The CyberWire Daily Briefing 10.17.16

Summary

By The CyberWire Staff

Indian cross-border strikes against Pakistani sites allegedly implicated in terrorist attacks within India appear to have prompted a phishing campaign from Pakistan against Indian Army targets.

WikiLeaks continues to harry the campaign of former Secretary of State Clinton. The campaign says the leaks were achieved by hacking, which the campaign is comparing to the 1972 Watergate break-in. The FBI is said to be investigating, but won't say much about the latest Podesta leaks beyond, yes, we're investigating things. Russian intelligence services are generally suspected. Buzz Feed has a profile of Fancy Bear, with an interesting rundown on the GRU unit's long history of cyber operations against non-US targets.

Sierra Wireless warns that cellular gear has been roped into the Mirai Internet-of-things DDoS botnet. Another IoT threat—"Luabot"—has also appeared.

A curious new strain of ransomware—"Exotic," you can recognize it by the Hitler imagery it uses—isn't actually a threat, yet, according to its discoverers at MalwareHunterTeam. Exotic's developer, "EvilTwin," seems more interested in cozying up to security researchers than in effective cybercrime, thanking them for their feedback and sharing screenshots.

More dangerous is CryPy, which, according to Kaspersky, encrypts individual files each with their own key.

The authors of Dyre (quiescent since last November) are working on a new banking Trojan, "Trickbot," which Fidelis reports has surfaced in Australia and Canada.

ISIS messaging is being challenged to explain the loss of Dabiq, which ISIS had prophesied would be the site of the final victorious battle against the kufar.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, European Union, Georgia, Germany, India, Iraq, Ireland, Pakistan, Poland, Russia, Syria, Thailand, Ukraine, United Kingdom, and United States.

A note to our readers: This afternoon we'll be at Jailbreak in Laurel, Maryland, for Novetta's seminar on blockchain technology. We'll have a report later this week.

And, we're now into the third week of National Cyber Security Awareness Month. This week's theme is "Recognizing and Combating Cyber Crime."

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partner Malek Ben Salem, of Accenture Technology Labs, discusses semantic technology for security analytics. If you enjoy the podcast, please consider giving it an iTunes review.

Selected Reading

Cyber Trends

UK banks under constant cyber-attack but don't report incidents (Engineering & Technology) The number of cyber-attacks on British banks is on the rise, but financial institutions are avoiding reporting incidents to authorities as they fear punishment, researchers have claimed

There is lack of education on cyber security issues in India: Akamai's Sudeep Charles (Economic Times) In an interview with ETtech, Sudeep Charles, Product Marketing Manager, Security, Akamai Technologies brings light on the Cyber security issues that India faces, Akamai’s cloud security strategy and the evolution of botnets

Cyber-security experts, hackers seen clashing for self-driving cars’ control (Business Mirror) Self-driving cars are creating a new front upon which cyber-security professionals and hackers are bound to battle in the coming years

Malwarebytes Thinks Potentially Unwanted Programs Are Malware (Security Intelligence) Manufacturers have long used and abused bundling software to collect placement fees from software marketers

Legislation, Policy and Regulation

After blaming Russia for DNC hack, Obama weighs response (Christian Science Monitor Passcode) The Obama administration is planning to respond to Russia's suspected cyberattacks on US political organizations. What are its options?

Biden Hints at U.S. Response to Russia for Cyberattacks (New York Times) Since the Obama administration formally accused Russia about a week ago of trying to interfere in the election, there has been intense speculation about whether President Obama has ordered the National Security Agency to conduct a retaliatory cyberstrike

Sanction Russia for its alarming cyberattack on democracy (Minneapolis Star-Tribune) Regardless of party affiliation, Americans should condemn hacking

CIA Prepping for Possible Cyber Strike Against Russia (NBC News) The Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election, U.S. intelligence officials told NBC News

Trump underestimates the Russian cyber threat (The Hill) During the second presidential debate, Republican nominee Donald Trump hinted that perhaps we did not know if the Russians hacked the 2016 Democratic National Convention emails. He even explicitly said that "maybe there is no hacking"

U.S. responds to breaches with new IT security rules (Defense Systems) Responding to a series of massive breaches of government IT systems, U.S. cyber and acquisition officials are moving to tighten security standards for protecting "controlled unclassified information" that is processed, stored or transmitted on military contractors' IT platforms

New commander takes lead at Army Cyber Command (Army Times) Lt. Gen. Paul Nakasone took command Friday of U.S. Army Cyber Command and Second Army at a time when the Army’s newest command is at the forefront of the nation’s effort to prevent a “cyber Pearl Harbor”

What's up with the Army's Guard and Reserve cyber forces (C4ISRNET) While the Army is continue to build out its cyber forces and bolster cyber capabilities, the Guard and Reserve component will also play a large role

Products, Services, and Solutions

Microsoft: 'Apple can no more secure your iPhone than Google can secure Android' (ZDNet) Given the recent discovery of the Trident malware for iPhones, Microsoft thinks it's time businesses rethought their unwavering trust in iOS as a controlled ecosystem

Brian Krebs and Akamai: A lesson in reputational harm and a win for Google's Project Shield (CSO) Top cybersecurity blogger Brian Krebs is abandoned by Akamai, and protected by Google

VIPRE® Adds macOS Sierra Support to its Top-Rated Endpoint Security Solutions for Businesses (ThreatTrack) VIPRE helps secure businesses with Mac malware protection

Nok Nok adds a risk engine for FIDO driven authentication (Infosecurity Magazine) In February 2014, Quocirca reviewed the FIDO (Fast IDentity Online) standard for authenticating consumers to web service providers

Lexumo Analytics Platform Alerts Customers to Vulnerability Discovered by Akamai in 2 Million IoT Devices (PRNewswire) Cybercriminals exploiting SSHowDowN vulnerability to mount massive coordinated attacks

Metasploit eyeing Linux and usability improvements; iOS support uncertain (TechRepublic) Metasploit owner Rapid7 is working on making its penetration testing software easier to use, more welcoming for Linux-based techniques, and a better partner to network security controls

Released: 1Password Teams for Windows (Help Net Security) AgileBits, the company behind popular password manager 1Password, has finally released 1Password Teams for Windows (6.0)

Technologies, Techniques, and Standards

Some Basic Security Tips for the Clinton Campaign (and Anyone Else) (Wired) The hacks keep on coming..Since the team clearly continues to be targeted, now seems like a good time to run down some basic security hygiene

Giant cyber wargame with 'dark scenario' of power cuts, ransomware and drones reaches its climax (Terrorism Watch) More than 700 security experts from government agencies, banks, cloud companies, battle fictional cyber-foes

Cyber Europe 2016: Analyzing realistic cybersecurity incidents (Help Net Security) The European ICT Industry is one of the most advanced in the world. Making the EU’s single market fit for the digital age could contribute €415 billion per year to the economy and create hundreds of thousands of new jobs

2 Do's and 2 Don'ts of Incident Response and Anomaly Detection (eSecurity Planet) Anomaly detection is growing in popularity as organizations get proactive about incident response. These practices help you get the most out of anomaly detection

How to implement an EFSS ransomware recovery plan (Help Net Security) Ransomware attacks are at an all-time high, and security experts warn it has become a matter of “when” not “if” your company will be breached. The number of victims has grown exponentially in 2016, spanning large enterprises to small businesses, across industries

Quickly audit and adjust SSH server configurations with SSH-audit (Help Net Security) SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available

Spying is the new hacking: Here's how to fight back (ZDNet) How can businesses defend themselves from hackers using traditional espionage techniques?

Five 'Inefficient' Ways to Block Malicious Bots Targeting Your Website (Shield Square) Within the past decade, digital transformation has truly revolutionized the way we live and do businesses

IT Security Certifications: Which Ones Matter? (Go Certify) In a fascinating story for NetworkWorld, Senior Principal Analyst for the Enterprise Strategy Group Jon Oltsik distills the results of a recent annual research report titled The State of Cyber Security Professional Careers

Lab test reveals 10x productivity gain from real-time threat intelligence for SIEMs (Graham Cluley) Make sure to download your free copy of the industry's first lab test measuring productivity gains from threat intelligence

Marketplace

Yahoo scraps earnings call amid Verizon deal drama (CNN Money) Investors will have to wait a little longer to see Yahoo execs grilled over the Verizon acquisition drama

The DMV’s cyber community is steadily attracting more interest from venture capitalists (Washington Post) D.C. has always been dwarfed by rival technology hubs when it comes to investment dollars, a shortcoming that has caused the region to lose some of its fastest-growing companies

UBS: Cybersecurity Heyday Is Over (PANW, SYMC) (Investopedia) While the threat of cybercrime continues to compel a growing number of organizations across industries worldwide to invest in cybersecurity, cyber stocks aren’t receiving the same frenzy from investors as a few years back

The Shady Patches With Fortinet (Seeking Alpha) Security spending is becoming less of a priority. Most security companies won’t realize stable earnings as the cyber security industry is shifting from a growth to a maturity phase. Fortinet will require a longer time to actualize its potentials as a long-term value play

Gigamon: New Cybersecurity Winner? (Investopedia) Network visibility and security provider Gigamon Inc. (GIMO) is predicted to win a larger market share in its niche of cybersecurity offerings. Analysts at Merrill Lynch have upgraded Gigamon stock to a buy in light of views that the company will outperform consensus estimates throughout 2018

Slow & Steady for Check Point Software (Gurua Focus) Check Point Software is transitioning itself from tech high-flyer to tech aristocrat, providing an opportunity for investors who want a predictable technology company

Symantec ready for market dominance following Blue Coat acquisition (CIO Dive) Symantec CEO Greg Clark said his company is ready for a comeback now that it’s completed its purchase of Blue Coat Systems

Security boom seen (Nation) Business opportunities regarding cybersecurity in Thailand are set to grow significantly in the coming years as the country speeds up the implementation of its “digital economy and society” initiatives

Irish log-in for Hillary’s cyber-team (Sunday Times) The cyber-security firm that fingered Russian hackers for breaches at the US Democratic National Convention is set for a move to Ireland

Research and Development

New cybersecurity lab examines 'computational FPSO' (Offshore) Until a few years ago, many offshore assets were able to operate their entire working lives using only the safety features that were installed during construction. But times are changing

A cryptography-based approach for movement decoding (BioRxIV) Brain decoders use neural recordings to infer a user's activity or intent. To train a decoder, we generally need infer the variables of interest (covariates) using simultaneously measured neural activity

Security Patches, Mitigations, and Software Updates

Plone CMS 4.3.11 And 5.0.6 Multiple Vulnerabilities (IEDB) Plone is a free and open source content management system built on top of the Zope application server

Cisco patches critical authentication flaw in conferencing servers (Computerworld) Hackers could exploit the issue to masquerade as legitimate users

IBM: Yes, it's true. We leaned on researchers to censor exploit info (Register) Big Blue says this isn't normal practice as infosec bods take down proof-of-concept code

You should update Adobe Flash Player and Acrobat reader now (USB Port) Adobe Systems Incorporated (NASDAQ: ADBE) has made several security fixes to Flash Player, Acrobat Reader, and Creative Cloud. The October patch addressed 84 vulnerabilities found in the company’s trio of products

Cyber Attacks, Threats, and Vulnerabilities

Pakistan launches sneaky cyber attack on Indian Army (New Indian Express) India’s cross-border surgical strikes involved real men and real bullets. In a counter- offensive, Pakistan is using computers and virus-laden emails to ‘attack’ the Indian Army. Launching a cyber war

ISIS suffers major symbolic defeat with loss of Dabiq (Christian Science Monitor) The Islamic State has lost the Syrian city of Dabiq, a central part of its claim to be the bringers of an apocalyptic battle with the West

The Battle of Dabiq: Will ISIS Sell Out the Apocalypse? (Strategy Page) The looming battle for the small Syrian town of Dabiq presents Islamic State commanders with a well-deserved dilemma

Meet Fancy Bear (Buzz Feed) For the first time in history, Washington has accused a foreign government of trying to influence the US election. Sheera Frenkel investigates the Russian group accused of hacking the US election — and finds they’ve been practicing for this moment for a long time

WIKILEAKS: Clinton Sent Intelligence Info To Podesta’s Hacked Email Account (Daily Caller) Democratic presidential nominee Hillary Clinton sent a lengthy Middle East intelligence breakdown in an email to longtime ally and lobbyist John Podesta while he was working in the White House

FBI (re)issues statement on Podesta hack (Politico) The FBI is reacting to the hacking of Hillary Clinton campaign chair John Podesta's emails by re-issuing a broadly-worded statement about cyber threats to those active in American politics

Republicans hacked, skimmed NRSC donations sent to Russian domain (CSO) Hundreds, if not thousands of donations made to the NRSC this year were likely compromised

Clinton camp to compare email hacks to Watergate (The Hill) Hillary Clinton's campaign is reportedly set to compare the recent hack of her campaign chairman's emails to the Watergate scandal that brought down Richard Nixon

Hacking Voting Systems: A Reality Check (Dark Reading) Can democracy be hacked? Yes, but not in the way you might think

Election Hackers Could Erase You (Daily Beast) Cyber intruders could manipulate voter registration files and wreak havoc on Election Day. The FBI, Homeland Security, and states are preparing to keep the worst from happening

Beware of all-powerful DDoS malware infecting cellular gateways, feds warn (Ars Technica) Sierra Wireless confirms that devices it manufactures were infected by Mirai

Sierra Wireless Warns Cellular Data Gear Targeted by Mirai Malware (Threatpost) Sierra Wireless is warning customers to change default factory credentials on its AireLink gatway communications gear or risk being infected by Mirai malware

Exotic Ransomware Author Tries to be Friends with Security Researchers (Softpedia) Ransomware author is more interested in making friends rather than writing a professional ransomware

CryPy Ransomware Encrypts Each File Individually with a Special Key (HackRead) New ransomware CryPy can encrypt each file individually with a special key — the C&C of this ransomware is hosted on a hacked Israeli server

Dyre Authors Apparently Working on New Banking Trojan (Security Week) At least one of the individuals involved in the development of the notorious Dyre (Dyreza) banking Trojan has apparently started working on a new piece of malware dubbed “TrickBot”

StrongPity malware corrupts legit WinRaR, TrueCrypt installers (Windows Report) Kaspersky Lab’s security team stumbled across a newly discovered malware called StrongPity that allegedly corrupts legitimate WinRAR and TrueCrypt files

Malware Targeting Cable Modems (Security Zap) LuaBot – a malware targeting Linux platforms was quite active in last few months is trying to spread its wings transcending multiple attack vectors. It potentially also targets IoT devices and web servers turning these infected systems into bots within a larger botnet controlled by a perpetrator

New Acecard trojan malware asks victims to pose for selfies with their ID cards (Silicon Angle) A new variant of the Acecard trojan malware for Android has been discovered that asks gullible Android users to pose for selfies with their ID cards

Ghost Push Trojan Flourishing Via Malicious Links (Threatpost) Cheetah Mobile says the scourge of Ghost Push malware is still taking its toll on Android devices nearly two years after making its debut. Now the research firm is trying to track down how Ghost Push and other Trojans have remained so prolific despite mitigation efforts

Cyber Attack On Major Airlines? (Information Security Buzz) Following the news that fears of a campaign of cyber attacks on leading airlines have grown after a “systems issue” delayed dozens of United Airlines flights worldwide, Mark James, security specialist at ESET commented below

Self-Checkout Skimmers Go Bluetooth (KrebsOnSecurity) This blog has featured several stories about payment card skimming devices designed to be placed over top of credit card terminals in self-checkout lanes at grocery stores and other retailers

Cards at Risk as Online Skimming Jumps 69% (Infosecurity Magazine) Security researchers are warning that the number of e-commerce stores infected with credit card stealing malware has risen 69% over the past year, with many site owners failing to take action

Top 5 hacks you may have missed amid the Yahoo breach buzz (International Business Times) Find out the news about the hacked nuclear plant, Turkey's block on Google, undisclosed zero-days and more

Academia

Scottish exam authority admits 'typographical and coding errors' in computer science test (Computing) GCSE-equivalent paper contained “a number” of badly-worded questions as well as wrong information

Litigation, Investigation, and Enforcement

Court Finds UK Spies Unlawfully Collected Bulk Data for Over a Decade (Motherboard) The UK government used its bulk collection powers, including sweeping up details on ordinary citizens’ internet usage, illegally for over a decade, according to privacy campaigners

US lawmakers want answers on Yahoo email surveillance (CSO) Group of 48 lawmakers asks for a briefing on the program from the DOJ and ODNI

Internet providers claim cyber attack, to meet senior cop (The Hindu) Internet service providers (ISPs), mainly from Mumbai and Pune, claimed they are being targeted in a distributed denial of service (DDoS) attack for the second time in the last three months

FTC: Beware of Ransomware (Lexology) Earlier this month the Federal Trade Commission ("FTC") held a workshop on ransomware, and will soon release guidance to businesses on how to mitigate the risk of a ransomware attack

The Privacy Protectors Won't Shut Up (Inverse) Activists are calling a legal victory for Open Whisper Systems, creators of the Signal messaging app, a win for all

Is Silicon Valley losing the fight over user data? (Christian Science Monitor Passcode) News that Yahoo and Apple collect information that can assist with government surveillance highlights a privacy tug-of-war between tech firms and law enforcement

A New Spy Scandal Exposes the Corruption of Privatized Intelligence (Nation) “This is corporate malfeasance and a direct threat to national security”

Rights Groups Want Snowden Pardoned. Are They Kidding? (Homeland Security Today) The American Civil Liberties Union (ACLU), Amnesty International and Human Rights Watch announced a campaign to pardon Edward Snowden and “make the case that Snowden’s act of whistleblowing benefited the United States and enriched democratic debate worldwide”

Palantir says government job bias suit was based on faulty analysis (Silicon Valley Business Journal) Palantir Technologies filed a response on Friday to a government job discrimination bias lawsuit, calling the analysis by the U.S. Labor Department as faulty

Trend Micro’s Latest Legal Victory is a Win for the Real Innovators (Trend Micro SImply Security) At Trend Micro we’ve been protecting businesses, consumers and governments from cyber threats for more than 27 years now

New FBI files contain allegations of 'quid pro quo' in Clinton's emails (Fox News) FBI interview summaries and notes, provided late Friday to the House Government Oversight and Intelligence Committees, contain allegations of a "quid pro quo" between a senior State Department executive and FBI agents during the Hillary Clinton email investigation, two congressional sources told Fox News

Clinton Emails: Comey Lied And The Scandal Died (Investor's Business Daily) Corruption: When FBI Director James Comey dismissed the case against Hillary Clinton he said it was because no reasonable attorney would take the case. Now we learn that there were plenty who would have done so

Cybercriminals Get Another Good Reason to Avoid California (Bloomberg BNA) California unveiled yet another cybersecurity law enforcement tool with the Oct. 11 announcement of Fresno, California’s new California Cyber Crime Center (C4)

Design and Innovation

Move Over, Sherlock: Watson, Other AI Sicced on Cybercrooks (American Banker) As banks look for places to save time and effort by deploying artificial intelligence software, one logical place is cybercrime and fraud investigations

Will Quantum Computers Spell the Doom of Bitcoin? (Bitcoin News Service) The development of quantum computers may spell the doom of Bitcoin

How physical attributes are becoming security tokens (C4ISRNET) Col. Donald Hurst, project manager of Defense Department Biometrics in the Program Executive Office for Intelligence, Electronic Warfare and Sensors (PEO IEW&S), is taking biometrics to a new level

Democracy for the Internet of Things (Help Net Security) In the past I’ve written a number of times on the way that the IoT potentially changes the relationship between governments and their constituents – and a profound change that will be

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Tech Talk: Blockchain & Bitcoin (Laurel, Maryland, USA, October 17, 2016) Join Novetta and Chainanalysis at Jailbreak Brewery to learn about Bitcoin, a digital currency, and Blockchain, the technology that makes it all work. Rub elbows with like-minded techies and enjoy ice cold beer - Don’t miss out.

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust insider threat program. Insider Threat Defense has trained over 350+ organizations and has become the "leader-go to company" for insider threat program development training.

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE Corporation, Tampa Bay Innovation Center, Florida Chamber Foundation and the Florida Suncoast AFIO Chapter is proud to present this important event. In addition to attending the Cybersecurity Conference, you're also invited to register for the Golf Outing and Barbecue Dinner at the MacDill AFB Bay Palms Golf Complex on Monday afternoon. The event will include the sixth annual MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

CyberTini at CyberMaryland (Baltimore, Maryland, USA, October 19, 2016) The bwtech@UMBC Cyber Incubator will be hosting a CyberTini as the official opening event of the CyberMaryland Conference on the evening of October 19, 2016 at the Columbus Center in Baltimore’s Inner Harbor. The Columbus Center is just a few blocks from the Baltimore Hilton Hotel where the CyberMaryland Conference is taking place, and attendance at the CyberTini is estimated to be 250 or more. The event will begin at 5pm the night before the CyberMaryland Conference and will run until approximately 7:30pm.

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

18th Annual AT&T Cybersecurity Conference (New York, New York, USA, October 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Pakistan phishes Indian Army. US election hacks continue: Republicans hit, Clinton blames GOP, US investigates and mulls response. New ransomware strains. More IoT botnet infestations. ISIS struggles to explain loss of Dabiq.