The CyberWire Daily Briefing 10.20.16

Summary

By The CyberWire Staff

News that Czech authorities arrested a Russian national on charges related to hacking US targets was widely but incorrectly seen as marking the opening shot in the much-anticipated American response to Russia's recent cyber offensive. In fact the crimes alleged in the arrest have to do with 2012's LinkedIn hack. Credentials stolen in that incident could have been used in subsequent compromises, but that remains a matter of speculation. In any case, the gentleman now facing extradition proceedings in a Prague court isn't exactly Fancy Bear.

Observers think some set of stiff sanctions the likeliest form of US response to Russian election hacking. That hacking is thought unlikely in the extreme to directly control results of voting in November—the voting system is too disparate to make this likely—but analysts see two potential problem areas: disruptive "chaos" on Election Day itself (possibly produced by affecting the AP's poll-tracking and result projection service) and a general erosion of citizens' confidence in the US political system.

Ransomware and IoT botnet-driven DDoS remain the most widespread forms of cybercrime globally. (BankInfo Security's scorecard shows more than 200 ransomware strains now in circulation.) Standards bodies and regulators are working to evolve modes of defense and design, with US financial regulators in particular are promising new guidelines. The proliferation of Mirai source code continues to drive formation of Internet-of-things botnets. KrebsOnSecurity is tracking some firms it believes occupy some demi-monde between legitimate domain registrars and DDoS enablers.

Verizon's acquisition of Yahoo! remains in doubt.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Belgium, Canada, Czech Republic, European Union, France, Japan, Indonesia, Romania, Russia, Singapore, Syria, United States

A note to our readers: We are of course at CyberMaryland, meeting this year at the Hilton Baltimore, across the street from Camden Yards in Baltimore's Inner Harbor. Watch for live coverage, podcasting, and a full report in upcoming issues.

Also, it's the third week of National Cyber Security Awareness Month. This week's theme is "Recognizing and Combating Cyber Crime."

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partners from Ben Gurion University are represented by Ran Yahalom, who discusses the "Bad USB" vulnerabilities. And since we'll be podcasting from CyberMaryland, we'll be catching various experts, influencers, and passersby as our guests. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Selected Reading

Cyber Trends

Smart cities face unique and escalating cyber threats (Help Net Security) Ninety-eight percent of respondents to a survey conducted by Dimensional Research consider smart cities at risk for cyber attacks. Smart cities use IT solutions to manage a wide range of city services, including smart grids, transportation, surveillance cameras, wastewater treatment and more

Identity Theft Hits Low- To Moderate-Income Victims Hardest (Dark Reading) In addition to government assistance, ID theft victims frequently seek financial support from friends, family, and faith-based organizations, according to a study by the Identity Theft Resource Center

Most would stop using digital payments if breached (Help Net Security) 88% of respondents to a survey conducted by Wakefield Research would stop using digital payments if they personally fell victim to cybercriminal activities as a result of a data breach

Legislation, Policy and Regulation

How Should US React to Alleged Hacks by Russia? (InfoRisk Today) Range of options isn't limited to a cyber response

Sky Views: Behind the US-Russia cyberwar (Sky News) Were you surprised by the wave of cyber-attacks on Hillary Clinton's presidential campaign? Shocked, perhaps, by reports of Russian hackers worming into Democratic Party servers then handing over 20,000 emails to the folks at Wikileaks?

Putin’s Boasting Hides His Fear of Sanctions (American Interest) Russian President Vladimir Putin was in Goa, India this weekend at the annual BRICS summit, where the big announcement was that Igor Sechin’s Rosneft had bought a controlling stake (49 percent) in the Indian Essar Oil company

War Goes Viral (Atlantic) How social media is being weaponized across the world

NSA: No zero days used in last two years (C4ISRNET) It is hard to believe that not one single zero-day exploit – or a previously undisclosed vulnerability – has been used against the United States in the last 24 months, and even harder that that fact could be viewed as a negative

The US Needs One Cyber Defense Agency—Not Three, a Top NSA Official Says (Defense One) With the job divided between NSA, FBI, and DHS, 'we need to rethink how we do cyber defense as a nation'

NSA Defense Chief Imagines a Cyber Response Without Borders (NextGov) The U.S. government ought to consider forging stronger ties between agencies that manage cybersecurity, including possibly unifying their cyber defense components in a single agency, the National Security Agency's top cyber defender said today

IoT insecurity: US govt starts bashing tech bosses' heads together (Register) Everyone agrees: our group has the best solution

Regulators look to strengthen banks' cyber defenses (Federal Times) Federal regulators are looking to set up new standards for big banks' planning and testing for possible cyberattacks. The aim is to bolster the banking industry's defenses amid concern over periodic security breaches at U.S. banks

Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards (US Officer of the Comptroller of the Currency) The three federal banking regulatory agencies today approved an advance notice of proposed rulemaking (ANPR) inviting comment on a set of potential enhanced cybersecurity risk-management and resilience standards that would apply to large and interconnected entities under their supervision. The standards would apply as well to services provided by third parties to these firms

If elected, Clinton would support an “Encryption Commission” to help feds (Ars Technica) Ars examines the two leading candidates' positions on crypto and Snowden

Yahoo calls for greater transparency from intelligence services (Yahoo!) More information needed on ways US uses legal authority to obtain private data

Singapore's Cybersecurity Blueprint: Does It Come Up Short? (InfoRisk Today) Critics say plan lacks practical insights on mitigating risks

Toronto’s Public Hearing on Bill C-51 Was Utterly Demoralizing (Motherboard) On Wednesday evening, the Canadian government held a public hearing in Toronto on reforming Bill C-51, a controversial set of laws that give Canada’s police and spy agencies broad powers. It began with a lackadaisical mood

Dateline

CyberMaryland Conference kicks off Thursday (Baltimore Sun) CyberMaryland, a two-day conference that has become a staple for the state's cyber security industry, kicks off Thursday at the Baltimore Hilton Hotel

National Cyber Security Hall of Fame Announces 2016 Inductees (PRNewswire) The National Cyber Security Hall of Fame has released the names of seven visionaries who will be inducted into the Hall of Fame at a gala and inductee ceremony on Thursday, October 20, at the Hilton Baltimore in Inner Harbor Baltimore, Maryland

Products, Services, and Solutions

Easy Solutions Listed as a Representative Vendor in Gartner’s 2016 Online Fraud Protection Market Guide (BusinessWire) Report lists vendors with fraud detection capabilities used to meet evolving user needs

Oyoty is a chatbot designed to teach kids to be safe online (TechCrunch) Given there are apps for everything, it seems inevitable there will soon be bots trying to do everything, And while it remains to be seen which of these AI-powered chatbots will prove to have lasting utility, right now it’s all about the experimentation

Microsoft’s Nadella takes on privacy fears about LinkedIn, Cortana (CSO) Microsoft’s increasing role as a data aggregator gets attention at Gartner’s conference

Axis partners with technology firm to use security ratings to manage cyber-risk (Insurance Business) Axis partners with technology firm to use security ratings to manage cyber-risk Axis Capital recently announced its partnership with BitSight, a leading provider of cyber security ratings, to reduce computer related risks with the provision of the latter’s security ratings service, specifically through its professional lines division, Axis Pro

BUFFERZONE Receives Five-Star Product Review from SC Magazine's 2016 Endpoint Security Group Test (PRNewswire) BUFFERZONE scores five out of five rating, with review praising its simple deployment and effective endpoint protection approach

Who needs 84 security vendors? With new suite, Dell looks to consolidate your protection (ZDNet) Combining Dell Data Security Solutions, Mozy by Dell, RSA, and VMware AirWatch, Dell Technologies has released a new product suite focused on endpoint data security

Technologies, Techniques, and Standards

Malvertising Trends: Don’t Talk Ad Standards Without Ad Security (Dark Reading) How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly - and what online publishers and security leaders need to do about it

IoT: How Standards Would Help Security (CareersInfo Security) Wind River's Ramanna warns against treating security 'as an afterthought'

This Is Why We Still Can’t Vote Online (Motherboard) Online voting sounds like a dream: the 64 percent of citizens who own smartphones and the 84 percent of American adults with access to the internet would simply have to pull out their devices to cast a ballot. And Estonia—a northern European country bordering the Baltic Sea and the Gulf of Finland—has been voting online since 2005

The Surprising Impact the 1992 Presidential Election Had on the Modern Internet (Motherboard) The web wasn’t common in 1992, but presidential candidates notably took baby steps toward the internet that year—Ross Perot in a bigger way than most

Still More on Loud Cyber Weapons (Lawfare) In my first post on this subject, I quoted a news story in fedscoop saying that "The development of “loud” offensive cyber tools, [that could be definitively traced to the United States and thus] able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past." I then asked why such tools were needed, when one could accomplish the same thing by a phone call to the government of the target that described something that only the true attacker would know

Agent of Influence 2.0 (Medium) An agent of influence is a particular type of agent used by an agency to deliver information (or a narrative) they hope will sway public opinion. There are three types of agent of influence

The realities of WiFi troubleshooting (Help Net Security) WiFi continues to be the source of serious problems and confusion in enterprise K-12 and higher education. The most common issues reported were WiFi association and WiFi performance, followed by the vague category of unknown

Marketplace

7 Regional Hotbeds For Cybersecurity Innovation (Dark Reading) These regions are driving cybersecurity innovation across the US with an abundance of tech talent, educational institutions, accelerators, incubators, and startup activity

'Kevin Durant Effect': What Skilled Cybersecurity Pros Want (Dark Reading) For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds

Nehemiah Security Announces Acquisition of Triumfant (Nehemiah Security) AtomicEye, the industry’s first endpoint solution to automatically detect and remediate exploits without signatures of any kind, plays a critical role in Nehemiah’s comprehensive cybersecurity approach

Security startup Malwarebytes acquires AdwCleaner to nip adware in the bud (TechCrunch) After raising $50 million earlier this year from Fidelity, security startup Malwarebytes said that it would use some of the funding for acquisitions, and today comes some related news. The company is acquiring a startup out of France called AdwCleaner, whose product specifically tackles and removes adware and has seen a total of 200 million downloads across Windows XP, Vista, 7, 8, 8.1, 10 in 32 and 64-bit platforms

Yahoo's Hacking Issues May Hinder Verizon Takeover (iTechPost) The recent disclosure of a huge data breach may affect Verizon Communication's acquisition of Yahoo for $4.8 billion

Here's What Analysts Are Saying About IBM's Latest Earnings (Fortune) IBM posted its 18th consecutive quarter of declining revenue

Cybersecurity: Peace of Mind Isn’t Priceless (Wall Street Journal) Fortinet’s recent warning is the latest sign that demand is moderating in the sector

Easy Solutions Listed as a Representative Vendor in Gartner’s 2016 Online Fraud Protection Market Guide (Sys-Con Media) Easy Solutions, the Total Fraud Protection® company, has been cited in Gartner's October 2016 Market Guide for Online Fraud Detection as a Representative Vendor. The Market Guide, authored by Jonathan Care, Avivah Litan, and Tricia Phillips, aims to help fraud managers choose the most appropriate products for projects within their environment. In this year’s report, Gartner stated that “online fraud detection markets have continued to evolve, responding to increasingly advanced attacks. A further wave of vendors has appeared with machine-learning offerings, but lack in-depth fraud expertise"

St. Jude Medical Plans Cybersecurity Advisory Panel (Dark Reading) The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety

Local cyber startup gears up for commercialization, hiring (Baltimore Business Journal) Cybersecurity company Efflux Analytics plans to bring its product to market in November, after winning $10,000 in a state pitch competition earlier this month

Cloud DDoS solutions providers eye Singapore as key security hub (Security Brief) Nexusguard and Clearmanage are bringing Distributed Denial of Service (DDoS) protection and cloud computing together, with the launch of a new solution that will be targeted directly to the Singapore and Asia Pacific market

Cylance expands international footprint, chases Asian expansion (ChannelLife) Cylance expands international footprint, chases Asian expansion

Research and Development

BAE awarded $11.4M DARPA cyber contract (C4ISRNET) BAE has been awarded an $11.4 million Intelligence Advanced Research Projects Activity (IARPA) cybersecurity contract

Cyber Attacks, Threats, and Vulnerabilities

No, Russia is not tapping into Syria's undersea internet cables (Register) A tale of the spy ship Yantar, tinfoil hats and that pesky bugger we call reality

Russian hacker group used phony Google login page to hack Clinton campaign (Network World) Secure Works says the same group might have attacked the DNC

EXCLUSIVE: Hundreds Of White House Staffer’s Emails Get Leaked (Daily Caller) DC Leaks has given The Daily Caller exclusive access Wednesday to hundreds of emails leaked from White House advance associate Zach Leighton’s personal account

Clinton blasts Russian cyber-attacks as bid to install Trump as a “puppet” (Ars Technica) "Will Donald Trump admit and condemn that the Russians are doing this?"

Media vulnerable to Election Night cyber attack (Politico) A hack on the AP and its results tally could have chaos-inducing consequences

Opinion: The real cost of election insecurity (Christian Science Monitor Passcode) Voter trust is on the line unless the US increases cybersecurity at the polls

Hayden: Russian email hack is 'honorable state espionage' (GCN) Michael Hayden, a former director of both the CIA and the National Security Agency, thinks Russia’s actions involving a Democratic party email leak were fair play

Clinton vs Trump: Here's How Symantec Simulated a Cyberattack on US Presidential Election (News 18) Can the upcoming US Presidential Election be hacked? According to cybersecurity firm Symantec, it is quite possible. Symantec simulated a cyberattack on the upcoming Clinton versus Trump election by just spending around $500, primary with a $15 Raspberry Pi-like device

Republican site rigged with credit card skimmer malware for 6 months (Naked Security) Have you plastered a #NeverHillary sticker onto your refrigerator? One you picked up in the past 6 months from an online store run by Senate Republicans?

Έλληνες εντοπίζουν Ευπάθεια zero-day στο CMS Joomla (SecNews) Το SecNews έλαβε κρίσιμη αναφορά σχετικά με αδυναμία 0-day που εντοπίστηκε από Έλληνες ερευνητές και αφορά τις ιστοσελίδες που χρησιμοποιούν το γνωστό CMS Joomla

FruityArmor APT Group Used Recently Patched Windows Zero Day (Threatpost) One of the four zero-day vulnerabilities Microsoft patched last week was being used by an APT group called FruityArmor to carry out targeted attacks, escape browser-based sandboxes, and execute malicious code in the wild

Researchers bypass ASLR by exploiting flaw in Intel chip (Help Net Security) Researchers have found a design flaw in the branch predictor, a component of Intel’s Haswell processor, and have exploited it to bypass ASLR (Address Space Layout Randomization)

Malspam delivers NanoCore RAT (SANS Internet Storm Centr) NanoCore is a Remote Access Tool (RAT) that's currently available for a $25 license [1]. However, like many other RATs, NanoCore has been used by criminal groups to take over Windows computers. Beta versions of NanoCore RAT have been available to criminals since 2013 [2], and a cracked full version was leaked last year in 2015

Netflix Urging Subscribers to Change Passwords to Mitigate Possible Threat (HackRead) Netflix is sending emails to its subscribers urging them to reset their passwords after discovering "some" Netflix email addresses and passwords listed on a breach at another company

Phishing: Reeling in Enterprises for Hefty Profits (Check Point) Can you believe that phishing, the scam that tricks users into giving away sensitive information like their credit card numbers and bank login credentials, is still with us after more than twenty years?

"JapanLocker": An Excavation to its Indonesian Roots (Fortinet) Fortinet has discovered a new open-source PHP ransom malware that has been targeting web sites using a simple encryption algorithm that is effective enough to really frighten web server owners. What is more interesting, however, is the information we have uncovered regarding the possible roots of the attacks/attackers

After Ransomware Attack, Clinic Faces More Woes (Healthcare Info Security) 'Vendor error' leads to data loss after attack

Ransomware Family Count Surpasses 200 (BankInfo Security) More police join battle, but ransom-loving criminals just won't quit

Hackers are increasingly targeting IoT Devices with Mirai DDoS Malware (HackRead) Since the developer of Mirai malware published its source code online, the Internet of Things (IoT) devices has become highly vulnerable to malware infections

Spreading the DDoS Disease and Selling the Cure (KrebsOnSecurity) Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September

Bastille Unveils List of Top 10 Internet of Radios Vulnerabilities (BusinessWire) List coincides with new poll that finds a significant gap between Internet of Things security awareness and preparedness in the enterprise

How the Grinch Stole IoT (Beyond Bandwidth) Level 3 Threat Research Labs has previously reported on a family of malware that exploits Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets. With a rapidly increasing market for these devices and little attention being paid to security, the threat from these botnets is growing. Level 3 Threat Research Labs has been continuously tracking these botnets as they wreak havoc on victims across the internet

Firmware Security Lags as IoT Devices Proliferate (Infosecurity Magazine) As the era of automation and the Internet of Things (IoT) continues to dawn, businesses are seeing a marked increase in connected devices as part of their hardware footprint. Yet most businesses don’t have comprehensive programs in place to address firmware vulnerabilities

Routers Branded 'Achilles Heel' of Home and Small Biz Security (Infosecurity Magazine) A worrying 15% of home routers are wide open to hackers through the use of default or easy-to-guess passwords, according to new research from Eset

MetaData Exposed – Cruise, Merchant and Gov. Vessels (Wapacklabs) Wapack Labs analyzed vital metadata which began through an instructional video explaining cyber concerns on cruise ships. The video revealed an Autonomous System Number (ASN), which subsequently identified a U.S. based telecommunication company

Muddy Waters Releases New Info About St. Jude Medical Device Flaws (Dark Reading) Muddy Waters Capital, the short seller that teamed with security researchers at MedSec, posted the videos on a new site it launched: profitsoverpatients.com

Cyber attack: SBI to re-issue 6 lakh debit cards; Axis admits breach (Business Standard) Three financial institutions, including the BSE, have faced cyber attacks in the past three months

Electronic Arts (EA) servers are down; Users are angry (HackRead) Electronic Arts (EA) users in Europe and the US are reporting that they are facing connectivity issues that won’t let them sign in, connect to the server or play games

Litigation, Investigation, and Enforcement

Feds catch hacker allegedly responsible for LinkedIn hack (ZDNet) The hacker, caught in Prague, may be extradited to the US

Czech authorities arrest Russian suspected of hacking U.S. (Politico) Czech Republic officials have arrested a Russian citizen suspected of hacking targets in the United States

Hacker je ve vazbě (Policie Česke Republiky) Rychlý zásah expertů na pátrání

Alleged Hacker Behind 2012 LinkedIn Breach Nabbed In Prague (Dark Reading) Czech judge to decide on US extradition request

East-West SpyWar Heats Up With Arrest of Russian Hacker in Prague (Observer) With FBI help, Czech authorities nabbed a Russian wanted for hacking against Americans—is he tied to cyber-attacks on Democrats?

EU court: Site operators can log visitors’ IP address for protection against attacks (Help Net Security) The Court of Justice of the European Union (CJEU) has ruled that the German government can collect and keep IP addresses of visitors to websites operated by German Federal institutions, in order to protect those sites against cyberattacks (e.g. denial-of-service attacks)

To beat crypto, feds have tried to force fingerprint unlocking in 2 cases (Ars Technica) Is being forced to press a finger on a phone in violation of the Fifth Amendment?

‘I need a favor’: FBI official at center of alleged Clinton email ‘quid pro quo’ speaks out (Washington Post) FBI official Brian McCauley had been trying for weeks to get his contact at the State Department to approve his request to put two bureau employees back in Baghdad

Report finds racial bias in facial recognition technology (Christian Science Monitor Passcode) More than 40 rights groups asked the Department of Justice to launch a probe examining whether systems used by police to investigate crimes disproportionately identify blacks as criminal suspects

Major international law enforcement operation targets airline ticket fraud (Help Net Security) 193 individuals suspected of traveling with airline tickets bought using stolen, compromised or fake credit card details have been detained in a major international law enforcement operation targeting airline fraud

3 things you might not realize are cybercrimes (Naked Security) Welcome to Week 3 of National Cyber Security Awareness Month! This week’s theme, brought to you courtesy of the National Cyber Security Alliance of US businesses and government agencies, is about recognizing and combating cybercrime

How Cops From Four Countries Busted a Dark Web Drug Ring (Motherboard) The dark web allows people to deal drugs from wherever they happen to be based. Although not necessarily a global phenomenon, the dark web drug trade is very much international in scope, with vendors on both sides of the Atlantic, and further afield, stocking digital shelves with cocaine, heroin, and a plethora of other drugs

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

upcoming Events

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

18th Annual AT&T Cybersecurity Conference (New York, New York, USA, October 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.