The CyberWire Daily Briefing 10.05.16

Summary

By The CyberWire Staff

Guccifer 2.0 has released material he (she? they?) claims to have obtained from hacking the Clinton Foundation. The apparent documents are of course discreditable on their face, but they also don't appear to have come from the Clinton Foundation—observers think they're republication of documents taken from the Democratic National Committee and the Democratic National Campaign Committee. Longtime Guccifer 2.0 observer Motherboard offers the most direct, demotically expressed assessment, which we'll bowdlerize to "hogwash." Guccifer 2.0 is widely believed, on circumstantial but compelling evidence, to be a sockpuppet of Russian intelligence services.

Guccifer 2.0's communique includes a collegial shout-out to WikiLeaks and Julian Assange. WikiLeaks reiterates its plans for weekly data dumps through the US elections. US fears of election hacking are now centered on the possibility that confidence in the vote's legitimacy could be eroded.

Internet-of-things botnets are, by general consensus, the new normal in attacks on businesses. The gaming industry, dependent as it is on high levels of access, is particularly concerned.

Flashpoint warns of a new exploit kit, "Floki Bot."

In what is believed to be the first warning of kind by a medical device manufacturer, Johnson and Johnson alerts users to the possibility that its insulin pumps are vulnerable to cyberattack.

In more bad news for Yahoo!, Reuters reports that the company engineered surveillance of its users' emails by US intelligence or law enforcement agencies. With the sense of this being a last straw, advice on how to unsubscribe from Yahoo! services is being widely offered.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Belgium, Malaysia, Netherlands, Russia, Syria, Ukraine, United Arab Emirates, United States

A note to our readers: This week we're attending the 2016 annual meeting of the Association of the United States Army. We'll be providing tweets and full coverage from the cyber-relevant portions of the three-day event. We're also spending some time with our colleagues from the Military Cyber Professionals Association.

It's also National Cyber Security Awareness Month in the United States. The theme for the first week is "STOP. THINK. CONNECT.™: The Basic Steps to Online Safety and Security."

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Terbium Labs, as Emily Wilson explains the difference between the deep and dark webs. Our guest is Professor Thomas C. Wingfield of the National Defense University, one of the authors of the Tallinn manual, who will talk about international norms for conflict in cyberspace. If you enjoy the podcast, we invite you to consider giving it an iTunes review.

Sponsored Events

Tech Talk: Blockchain & Bitcoin (Laurel, Maryland, USA, October 17, 2016) Join Novetta and Chainanalysis at Jailbreak Brewery to learn about Bitcoin, a digital currency, and Blockchain, the technology that makes it all work. Rub elbows with like-minded techies and enjoy ice cold beer - Don’t miss out.

Cyber Security Summit (Los Angeles, California, USA, October 20, 2016) Senior-level executives are invited to learn about the latest threats and solutions in cyber security from experts from the U.S. Dept. of Justice, Darktrace, IBM and more. Use promo code cyberwire50 for a 50% off (Regular price $250).

CyberMaryland 2016 (Baltimore, MD, USA, October 20 - 21, 2016) This year's theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

NICE Conference and Expo 2016 (Kansas City, MO, USA, November 1 - 2, 2016) The NICE 2016 Conference and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for two days of focused discussions.

Selected Reading

Cyber Trends

Security chiefs and hackers race to benefit from AI prize (Financial Times) Companies are turning to artificial intelligence, but criminals are not far behind

Why Do We Have A National Cyber Security Awareness Month? (In Homeland Security) National Cyber Security Awareness Month (NCSAM) was first observed in 2004 after the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS) created it. This event has now been active for 12 years and through its initiatives, it is designed to help all Americans be safe and secure online

Forget a cyberwall, you're going to get hacked, say security execs (CNBC) Etsy, the online crafts marketplace, now has 2 million sellers doing business on its platform, and nearly 30 million buyers. As for any company, cybersecurity is a high priority

Legislation, Policy and Regulation

Let’s Get Putin’s Attention (New York Times) You may have missed this story, so I am repeating it as a public service

Opinion: The government must name and shame hackers (Christian Science Monitor Passcode) If the United States does not officially attribute state-sponsored cyberattacks and cedes the field to private companies or other states, it risks losing control of both the narrative about particular cyberattacks and the evolving norms of cyberspace

Grading Obama: C+: Administration Missed Key Opportunities To Civilize Cyberspace (Dark Reading) A middling grade because the President's cyber policy initiatives were reactive, laisse faire, and didn't buttress American economic opportunity

Don’t buy the overpromises of cyber, because it consistently under-delivers (Foreign Policy) Over the last few years, I have been involved in numerous military wargames where players envisioned extravagant results from cyber-operations. I have heard former Secretary of Defense Leon Panetta and former Chairman of the Joint Chiefs of Staff General Marty Dempsey both state that increasing cybercapabilities would compensate for reductions in conventional force structure

Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources (Reuters) Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter

Yahoo Reportedly Built a System to Help U.S. Intelligence Spy on Users (Vanity Fair) The last time a spy agency demanded Yahoo’s cooperation, the company fought back. Not this time

How American Companies Enable NSA Surveillance (Foreign Policy) Without the cooperation of American companies — both voluntary and compelled — the National Security Agency’s system of mass surveillance simply would not have been possible. And on Tuesday, Reuters added the name of yet another American corporate giant to the list of those who have made it possible for American intelligence to intercept huge troves of information: Yahoo

US tech giants say they didn't do Yahoo-style email spying (CSO) Yahoo's program may have been spying on hundreds of millions of users' accounts

Dateline

In an evolving battlespace, Army Cyber charging ahead (C4ISRNET) As the “only service with a cyber branch,” Army Cyber Command has seen “stunning changes” on its way to a full range of offensive, defensive and brigade network operations, according to ARCYBER Commander Lt. Gen. Edward Cardon

Commanders: US Army Must Begin Preparing Soldiers for Battlefield Cyber Attack (Sputnik) "We must be able to understand what can happen to our systems through a cyberattack, and what is the enemy's capability and how do we counter that," said Gen. Gustave "Gus" Perna, commander of Army Materiel Command

Warfare Undergoing 'Profound' Shift, Army Chief of Staff Says (Defense News) The Army’s top leader says soldiers will be operating in extremely austere conditions and fighting amid dense urban populations under constant threat of electronic surveillance that can make it dangerous to stay in one place for long

The World Changed in 2014 (The CyberWire) Everyone recognizes that the world changed on 9/11. It also changed, and just as drastically, in 2014. That year saw the Russian invasion of Ukraine (with its attendant suppression of civil society and hybrid warfare); it also saw the rise of ISIS and the beginning of the ongoing refugee crisis as people fled the failed states of North Africa and the Middle East. With that crisis, terrorism came back to Europe. A major feature of the new world of conflict has been intense operations in cyberspace

Products, Services, and Solutions

New BSIMM7 Findings Show Increasing Demand for Security Processes in Software Development (BusinessWire) The latest release of the Building Security In Maturity Model adds new companies and application container measurement to the Secure Security Process

Versasec and Zigg Announce Partnership (Versasec) Enterprise video content sharing service shooses Versasec solutions to secure its offerings

Independent Authority Certifies that Palo Alto Networks Traps Helps Customers Meet PCI and HIPAA Cybersecurity Requirements (PRNewswire) Organizations now can replace traditional anti-virus products and remain compliant

Zimperium Boosts Visibility into Mobile Threat Detection and Remediation Landscape With New Product Features (PRNewswire) 3.1 Mobile Threat Protection Suite delivers advanced app analysis through OEM partnership with Mi3 Security

Brave browser starts paying Bitcoins to adblocked sites (Naked Security) Brave, the browser launched in April with the idea of paying Bitcoin to users who agree to view “clean” ads or paying sites in exchange for having their ads blocked, was scheduled to make its first payments to sites on Saturday

IoT Blockchain Security from Intrinsic-ID and Guardtime (AllCoinsNews) Guardtime, platform for ensuring the integrity of data and systems, and embedded authentication company Intrinsic-ID have announced they are to co-operate to deliver customer solutions combining Intrinsic-ID’s SRAM Physical Unclonable Functions (PUFs) and Guardtime’s Keyless Signature Infrastructure (KSI) blockchain technology, providing scalable security and governance for the Internet of Things

Juniper Networks extends software-defined secure networks (Voice and Data) Today, Juniper Networks has announced security portfolio enhancements that extend threat prevention deeper into the network – down to the switch level

KPMG And CyberArk Join Forces To Help Clients Bolster Cyber Security Strategies (PRNewswire) Alliance will help reduce the attack surface through implementing advanced privileged account security solutions and leading practices

Hackpool : A new strategic resource pool for security engineers, hackers, pentesters and military strategists (Bitcoinist) A team of global security engineers based in more than 9 countries across five continents recently got together to form a powerful global capability network known as Hackpool

Linux File Encryption Made Safe and Easy with BestCrypt by Jetico (BusinessWire) Keyfile support for Linux to encrypt files in Jetico’s TrueCrypt alternative

Integration of Lookout Mobile Endpoint Security with Microsoft EMS now generally available (MS Power User) ack in June, Lookout announced their partnership with Microsoft that will integrate Lookout Mobile Threat Protection with the Microsoft Enterprise Mobility + Security suite

BAE releases online cyber-risk tool assessor (SC Magazine) A new online cyber-risk tool has been produced to allow organisations to assess their cyber-security strengths and weaknesses

Booz Allen, Phantom Partner to Develop Security Automation, Orchestration Tools (ExecutiveBiz) Booz Allen Hamilton and Phantom have forged a strategic alliance that seeks to combine the former’s cyber intelligence expertise with the latter’s security automation and orchestration technology in a push to help increase the resilience of enterprise systems against threats

A hardware firewall is the answer for secure SME Internet access (ITWire) Many businesses are dependent on fast, reliable, and secure Internet connectivity, but are struggling to find network security solutions that can keep up with their ever-growing needs. A hardware firewall appliance may be the answer

Lance Crosby’s Security as a Service Startup StackPath Launches CDN Service (WHIR) Security-as-a-Service startup StackPath announced Tuesday that it has released its global security platform to general availability, and launched its Secure Content Delivery Network as its first service. StackPatch Secure CDN simplifies delivery of secure web applications for developers, according to the announcement

Technologies, Techniques, and Standards

How to close your Yahoo account (Help Net Security) In light of the recent massive Yahoo breach an the fact that Yahoo scanned incoming emails on behalf of US intelligence, many are opting to close their accounts to protect their privacy

Cultivating a culture of information security (Information Age) In an IT landscape increasingly vulnerable to cyber threats, organisations need to think about information security as an element that enables business and facilitates increased competitive advantage

The cybersecurity culture club (Computing) Why a culture of cybersecurity will help protect your business, but not overnight

War stories: the vulnerability scanning argument (CSO) Over the last couple of decades I have had all sort of different jobs. I have to count myself as rather fortunate for the experiences I have had along the way. They really went a long way to teach me some valuable lessons. Also, in some cases, they taught me how to hold my tongue

Early warning: Actionable intelligence (SC Magazine) Like a canary in a coal mine, automated threat intelligence can sound early warnings of toxic threats to the network, reports Steve Zurier

4 easy ways to be more mindful online (Naked Security) Get back your mojo and fight off the FOMO with our four easy tips for lowering your stress online

When smart goes bad: Why internet security does not just refer to computers (JDSupra) A growing trend in the consumer electronics industry is the use of so-called “smart” devices — electronics that use wi-fi connections to allow them to be controlled remotely over the internet. From smart thermostats that can be adjusted and set remotely to toasters and coffee makers that can be programmed to operate at specific times on specific days, smart devices are fast becoming a part of all of our lives

How to vet your financial advisor's cybersecurity savvy (CNBC) You might trust your financial advisor with your money, but what about your personal information? A breach of the latter can be damaging for your financial future

Marketplace

Cyber Insurance creates a safety net for companies (Economic Times) As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives

MSSPs challenged to use machine learning to solve IoT 'noise problem' - Herjavec (Channelnomics) Herjavec Group CTO discusses MSSP's big data challenges

Akamai buys Soha Systems to add more security to its cloud networking business (TechCrunch) Consolidation continues to work its way through the world of enterprise startups. Today Akamai announced that it has acquired Soha Systems in an all-cash deal. Soha provides enterprise secure access as a service

Report: Carbon Black Files Confidential IPO Registration (Seeking Alpha) Security firm Carbon Black may be prepping for an IPO. Revenues are unknown, but based on CEO comments and my estimate, may reach $100 million in 2016. The company is growing quickly in the endpoint security market

Shape Security looks to Asia after HPE Pathfinder $40M Series D funding (Security Brief) Shape Security has not only secured $40 million in Series D funding through Hewlett Packard Pathfinder, but it’s also focusing on the APAC market

Proofpoint Is a 'Leading' Cloud Security Name, But Valuation Is Premium (Benzinga) While Proofpoint Inc PFPT is likely in “the early stages of its growth opportunity,” the stock does not fully reflect macro risks, DA Davidson’s Jack Andrews said in a report. He initiated coverage of the company with a Neutral rating and a price target of $80

Cisco May Benefit From Rising Cybersecurity Threats, Russian Hacking (The Street) Law enforcement and Congressional leaders strongly suspect that Russia is behind a number of the latest attacks, including a data breach at Yahoo

DarkMatter Picked to Participate in Dubai Future Accelerators, the World's Largest Government-supported Technology Incubator (PRNewswire) DarkMatter was selected from over 2,200 applicants and will assist Dubai Police in the utilisation of big data analytics to help fight crime

Raytheon’s Dave Wajsgras: ‘Collective Effort’ Needed to Address Cyber Workforce, Other Challenges (ExecutiveBiz) Dave Wajsgras, president of Raytheon‘s intelligence business segment, has said the U.S. needs what he describes as a “proactive and collective effort” to address future cybersecurity needs

Here's Where Microsoft Opened a Cybersecurity and 'Transparency' Outpost (Fortune) The new center follows recent plans to open a similar office in Beijing

ClearShark Named To Inc. 5000 List Of America’s Fastest-Growing Private Companies For Third Year In A Row (Baltimore City Biz List) Cybersecurity firm experienced 145 percent growth over three years

16 Innovative Cybersecurity Technologies Of 2016 (Dark Reading) This year's SINET 16 Innovators were chosen from 82 applicants representing nine countries

Security Patches, Mitigations, and Software Updates

Facebook Messenger end-to-end encryption rolled out for all users (Help Net Security) Facebook Messenger’s Secret Conversations feature, which allows end-to-end encryption of messages exchanged by two users that have enabled the option, has finally been rolled out to all Messenger users

'Google Magic' top feature of Pixel phone, per Verizon leak (C|Net) Verizon has accidentally released details of the new Google Pixel phones which will include something called Google Magic

Apple to “do a Windows 10” by pushing out macOS automatically (Naked Security) According to all-things-Apple commentator Jim Dalrymple, the Cupertino company is about to follow in Microsoft’s footsteps

Verizon workers can now be fired if they fix copper phone lines (Ars Technica) Techs must try to replace broken copper lines with wireless, Verizon memo says

Cyber Attacks, Threats, and Vulnerabilities

Guccifer 2.0 Claims To Have Hacked Clinton Foundation (Daily Caller) The hacker known as Guccifer 2.0 claims to have hacked into the Clinton Foundation’s computer servers. A review of the newly released documents, however, reveals no information about the Clinton Foundation

Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation (Ars Technica) Files appear to be from Democratic Congressional Campaign Committee and DNC hacks

Guccifer 2.0 Hacked Clinton Foundation (Guccifer 2.0) Many of you have been waiting for this, some even asked me to do it

‘Guccifer 2.0’ Is Bullshitting Us About His Alleged Clinton Foundation Hack (Motherboard) On the day many expected WikiLeaks to dump incendiary documents about Democratic presidential nominee Hillary Clinton, the hacker known as ‘Guccifer 2.0’ stole the show, claiming to have hacked the Clinton Foundation

Pro-ISIS Jihadists Dabble in Encryption, Prove Under-Sophisticated (Flashpoint) Jihadi actors have been experimenting with encrypted communication technologies since as early as 2008. Through the development of proprietary encrypted communication tools and the growing adoption of various cyber technologies, these actors have demonstrated an increased interest in obfuscating their digital fingerprints

WikiLeaks plans to dump more sensitive files on US election (CSO) WikiLeaks will publish the documents 'every week for the next 10 weeks'

Investigation Into the Downing of Malaysian MH17 and Potential Cyber Connections (Wapack Labs) Newly published findings by the Joint Investigative Team (JIT: includes members from Australia, Belgium, Malaysia, the Netherlands and Ukraine) shows that Russian BUK SAM shot down Malaysian MH17 in 2014

Hacked voter registration systems: a recipe for election chaos (CSO) Hacking a voter registration system could deny voters their ballots

3 nightmare election hack scenarios (CSO) Hackers could target e-voting machines' software update systems or simply try to delegitimatize the election

How To Hack An Election Machine And How Partners Can Help Stop It (CRN) With the election coming in 35 days, one critical question emerges: How secure are new electronic voting systems?

5 ways to improve voting security in the US (CSO) Voting officials can pump up their audits and hire white-hat hackers

IoT Botnets Are The New Normal of DDoS Attacks (Threatpost) If you’ve been on the wrong end of what passes for a modern-day DDoS attack, you’re well familiar with the firepower of the almighty DVR. That’s right, the innocuous set-top box responsible for the posterity of your Game of Thrones seasons 1-6 is behind some of the biggest swarming attacks against networks worldwide

Online Gambling Industry Recoils at Mirai DDoS Attack Threat (Casino.org) Mirai, the and most powerful Distributed Denial of Service (DDoS) attack ever registered, was publicly posted online on Friday, prompting fears within the online gambling community that hackers have a potent new tool to hold them to ransom. The coding for the malware was published anonymously on hacking community website HackForums

Homeland Security Warns Certain Huawei Devices Vulnerable To DDoS (Übergizmo) If there is a reason to stay up to date with the latest software updates and patches, it would be for security

Relentless DDoS Attack Incidents Raise Alarm For Businesses (Dark Reading) Threat actors increasingly using DDoS tactics as a smokescreen to hide other malicious activity, Neustar report shows

Warning! Just Opening A JPEG 2000 Image File Can Get You Hacked (Fossbytes) Security researchers at Talos have discovered zero-day vulnerability in JPEG 2000 image file format. A specially crafted JPEG 2000 file can trigger a massive read and write of adjacent heap area memory, causing a code execution possibility

Security company finds five “zero-day” flaws in EMC management console (Ars Technica) Unisphere for VMAX used insecured Flash-to-Java interfaces, leaving door open to attacks

Multi-Purpose “Floki Bot” Emerges as New Malware Kit (Flashpoint) Actor “flokibot” advertised their new malware kit, similarly named “Floki Bot,” on a top-tier underground forum on September 16, 2016.  “Floki Bot” draws from the source code of the ZeuS 2.0.8.9 Trojan but reinvents the dropper process injection.  The new feature of this malware kit appears to be a dump grabber, which, according to the actor, makes Floki Bot the weapon of choice for targeting point of sale (PoS) terminals.  This malware kit, offered for $1,000 USD, may gain some traction among financially-motivated cybercriminals on a top-tier underground forum

Johnson and Johnson admits insulin pump known to be vulnerable to cyber-attack (Engineering & Technology) An insulin pump produced by Johnson & Johnson (J&J) has been found to be vulnerable to cyber-attack due to a recently discovered security vulnerability that could allow a hacker to overdose diabetic patients

Database containing info of 1.5 million online daters found leaking (Help Net Security) Sensitive personal information of some 1.5 million users of several dating/cheating websites and apps has been found to be accessible via the Internet. This information includes the users’ username, (plaintext) password, email address, gender, date of birth, country of residence and photos, as well as sexual preferences

Academia

Internet security breaches lead IU to introduce new system (Indiana Daily Student) New internet safety measures have been taken to ensure IU accounts are secure from phishing

Litigation, Investigation, and Enforcement

Signal messaging app turns over minimal data in first subpoena (Reuters) Open Whisper Systems, the developer of encrypted messaging app Signal, received a subpoena earlier this year requesting user information but was only able to supply the duration of a user's membership, according to court documents unsealed last week. An assistant attorney in the U.S. state of Virginia requested email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, the redacted documents showed

Feds get sweet FA from Whisper Systems Signal subpoena (Register) That's why it's called secure and private

FBI agreed to destroy laptops of Clinton aides with immunity deal, lawmaker says (Fox News) Immunity deals for two top Hillary Clinton aides included a side arrangement obliging the FBI to destroy their laptops after reviewing the devices, House Judiciary Committee sources told Fox News on Monday

Inspector general: DHS makes strides under cyber law, falls short on contractor data security (Inside Cybersecurity) The Department of Homeland Security's inspector general's office has determined that DHS has “taken a number of steps” to implement cybersecurity controls across the agency under the Cybersecurity Act of 2015, but could benefit from additional capabilities and policies to assure contractors' data security

Why the older generation is an attractive target for cybercriminals (Help Net Security) People aged 55 and over are behaving insecurely online and often become the victim of fraud, according to Kaspersky Lab and B2B International

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

upcoming Events

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference will build on last year's success with a particular focus on the domestic and international legal frameworks and challenges to confronting the growing cyber threats in the gray zone short of armed conflict and employing cyber capabilities as part of broader deterrence strategies. The first two days of the conference will be held at the Acquisition Research Center, Hannover, MD, and will be conducted at the Unclassified level. The third and fourth days of the conference will be held at the classified level on Fort Meade, Maryland. The conference will be closed to the media and conducted under Chatham House rules.

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats and secure America's future. The event, comprised of interviews and live demonstrations, will focus on critical issues such as the next wave of cyberattacks and their perpetrators, countermeasures, privacy and security, public-private cooperation and information sharing, and the latest trends in technology, among others.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate their adversaries. We invite Recorded Future customers, partners, and threat intelligence enthusiasts to join us at RFUN 2016.

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that unite players from research labs, automakers, tier 1’s and the complete supply chain to plan for a secure future.

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels, and a number of deep-dive breakout sessions. The opening day of the conference, October 11, will tackle strategies for addressing cyber intelligence, next-generation cyber operations, and insider threats. Hosted at the Grand Hyatt Washington, attendees will be able to explore the avenues of cyber workforce development and training issues impacting tomorrow’s evolving threat environment. The half-day conference on October 12 is strictly for Sensitive Compartmented Information (SCI) clearance holders and will be hosted at the General Dynamics Information Technology facility in Alexandria, Virginia

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s Favorite Hacker, Former DHS NCSD Director of Software Assurance, and Assistant Professor & Cryptographer—who are challenging traditions. You’ll be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle your challenges in innovative ways.

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the Summit is an opportunity for board chairs and chief executives to discuss how New Zealand should tackle the threat of cybercrime, and improve our resilience and security. Chief executives, board chairs and leaders from across the public and private sectors have been invited to join the Minister for Communications at this high level event.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

CyberTini at CyberMaryland (Baltimore, Maryland, USA, October 19, 2016) The bwtech@UMBC Cyber Incubator will be hosting a CyberTini as the official opening event of the CyberMaryland Conference on the evening of October 19, 2016 at the Columbus Center in Baltimore’s Inner Harbor. The Columbus Center is just a few blocks from the Baltimore Hilton Hotel where the CyberMaryland Conference is taking place, and attendance at the CyberTini is estimated to be 250 or more. The event will begin at 5pm the night before the CyberMaryland Conference and will run until approximately 7:30pm.

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.