The CyberWire Daily Briefing 09.28.16

Summary

By The CyberWire Staff

US authorities investigate what they take to be Russian intelligence services' information operations. These include selective feeding of hacked material to various websites, some of the legitimately independent, some of them fronts, others not obviously either. Observers note a studied ambiguity in Russia about how such material is obtained. The FBI is also said to have opened an investigation of attempts to compromise political figures' phones.

As evidence surrounding the MH17 shootdown increasingly points to Russian culpability, ThreatConnect finds that Fancy Bear (the widely used handle for Russia's GRU) has been "actively targeting" Bellingcat, a journalistic organization that's contributed to the MH17 investigation.

Very large distributed denial-of-service (DDoS) attacks continue. KrebsOnSecurity has recovered thanks to Project Shield, but an even larger IoT-based attack is said to have hit OVH hosting. It's hard to patch things, as the Register observes, even harder when the things in the network are at the end of their lifecycle.

Yahoo's security practices draw sharp criticism from observers who argue that marketing decisions drove the struggling Internet giant to take fatal shortcuts. (One example—not requiring password resets for fear of driving away email customers.)

TheDarkOverlord, whoever that is, is back, and seeking to extort ransom from Los Angeles investment bank WestPark Capital. TheDarkOverlord says he'll release sensitive documents if he's not paid, and has offered a teaser of what he has. Flashpoint believes at least thirteen organizations would be harmed by the doxing.

The RIG exploit kit continues to take marketshare in the malvertising souk.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, European Union, France, Israel, Russia, United Arab Emirates, United Kingdom, and United States.

A note to our readers: The CyberWire published its first issue on September 28, 2012, and so today marks our fourth anniversary.. Thanks to all of you who subscribe to and read the CyberWire. We hope we stay in touch for many more years to come.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Malek Ben Salem, from our partners at Accenture Technology Labs. She'll describe how you use semantic technology for analytics. Our guest, Kathleen Smith of ClearedJobs.net, will continue yesterday's discussion about the implications of Intel's recent labor market study, "Hacking the Skills Shortage." As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

Maryland Cyber Day (Rockville, MD, USA, October 5, 2016) Highlighting and celebrating Maryland’s cybersecurity entrepreneurs, innovators and companies and connecting them with two vital tools for growth and success – investment capital and customers – from Maryland and beyond.

CyberMaryland Job Fair (Baltimore, MD, USA, October 20, 2016) Top companies looking for cyber security professional, cleared and non-cleared opportunities.

Selected Reading

Cyber Trends

By 2018, 25 percent of new mobile apps will talk to IoT devices (Help Net Security) With the convergence of devices, bots, things and people, organizations will need to master two dimensions of mobility, according to Gartner

Mobile security stripped bare: Why we need to start again (Help Net Security) We’re all familiar with the cartoon image of a character stopping a water leak by plugging a finger into the hole, only for another leak to start, needing another finger, and so on, until the character is soaked by a wave of water

Many tech senior decision-makers don’t understand encryption (Help Net Security) Nearly a quarter of tech senior decision-makers in the UK don’t fully understand encryption, according to PKWARE

185M incidents bypassed perimeter defenses - report (SC Magazine) Two recent industry reports warned of the dangers of over-reliance on perimeter security as an enterprise defense method

Digital shadows global study reveals UAE tops list in Middle East for most employee data leaks (Zawya) 97 percent of the 1,000 largest companies have suffered compromise of employee credentials, comprising email and password combinations

Legislation, Policy and Regulation

Privacy watchdog urges Ottawa to pass ‘metadata’ legislation (Globe and Mail) Canada’s privacy czar is calling on the Liberals to fulfill a promise to pass laws constraining the federal spies who are allowed to capture records of Canadians’ phone and Internet activities

Cyber Attack In Space: Could It Lead To A Global Catastrophe? (Science World Report) Experts have recently warned that online hackers could soon pose a threat at a different level - space and that the consequences could be disastrous. London's independent policy institute Chatham House has reportedly warned about a global catastrophe due to the hacking of spacecraft and satellites

What a real cyber war would look like (USA Today) Both U.S. presidential candidates have vowed to take on the world when it comes to cyber warfare. But full-scale cyber retaliation might be hard to spot and even harder to count as a win

Clinton strikes harsh tone on cyber (C4ISRNET) Democratic presidential nominee Hillary Clinton vowed a tough stance in cyberspace in the face of aggression and hacking from abroad. During the first presidential debate, the former secretary of state described cybersecurity and cyberwarfare as “one of the biggest challenges facing the next president”

New draft of cyber response plan nearly ready for release (FCW) The Department of Homeland Security is nearly ready to release a draft of the National Cyber Incident Response Plan that has been anticipated and debated for months

NGA is helping decipher picture in Crimea (C4ISRNET) The National Geo-Spatial Intelligence Agency is helping paint a clearer picture on the muddied Crimean Peninsula that was annexed by Russia from Ukraine in 2014

Operationalizing Cyberspace (Stand-To) The Army is in the process of operationalizing cyberspace to enable maneuver commanders to fight and win in the information environment in the same manner as in the ground, air, sea and space domains

Army’s ‘Multi-Domain Battle:’ Jamming, Hacking & Long Range Missiles (Breaking Defense) Days before the biggest defense conference of the year, one of the Army’s top thinkers is unveiling the service’s new push to expand its role beyond its traditional domain — land — to air, sea, space, and cyberspace

Rep. McCaul: US Must Gain Decryption Edge (BankInfo Security) Calls for more Federal funding for quantum computing research

Products, Services, and Solutions

Google looking to reshape web defences with strict Content Security Policies (SC Magazine) Google has taken to its Security Blog to announce their release of a tool designed to help web developers avoid leaving their web applications vulnerable to cross-site scripting (XSS) attacks

VIPRE® Helps Small Businesses Prevent Ransomware Infections (PRNewswire) The launch of VIPRE Internet Security Pro Small Office extends VIPRE's ransomware defense to businesses of all sizes

AsTech Consulting Introduces Legacy Application Security Evaluation and Remediation Program (StreetInsider) Provides a flexible and cost effective way for companies to securely make the most of their legacy applications

Facebook Debuts Open Source Detection Tool for Windows (Threatpost) Facebook successfully ported its SQL-powered detection tool, osquery, to Windows this week, giving users a free and open source method to monitor networks and diagnose problems

Project Springfield: Cloud-based fuzz testing for uncovering million-dollar bugs (Help Net Security) This Moday Microsoft debuted Project Springfield, a cloud-based fuzz testing (aka fuzzing) service that the company has been working on for a quite a while

BeyondTrust Announces Password Management API (ProgrammableWeb) BeyondTrust, global information security company dedicated to preventing privilege abuse, announced a free API that enables users to call stored credentials from its PowerBroker Password Safe

Webroot, Atera, Team on Next-Gen Security (Channel Partners) Atera, developer of the cloud-based IT automation platform that combines Remote Monitoring and Management (RMM software), Professional Services Automation (PSA), and remote access into one powerful solution, today announced that it has partnered with Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence

Thales introduces Thales orchestrator to scale encryption (Financial News) Thales has introduced Thales orchestrator as a platform for Vormetric data protection, encryption scalability and cloud readiness, the company said

DigiCert Leads By Integrating Certificate Issuance with Microsoft Azure Key Vault (PRNewswire) DigiCert, a global leader in trusted identity and authentication services for enterprise web and Internet of Things (IoT) security, today announced a full integration with Microsoft Azure Key Vault

FileCloud Launches Industry's First Enterprise File Share and Sync Solution with Built-In Ransomware Protection (PRNewswire) Powerful protection features to protect files against ransomware are added to the IT industry's most innovative file sharing and sync platform

Exabeam 3.0 Delivers Advanced System Architecture to Detect and Respond to Non-Human Insider Threats (MarketWired) New elastic design manages exponentially growing volumes of behavioral data generated by humans and machines

Splunk Expands Machine-Learning Capabilities Of Its Operational Intelligence Software (CRN) Operational intelligence software developer Splunk is expanding the machine-learning capabilities of its products, debuting new releases of its flagship Splunk Enterprise platform and several applications that leverage machine data for business intelligence, security and other tasks

Thinklogical TLX KVM Matrix Switches Achieve Common Criteria EAL4 Accreditation (Yahoo! Finance) Thinklogical, a leading provider of secure, high-performance KVM signal extension and switching systems for video-rich applications, announced today that its TLX48, TLX320, and TLX640 fiber-optic KVM (keyboard, video, and mouse) matrix switches have achieved Common Criteria certification at Evaluation Assurance Level 4 (EAL4)

Tokenization Without Technical Expertise? Townsend Says It's Here (IT Jungle) Tokenization has emerged as a favorite technique for protecting sensitive data without the heavy performance, storage, and productivity hit that encryption entails

Cisco Debuts Cloud Security Services For Digital Business Models (Channel Partners) Cisco on Tuesday unveiled a handful of new cloud-security services, promising that its architectural approach reduces the average time to detection to less than 13 hours — faster than the industry standard of 100 days

Palerra Partners With Fortinet to Provide Comprehensive Security Across On-Premise and Cloud Services (EIN News) Palerra LORIC integrates With Fortinet's Security Fabric to enable enterprises to securely transition from on-premise solutions to cloud-based or hybrid deployments

Is It Time for Whole-Home Wi-Fi? (Financial Technologies Forum News) While Wall Street coasts into the final quarter of this year, the foot soldiers of securities operations are likely consoling themselves with thoughts of bonuses and what to spend them on

Onapsis Joins Cloud Security Alliance to Help SAP Customers Securely Migrate to the Cloud (Broadway World) Onapsis today announced that it has joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment

F-Secure Brings Total Security and Privacy to Consumers (Sys-Con Media) New F-Secure offering provides Internet security and virtual private network applications with a single subscription

Technologies, Techniques, and Standards

World's Major Central Banks to Study Global Standards Following $81-Million Cyber Heist (Hacked) Months after the $81-million cyber heist from Bangladesh Bank’s account at the Federal Reserve Bank of New York, the world’s major central banks have assembled a task force to look into international standards to counter cyber attacks

Swift Introduces Security Mandates for Users to Supplement Guidelines (Wall Street Journal) Swift will report any noncompliant customers to regulators

Swift issues plea to collaborate in fight against cybercrime (Banking Technology) It is vital that the Swift community learns from cyber attacks and strengthens cooperation, delegates were told yesterday. Chief technology officer (CTO) of Swift, Craig Young, said such attacks were increasing in number and sophistication across all industries

Advancing cybersecurity through automated indicator sharing (CSO) As the number of cybersecurity incidents increase, both the government and the private sector have worked together to introduce an info-sharing program to help address the threats

Selecting a Threat Risk Model for Your Organization, Part Two (eSecurity Planet) In the second of a two-part series on threat risk models, we look at Trike, MIL-STD-882E and OCTAVE

The Best Way for Companies to Prepare for Inevitable Data Breaches: Rehearse (Fortune) You will be breached, so plan

5 Best Practices For Winning the IoT Security Arms Race (Dark Reading) By focusing on a pragmatic approach to security, it's possible to develop IoT solutions that will reduce future risk without breaking the bank

Don’t Get Hooked: How to Recognize and Avoid Phishing Attacks (Infographic) (Digital Guardian) We’re ringing in National Cyber Security Awareness Month and European Cyber Security Month with an infographic to help spread awareness of one of the greatest and most common threats to computer users of all kinds: phishing attacks

Information security and the flaming sword of justice (CSO) There have been times in my career where I found it almost necessary for me to breathe into a paper bag after hearing some asinine positions on what security should be

Improving The Security Conversation For CIOs, CISOs, & Board Members (Dark Reading) Cybersecurity is a top priority among enterprise leaders, but it's difficult for them to communicate with IT and security teams if they lack an understanding of key security concepts

Marketplace

Cyber Security ETFs in Hot Spot: Here's Why (Zacks via Yahoo! Finance) After slumping in mid-May, cyber security stocks have been on fire lately thanks to the volley of cyberattacks and acquisition buzz

Cisco Systems, Inc.: Why CSCO is a Great Dividend Stock (Income Investors) Cisco Systems, Inc. (NASDAQ: CSCO) is a leader in the design and manufacturing of networking and communications hardware for the information technology industry

M&A: Is Security Industry Set For A Paradigm Shift? (CXO Today) Mergers and acquisitions (M&A) are not new concepts in the end point security market

Microsoft leads $9 million investment round in container security startup Aqua Security (ZDNet) Aqua Security's platform aims to protect container environments by automating policies and providing a clear view of container activity throughout its lifecycle

What Lies Beneath Israel’s Start-Up Supremacy (Market Mogul) Israeli start-ups attracted total investments of $2.8bn in the first half of 2016

Lexumo Selected for MIT "Industry-Ready" Accelerator Program (PRNewswire) Cloud-based service uses graph analytics and machine learning developed for DARPA to continuously monitor software for critical open source vulnerabilities such as Heartbleed

Mimecast Unveils Secondary Offering (NASDAQ:MIME) (Englewood Daily) Mimecast (NASDAQ:MIME), a provider of cloud security and risk management services for corporate information and email, said late Monday that a registered secondary public offering of 4,000,000 ordinary shares has been launched

HackerOne CEO: 'We’re building the world’s biggest security talent agency' (CSO) Marten Mickos is crowdsourcing security with a growing army of ethical hackers who can help your company if you’re ready to adopt a new security mindset

FireMon Welcomes New President & CEO, Satin H. Mirchandani (MarketWired) High-growth security management vendor forges ahead with new CEO at the helm

Martin Roesch Joins ThreatQuotient’s Board of Directors (TheatQuotient) Sourcefire founder and creator of Snort® brings considerable experience and industry insight on utilizing contextual and operational threat intelligence

Research and Development

DARPA Picks BAE’s Smart Handheld EW Sensor (Breaking Defense) BAE Systems has been awarded a DARPA contract that may help address one of the most pressing threats the US Army has identified — Russia’s increasingly impressive and powerful use of Electronic Warfare on the battlefield

Security Patches, Mitigations, and Software Updates

Tesla Responds to Chinese Hack With a Major Security Upgrade (Wired) Hacking any system as complex as a car requires digging up not just one vulnerability but a series of exploitable bugs that create a path through the target’s maze of defenses

Samsung Galaxy S6 and Galaxy S6 edge receiving September security update in Europe (Phone Arena) It might be surprising for some, but AT&T was actually among the first carriers to provide Galaxy S6 owners with the new September security patch

Google’s search app now sports an incognito mode (TechCrunch) Looking to surf the mobile web privately, but generally prefer the Google Search app over standalone browsers like Safari or Chrome?

Firefox ready to block certificate authority that threatened Web security (Ars Technica) Mozilla says it has lost confidence in WoSign's ability to protect HTTPS system

Cyber Attacks, Threats, and Vulnerabilities

U.S. Believes Russia Steered Hacked Documents to Websites (Wall Street Journal) Officials are increasingly confident that the Russian government is intensifying a campaign to steal U.S. computer records and leak damaging information to the American public

A Voice Cuts Through, and Adds to, the Intrigue of Russia’s Cyberattacks (New York Times) Living anonymously, down a winding road in the wilderness of western Siberia, not far from the Mongolian border, the only person so far implicated in the flurry of Russian hacking of the Democratic National Committee and other political sites was obviously enjoying the moment

Trump and Putin are using the same tactic to deflect questions about the DNC hack (Washington Post) Russia. China. A 400-pound man sitting in bed. All suspects in the hack of the Democratic National Committee this summer, Donald Trump said during Monday evening's presidential debate

The Internet Is No Place for Elections (MIT Technology Review) It’s not safe to connect our voting infrastructure to the Internet, but some election boards are doing it anyway

Belling the BEAR (ThreatConnect) ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation

OVH Hosting Suffers From Record 1Tbps DDoS Attack Driven By 150K Devices (Slashdot) If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing? (Register) Akamai CSO laments pisspoor security design practices

73% of companies using vulnerable end-of-life networking devices (CSO) Seventy-three percent of companies are using vulnerable, end-of-life networking equipment, up from 60 percent last year, according to a review of more than 212,000 Cisco networking devices at 350 organizations across North America

Project Shield Has Krebs on Security's Back (Tech News World) The website of prominent security blogger Brian Krebs is back online this week after sustaining one of the largest distributed denial of service attacks in Internet history

Researchers Find Speed Cameras Vulnerable To Hacking (TheNewspaper.com) Computer security firm exposes the ease with which speed cameras and red light cameras can be compromised over the Internet

Just how bad is Yahoo's security breach? 'Equivalent of ecological disaster,' expert says (Oregonian) As investors and investigators weigh the damage of Yahoo's massive breach to the internet icon, information security experts worry that the record-breaking haul of password data could be used to open locks up and down the web

Yahoo data breach: Gemalto, Digital Shadows and TeleSign experts chime in (Security Brief) As the Yahoo data breach continues to sort itself out, some big names in IT are speaking out about the entire ordeal. Gemalto, TeleSign and Digital Shadows have all released content surrounding the breach, showing that while it may be the biggest in history, it's not that uncommon and protection is seriously advised

Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say (New York Times) Six years ago, Yahoo’s computer systems and customer email accounts were penetrated by Chinese military hackers. Google and a number of other technology companies were also hit

Will Yahoo’s Data Breach Help Overhaul Online Security? (Knowledge@Wharton) A “full inquiry” into a massive data breach at Yahoo — which was revealed this week but took place in late 2014 — will decide the fate and revaluation of Verizon’s $4.8 billion bid to buy its operating assets, according to experts

The Password Paradox, and Why our Personalities will get us Hacked (LastPass) Despite high-profile, large-scale data breaches dominating the news cycle - from Mark Zuckerberg’s Twitter account to a leak of millions of LinkedIn passwords - consumers have yet to adjust their online behavior

TheDarkOverlord holds investment bank to ransom, or else hacked files will be released (Hot for Security) No-one knows who TheDarkOverlord is. No-one even knows if he or she is one lone hacker, or a group of hackers. But one thing is certain, TheDarkOverlord must be giving some companies sleepless nights as they struggle to work out the best way to respond

Rig Exploit Kit from the Afraidgate Campaign (SANS Internet Storm Center) Yesterday on Tuesday 2016-09-27, the Afraidgate campaign switched from Neutrino exploit kit (EK) to Rig EK [1]. As we go into Wednesday 2016-09-28, this trend continues

The RIG Exploit Kit Is The New Leader On The Malvertising Market (Virus Guides) There has been a recent change in the exploit kit (EK) landscape as the RIG EK is slowly but surely moving forward to replace the notorious Neutrino, report multiple sources

Malvertising Attack Threatens 2 Million answers.com Visitors Daily (Infosecurity Magazine) A malvertising attack has been mounted on the popular website answers.com, which receives 2 million visits daily

Anti VM Tricks (SentinelOne) Recently, I was tasked with investigating a malware sample which sometimes failed to behave maliciously

Zscaler Finds Scams On Magento’s Platform (PYMNTS) Zscaler has uncovered online scams on Magento’s eCommerce platform that collect credit card information from unsuspecting consumers. There are also tech support pop-up scams that employ scare tactics to encourage the user to call paid support services to remove fake viruses

Swift CEO reveals three more failed attacks on banking network (CSO) Swift will impose stricter security standards on banks from next year

Inside Arizona’s Pump Skimmer Scourge (KrebsOnSecurity) Crooks who deploy skimming devices made to steal payment card details from fuel station pumps don’t just target filling stations at random

IBM 'unlikely to hit Customs and Immigration merger deadline' amid growing fears of system failure (Australian Broadcasting Corporation) Serious concerns have been raised about IBM's ability to meet the demands of merging the Customs and Immigration computer systems by people familiar with the roll-out of the half-billion dollar contract

Network Attacks Hit One-Third of Executive Mobile Devices in Q2 2016 (MarketWired) Skycure report also finds more than six percent of executive devices infected with high severity malware

Academia

U.S. Cyber Challenge and CyberCompEx Become “NSA Day of Cyber” Partners to Inspire interest in Cybersecurity Career Opportunities (USCC) Collectively, U.S. Cyber Challenge (USCC) and CyberCompEx announced today their partnership with the “NSA Day of Cyber” Initiative—a national initiative to address the cyber skills crisis and raise the “Cyber IQ” of the nation

Investment group signs deal to train cyber-security professionals (Augusta Chronicle) The investment group renovating Augusta’s historic Sibley Mill into a high-tech mixed-use development said Tuesday it has signed a deal with a Maryland-based institute to train future cybersecurity professionals there as early as next year

Litigation, Investigation, and Enforcement

FBI probes hacks targeting phones of Democratic Party officials: sources (Reuters) The FBI is investigating suspected attempts to hack mobile phones used by Democratic Party officials as recently as the past month, four people with direct knowledge of the attack and the investigation told Reuters

Europol identifies eight main cybercrime trends (Help Net Security) The volume, scope and material cost of cybercrime all remain on an upward trend and have reached very high levels. Some EU Member States now report that the recording of cybercrime offences may have surpassed those associated with traditional crimes

State Dept misses court's deadline on Clinton docs (The Hill) The State Department narrowly missed a court-ordered deadline on Monday to release documents about whether former Secretary of State Hillary Clinton and her senior aides participated in security training and briefings

Yahoo Breach: Senators Demand Answers (Wall Street Journal) In a letter to Yahoo CEO Marissa Mayer, the six senators call the time lag between the security breach and its disclosure ‘unacceptable’

FBI Chief Security Guru Talks Fighting Insider Threats (Fortune) It’s not just outside hackers that the FBI has to worry about

FCC official: “Something’s not right” with Wi-Fi at Monday’s debate (Ars Technica) Jessica Rosenworcel wants to find out if Hofstra's hotspot shutdown was legal

Hundreds of police officers abused databases to stalk lovers, journalists, enemies, AP finds (AP via the Week) Police officers have access to large amounts of personal information on you, and sometimes they misuse criminal-history and driver databases to find information about romantic or business partners, neighbors, fellow officers, politicians, and journalists, The Associated Press found in an investigation of police agencies in all 50 states

Teenager appears in court over TalkTalk cyber-attack (Guardian) Daniel Kelley, 19, from South Wales, is accused of demanding more than £216,000 worth of bitcoin as a blackmail payment

A Former Verizon Employee Just Admitted to Selling Private Phone Records (Fortune) For as little as $50 a month

Design and Innovation

How Machine Learning Can Help Fight Off Cyber Attacks (Fortune) New artificial intelligence techniques can help battle old methods of hacking

Microsoft CEO Satya Nadella on artificial intelligence, algorithmic accountability, and what he learned from Tay (Quartz) Microsoft is quickly pivoting to position itself as a leader in artificial intelligence

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming their companies; no industry has been left untouched. But the benefits of this digital world have been offset by increased risks from all manner of sophisticated adversaries who find new vulnerabilities to exploit as quickly as old flaws are addressed. That means CISOs are struggling to keep up with the threats as the security industry itself responds with an increasing — and often confusing — array of products and services. Structure Security is the first and only conference to bring all of these constituencies together.

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases brand new exclusive content and senior-level insights from across the industry, as well as unveiling the latest developments in IT. It covers everything you need to run a successful enterprise or organisation. Arrive with challenges, leave with solutions. IP EXPO Nordic 2016 incorporates six IT events under one roof – Cloud, Cyber Security, Networks and Infrastructure, Data Analytics, DevOps and Open Source. This year’s event will be the most comprehensive business-enhancing experience for those across the IT industry, including IT managers, CTOs, CDOs, network and storage engineers, CISOs, data analysts, developers and communications specialists.

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety of speakers and interactive panels, CRCS will educate and raise awareness on a wide range of cybersecurity issues - from local to global - facing businesses of all sizes. Summit attendees will be exposed to the latest findings and best practices regarding: small organizations/SMB cybersecurity preventative measures, network security (whether large or small), financial and payment card industry (PCI) compliance, and law enforcement and national security concerns. Plan to attend and ensure that your business is prepared to face the 21st Century cybersecurity challenges ahead.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Alleged Russian hacking, info ops, under investigation by US. IoT botnets continue to exact a DDoS toll. Yahoo! security practices, decisions, scrutinized. TheDarkOverlord is back, and after investment banking. RIG EK grabs black marketshare.