud and On-Premises Resources (MarketWired) Privileged identity management solution leverages OAUTH2, SAML and LDAP for secure authentication

AvePoint Unveils New Compliance Guardian Integration with Office 365 Data Loss Prevention at Microsoft Ignite 2016 (Benzinga) AvePoint Compliance Guardian mitigates privacy, information security, and compliance risk across information gateways, including Exchange Online, SharePoint Online, and OneDrive for Business

Bot Metrics gives developers the tools to measure and analyze their chat bots (TechCrunch) Bot Metrics, a San Francisco-based company that specializes in — you got it.. — metrics and analysis for chat bots has landed funding to help developers and early bot enthusiasts get a better understanding of their services and users

Technologies, Techniques, and Standards

Ransomware: Coming To A Hospital Near You? (Dark Reading) 10 ways to protect healthcare systems from ransomware and other malware infections

Incident response survival guide (Help Net Security) All organizations are impacted by a security breach at some point

Cyber advice for Hill staffers (FCW) On Capitol Hill, every lawmaker's office has its own network, which makes cyber hygiene especially complicated for staffers

10 ways to secure a mobile workforce (CSO) As much as you might want to implement all the latest best practices and lock down your company like Fort Knox, you need to align your policies to your company culture

What is…an exploit? (Sophos Blog) Most cyberattacks involve criminals exploiting some sort of security weakness

What Pippa Middleton can teach us about iCloud security (We Live Security) This weekend it emerged that Pippa Middleton was the latest in a long line of celebrities to have her online accounts broken into by criminals, and private photographs stolen

Preventing Privileged Account Abuse (Infosecurity Magazine) Fraud or theft that occurs as a result of privileged account abuse is one of the most challenging for organizations to identify and mitigate. An organization’s so called ‘super users’ – those with the highest access rights and privileges – hold the keys to a mine of valuable information and data

Marketplace

Adaptive security market to gain traction in the next five years (Help Net Security) The adaptive security market size is estimated to grow from $3.53 billion in 2016 to $7.07 billion by 2021, at an estimated CAGR of 14.9%, according to MarketsandMarkets

M&A Due Diligence, Cyber Security, and the Massive Yahoo Data Breach (eSecurity Planet) Verizon, which announced plans to acquire Yahoo two months ago, says it only learned of the breach last week

Yahoo wasn’t lying when it told Verizon it didn’t know about the biggest hack in history (Quartz) Since Yahoo admitted on Sept. 22 that a 2014 hack compromised half a billion user accounts, a key question has been: how long has it known?

Yahoo Security Breach Poses Opportunity (Gurufocus via Yahoo! Tech) This news hit the press over the last few days and to much dismay, there are many questions still left to be addressed

Cybercrime Pays for Tech Investors (HACK, CIBR, SYMC, PANW) (Investopedia) Headline cybercrime attacks such as the latest Yahoo Inc. (YHOO) security breach poses a significant opportunity for investors eyeing the ever-so-vital cybersecurity industry. Additionally, new markets such as the Internet of Things (IoT), the cloud, and the broader digitalization of commerce, politics, healthcare and essentially all types of organizations have furthered the scope and scale of cybercrime risk. Industry pioneers with a hold on the market may be in an optimal position to take advantage of the growing global demand for cybersecurity solutions

IBM – something old, something new, something borrowed, still Big Blue? (ComputerWeekly) IBM recently held its customer event, Edge, is Las Vegas. Although totally new announcements were a little thin on the ground, there were various items that are newsworthy

Is Cisco Systems Stock Really Worth $37? (Motley Fool) An analyst recently put a $37 price target on shares of the networking-hardware giant. Is the target justified?

Merrill Lynch Remains Cautious on Cisco Systems, Inc. (CSCO) Amid Competitive Threats (Smarter Analyst) Merrill Lynch analyst Tal Liani is out with a research report on shares of Cisco Systems, Inc. (NASDAQ:CSCO) amid analysis of the growing impact of Huawei on Enterprise and Service Provider networking, in the context of how they affect the networking giant

The Leidos Shuffle: Dividends And Growth (Seeking Alpha) Leidos solves problems in five major markets. Investors will benefit from dividends and growth. The stock’s attractive valuation provides a good entry point

Cyber Media sells TDA Group acquired in 2008 (RTN.Asia) Cyber Media, a technology industry portal, said it sold its wholly owned subsidiary TDA Group to The Marketing Group

Who Should Acquire Imperva? (Seeking Alpha) The share price of Imperva spiked last week due to rumors of an acquisition. The growing number of interested acquirers might place an unjustifiable premium on the stock. The best acquirer will need a strong sales force and marketing prowess in addition to product synergies for the acquisition to generate value

Imperva Channel Chief: 'No Change' For Partners Despite Rise In Sale Rumors (CRN) Rumors are back in force that Imperva is looking for a buyer, with reports Friday that the security vendor has received interest from several large technology companies. But while those rumors fly, Imperva’s channel chief says partners should expect “no changes” in the way they do business with the company

Expel grabs $7.5 mln Series A (PE Hub Network) Cyber security startup Expel Inc has raised $7.5 million in Series A funding. Paladin Capital Group led the round with participation from other investors that included New Enterprise Associates, Battery Ventures, Greycroft Partners and Lightbank

Research and Development

DARPA developing new computer code that is effectively hack-proof (Blastr) As the world becomes more and more dependent on technology, it also becomes imminently more hackable. That’s where DARPA’s latest breakthrough comes in

UCL blockchain center calls for research papers on blockchain and bitcoin (EconoTimes) UCL Center for Blockchain Technologies, London has announced the call for submissions of student research thesis and research papers in areas of blockchain, bitcoin or other financial cryptography research, as a part of its Student Thesis/Paper Competition 2016

Security Patches, Mitigations, and Software Updates

Microsoft equips Edge with hardware-based container (Help Net Security) Microsoft has announced a new capability that will make its Edge browser the most secure web browsing option for enterprises: Windows Defender Application Guard

Cyber Attacks, Threats, and Vulnerabilities

Yahoo's claim of 'state-sponsored' hackers meets with skepticism (CSO) Yahoo has blamed its massive data breach on a "state-sponsored actor"

Questions Mount Around Yahoo Breach (Threatpost) As Yahoo continues to investigate the biggest data breach in history, pressure is mounting on the company to admit when it knew about the attack, whether there was a delay in reporting it, and also about how it implements cryptography to secure data it’s responsible forr

Yahoo Found Wanting on Crypto Security (Infosecurity Magazine) Yahoo’s security challenges are showing no signs of abating after crypto specialist Venafi highlighted multiple issues which could indicate hackers are still present inside key systems following Yahoo’s disclosure of a massive data breach last week

Russian 'Fancy Bear' Hackers Hit Mac OS X With New Trojan (Dark Reading) Aerospace victim hit by targeted attack that didn't even exploit a Mac vulnerability

Sofacy APT Targeting OS X Machines with Komplex Trojan (Threatpost) The prolific APT gang allegedly behind the DNC hack and other targeted attacks against Western military and political targets is using a new Trojan called Komplex to infect OS X machines used in the aerospace industry

What The WADA Hack Proves About Today's Threat Landscape (Dark Reading) Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks

Virlock ransomware can now use the cloud to spread, say researchers (ZDNet) New strain of this two year old ransomware takes advantage of users syncing and sharing to spread infected files through the network

Cloud Malware Fan-out with Virlock Ransomware (Netskope) The ransomware landscape has dramatically grown since inception. Ransomware typically propagates via email, exploit kits, removable drives or external network shares. Ransomware authors regularly deploy several tactics to make the infection scale larger and also use hard-to-recover encrypted files to ensure that user pays the ransom

Security man Krebs' website DDoS was powered by hacked Internet of Things botnet (Register) Internet of Amazingly Insecure Tat? That's the one

DDoS takedown powered by IoT devices (CSO) The attack on Krebs serves as a wake up call to the security threats of IoT and firmware

Terrorist in the machine: U.S. DOJ fears IoT security threat (ReadWrite) The huge wave of Internet of Things (IoT) enabled devices has the U.S. government worried that the technology harbors lurking security threats

Symantec Raises Alarm Over IoT DDoS Attacks (Mobile ID World) Symantec is raising the alarm about the lack of security for the emerging Internet of Things. In a new blog post, the company specifically looks at DDoS (distributed denial of service) attacks, which can cripple an online target by flooding it with bogus traffic)

Ethereum DDoS Attack Abuses Internal Attributes (Security Intelligence) Ethereum, a system for decentralized applications that uses blockchain, has hit a rough patch. The company recently dealt with a distributed denial-of-service (DDoS) attack

Thousands of Cisco devices still at risk of unpatched NSA zero-day flaws (ZDNet) The tools may have been mistakenly left behind by the NSA following an operation

Security Bulletin: Vulnerability in Apache Commons affects IBM B2B Advanced Communications (CVE-2016-3092) (AusCERT) IBM B2B Advanced Communications is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component

New Mac Trojan uses the Russian space program as a front (PC World) The Komplex Trojan can download, execute, and delete files from an infected Mac

Hancitor Downloader Abusing APIs, PowerShell Commands (Threatpost) Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect

New PonyForx Infostealer Malware Sold on Russian Hacking Forums (Softpedia) PonyForx is a fork of the more popular Pony infostealer

MarsJoke Ransomware Targets .EDU, .GOV Agencies (Threatpost) New ransomware has surfaced that targets state and local government agencies, and educational institutions that are less likely to have big budgets to ward off or mitigate threats, according to researchers

Shellshock Anniversary: Major Security Flaw Still Going Strong (Security Intelligence) Ready for me to go old school? How about SQL Slammer-level old school? More than 13 years after it was first found scurrying around the internet, the SQL Slammer worm can still be found propagating in the wild, albeit minimally, according to IBM Managed Security Services (MSS) data

Researchers Sound the Alarm on Vulnerabilities in Kerio Firewalls (Security Intelligence) The Kerio Control information appliance, usually known as Kerio Firewalls, can be attacked and the internal controls bypassed, according to SEC Consult. The device is designed by Kerio Technologies to be used as a network firewall, router or VPN gateway inside a network’s topology

Adware Campaign Using Advanced Nation-State Obfuscation Techniques (Dark Reading) New report from Carbon Black shows adware may be spreading ransomware, using similar tactics as Operation Aurora

Hey Dridex, Tu Runā Latviski? (Security Intelligence) Has Dridex been brushing up on its Latvian? Or perhaps its written Estonian skills? Maybe it’s preparing a long overseas stay requiring offshore banking accounts in the Cayman Islands? Recent Dridex configurations analyzed by IBM X-Force reveal that the new wave of Dridex attacks is resilient and more complex than your average malware campaign

Voters’ Database of 2.9 Million State of Louisiana Natives Leaked Online (HackRead) 2.9 million voters’ data means the entire state of Louisiana — it shows how vulnerable the US cyber infrastructure is

As we speak, teen social site is leaking millions of plaintext passwords (Ars Technica) i-Dressup operators fail to fix bug that exposes up to 5.5 million credentials

Looking for an iOS jailbreak? Beware of scammy offers (Help Net Security) Users searching for a way to jailbreak an iDevice should be extremely careful not to fall for fake offers such as that on the taig9.com website

Apple has seriously weakened iOS 10 backups against password hackers (HITBSecNews) A flaw Apple introduced in iOS 10 has made it far easier for password crackers to brute-force data backed up to iTunes, including credentials stored in Keychain

Hospital Security Fears as Pagers Come Under Spotlight (Infosecurity Magazine) Healthcare organizations have been urged to immediately re-evaluate their use of pagers after a new report claimed unencrypted messages can be intercepted and spoofed with potentially life-threatening repercussions

Loyalty Program Theft: How Cybercriminals Are Helping Themselves to Hard-Earned Rewards (Security Intelligence) Most cybercriminals aren’t looking to make things complicated or cumbersome. Sure, some want the attention that comes with cracking a new system or developing a new attack vector, but most attackers are just in the market for easy money

German firm publicly rebukes security products' privacy policies (FedScoop) Some security products' privacy policies assert the manufacturer's rights over biometric data, as well as the user's gender, occupation, race and sexual orientation

The hacker's guide to boosting your ransomware's brand (Graham Cluley) Even ransomware needs good marketing to make it on the dark web

Academia

2016 National Cyber Analyst Challenge announces 10 university finalists (PRNewswire) Ten university finalists have been selected for the 2016 National Cyber Analyst Challenge (NCAC), a competition that supports top students currently pursuing cyber-related degrees in the nation's leading programs. Powered by Leidos (NYSE: LDOS) and administered by Temple University's Institute for Business and Information Technology (IBIT), the competition will send 10 teams to Phase 2 advanced cyber training and the subsequent Phase 3 finals in Reston, Va., Oct. 27-29

Back to college/university? Don’t take cybercriminals with you! (Naked Security) The cybercrime almanac reads like a sociopathic version of the regular calendar

Litigation, Investigation, and Enforcement

FBI Probes Dumping Of NSA Hack Tools On Public Site (Dark Reading) National Security Agency says tools left exposed by mistake - and dumping by presumably Russia-backed hackers Shadow Brokers

Clinton confidant's immunity deal looms over debate: Jonathan Turley (USA Today) FBI appears to have undermined its own investigation with ill-considered witness agreements

Obama’s Conflict Tanked the Clinton E-mail Investigation — As Predicted (National Review) Hillary couldn’t be proven guilty without proving the president guilty as well

Clinton Privately Warned of U.S. Cyber-Attack Vulnerabilities (Washington Free Beacon) Remarks came a day before classified emails on private server were revealed

Mall shooting suspect had blog with picture of ISIS leader (Fox News) The Turkish immigrant accused of gunning down five people at a Washington mall smirked at his first court appearance Monday even as reports revealed he had a blog with photo posts of ISIS leader Abu Bakr al-Baghdadi and Iranian Supreme Leader Ayatollah Khamenei

U.S. senator seeks SEC probe of Yahoo disclosure on hacking (Reuters) Democratic Senator Mark Warner on Monday asked the U.S. Securities and Exchange Commission to investigate whether Yahoo (YHOO.O) and its senior executives fulfilled obligations to inform investors and the public about a hacking attack affecting 500 million user accounts

U.S. Regulators Accuse Palantir of Bias Against Asians (Fortune) Lawsuit says tech company favored non-Asians job applicants

Germany Says Facebook's Collection of WhatsApp Data Is Illegal (Motherboard) Facebook and WhatsApp have been told to immediately stop the mass collection, storage, and sharing of data scooped up from 35 million WhatsApp users in Germany, just one month after Facebook-owned WhatsApp announced its decision to start harvesting and sharing user data with its parent company

2016 Congressional Report: CylancePROTECT Halted OPM Breach (Wireless Heat) Congressional report concludes CylancePROTECT played a pivotal role in discovering, stopping and remediating malware that caused OPM data breach

Design and Innovation

Private Data Is the Ultimate Luxury Good (Motherboard) What if an SD card was worth more than a diamond?

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how this research can be used to enable innovation. The main aims of the conference are: To highlight the innovative research happening globally with three main themes: Privacy, Security and Trust. Academics from across the globe will come together to discuss solutions related to PST risks and to showcase the research methods that are able to minimise future cybercrime issues. To foster new ideas and conversation in order to reduce the amount of PST issues globally and to create enduring change in the behaviour and attitudes towards PST. To draw together PST practitioners, researchers, and government to showcase the latest PST research outputs and initiatives. We envisage that industry participants will implement the PST initiatives that are discussed and showcased at the conference into their practice.

upcoming Events

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC conference is the formulation of practical recommendations that aim to increase resilience to cyber threats within specific economic sectors, states, and the EU as a whole.

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in Baltimore, MD - See more at: https://thecyberwire.com/events/s/3rd-annual-women-in-cyber-security-reception.html#sthash.Kgzd4dXp.dpuf

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

What might a nation-state want from Yahoo!? US Senate asks SEC to investigate breach. Fancy Bear is snuffling around aerospace targets. FBI investigating Shadow Brokers' leaks. Netskope warns against Virlock ransomware. Facebook and WhatsApp data.