The CyberWire Daily Briefing 10.21.16

Summary

By The CyberWire Staff

Fancy Bear continues its busy romp through Russia's Western targets, not just the US Democratic National Committee and various high numeros in the Clinton campaign, but (according to ESET) more than 1800 distinct email addresses throughout Europe, the Middle East, North America, and Latin America. Bit.ly-based phishing links were evidently used to compromise the Gmail accounts of both Clinton operative John Podesta and former Secretary of State Colin Powell. Motherboard has a nice catch of convincing-looking phishbait—they invite you to look and consider whether you'd bite.

US Director of National Intelligence Clapper says, pace candidate Trump, that there's really no serious doubt the Russian services are the ones culling and distributing the election season's email sleaze, and ODNI's got the forensics to back up the attribution.

Fancy Bear's take continues to be distributed through DCLeaks and WikiLeaks. The latter has released, among other stuff, one of President Obama's pre-Presidential email addresses. TechCrunch tried emailing him. It didn't bounce, but no reply, yet.

WikiLeaks' Julian Assange remains in Ecuador's London embassy. Ecuador continues to extend him asylum, but they've cut off his Internet. A number of Wi-Fi vigilantes are said to be hanging around outside, offering Mr. Assange the use of their hotspots, but with what success is unknown.

ThreatConnect reports that the same Chinese actors believed to have hacked the US Office of Personnel Management and the Anthem insurance network are back, now targeting Franco-American infrastructure companies.

An ATM hacking wave hits India; banks cope with compromised debit cards.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, European Union, Germany, India, Iran, Iraq, Israel, Romania, Russia, Syria, Ukraine, United Kingdom, and United States.

A note to our readers: CyberMaryland wraps up today. Tomorrow we'll be in Washington, catching the International Conference on Cyber Conflict.

Today closes the third week of National Cyber Security Awareness Month, whose theme has been, "Recognizing and Combating Cyber Crime."

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Jonathan Katz from our partners at the University of Maryland will update us on a key encryption component of the Internet. Our guest is Kevin Green from the Depatment of Homeland Security, who will discuss software assurance programs. Since we'll be podcasting from CyberMaryland, we'll be catching various experts, influencers, and passersby as our guests. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Selected Reading

Cyber Trends

Low GDPR preparedness represents revenue threat (Help Net Security) 96 percent of companies still do not fully understand the European General Data Protection Regulation (GDPR), despite it coming into effect in May 2018

Why Cloud security is key to tackling the productivity puzzle (The Stack) Following the latest report from the Office for National Statistics, the productivity puzzle continues to baffle British businesses. While more people in the UK are employed than ever before and working hours have reached an all-time high, the UK is still failing to gain a competitive edge when it comes to productivity

Is cybersecurity broken? Building walls won't prevent hacks, predicting the future will (Wired) Recorded Future's Staffan Truvé made the comments at WIRED Security 2016

The fight against cyber crime requires innovative defence (Information Age) Cyber crime has been making a rapid ascent in the list of priorities for many organisations as they see the catastrophic damage – both financial and reputational – it has wreaked on enterprises across the world

Legislation, Policy and Regulation

Bundestag to vote on better scrutiny of intelligence services (Deutsche Welle) German lawmakers are debating wide-reaching reforms of the country's intelligence agencies and how they work with other countries. The plans follow Germany's involvement in the US snooping scandal

Michael Fallon: Britain using cyber warfare against IS (BBC) The UK is using cyber warfare in the fight against Islamic State militants for control of the Iraqi city of Mosul, the defence secretary has said

U.S. Cyber Command Attacks ISIS. Slow Progress. Few Results. (Fabius Maximus) Our war with ISIS is almost invisible to Americans. Only lightly reported by the press, visible mostly in the domestic terrorism it inspires. Even less visible is our cyberwar with ISIS. One of the most active fronts of the war, it is a harbinger of future conflicts. Here Emilio Iasiello briefs us on the US attacks by the lavishly-funded US Cyber Command. What are they doing? What successes?

What Is the Islamic State Without a State? (Atlantic) Control of territory is at the core of ISIS ideology. But the group can outlast its recent losses

Clapper calls Russia hacking a 'new aggressive spin on the political cycle' (Politico) Director of National Intelligence James Clapper on Thursday called Russia’s alleged hacking and interference with the U.S. election a “new aggressive spin on the political cycle”

Cyber threat center growing in its integration role as it enters year 2 (Federal News Radio) The Cyber Threat Intelligence Integration Center has been in place now for a little more than a year

Dateline

NSA chief: Cyber adds 'whole other dimension' to Russia's attempts to manipulate U.S. affairs (Baltimore Sun) The head of the NSA said Thursday that Russia's hack of Democratic Party emails is consistent with its history of trying to manipulate and influence affairs in other countries — but the scope of such operations has changed dramatically

NSA director makes recruiting pitch, seeks diverse workforce (Columbus Ledger-Enquirer) Navy Adm. Michael Rogers, director of the National Security Agency and commander of the U.S. Cyber Command, made a recruiting pitch to his audience Thursday at Columbus State University

Experts: Network and data security should be a C-suite concern (Baltimore Sun) Data breaches are on the rise, increasingly hitting small and mid-sized companies and bringing significant costs with them. Yet many companies still consider cyber security a problem for the information technology department, rather than a concern for top executives

Cyber security conference beginning in Baltimore (Miami Herald) A two-day conference on cyber security is beginning in Baltimore

National Cyber Security Hall of Fame Announces 2016 Inductees (PRNewswire) The National Cyber Security Hall of Fame has released the names of seven visionaries who will be inducted into the Hall of Fame at a gala and inductee ceremony on Thursday, October 20, at the Hilton Baltimore in Inner Harbor Baltimore, Maryland

Products, Services, and Solutions

New Free Tool Stops Petya Ransomware & Rootkits (Dark Reading) Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time eve

Use Chaos Monkey to push engineers to build resilient cloud services (Help Net Security) Netflix’s engineering team is good at sharing the tools they create, and keeping them updated to serve different needs. Chaos Monkey is the latest offering that received a considerable overhaul

MBRFilter: Cisco open sources tool to protect the Master Boot Record (Help Net Security) Cisco’s Talos research team has open sourced MBRFilter, a tool that aims to prevent a system’s Master Boot Record (MBR) getting overwritten by malware

Tenable Supports Recent NIST Publication (Meritalk) Tenable Network Security announced Oct. 13 it would support the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171, a document enumerating guidelines to protect sensitive government information

Trend Micro Raises Bar with XGen™ Endpoint Security (Edmonton Journal) First to add high-fidelity machine learning to a blend of cross-generational threat defense techniques

Technologies, Techniques, and Standards

Why Poor Cyber Hygiene Invites Risk (Dark Reading) Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain

How cybercriminals attack homes, and how to stop them (Help Net Security) At a recent Home Hacker Lab event, an ethical hacker revealed how cybercriminals attack, and what consumers can do to protect themselves

Blog: Monitoring Tactical Wi-Fi Networks (SIGNAL) Ensuring that deployed U.S. troops can communicate and exchange information is critical to the military’s missions. That said, there are numerous challenges in deploying the high-speed tactical networks that make this communication possible

Marketplace

Encryption software market to reach $8.94 billion by 2021 (Help Net Security) The ecryption software market size is estimated to grow from $3.05 billion in 2016 to $8.94 billion by 2021, at an estimated CAGR of 24.0%, according to MarketsandMarkets

GreyCastle Security, LLC has been acquired by Assured Information Security, Inc. (Benzinga) Acquisition positions GreyCastle Security for accelerated growth and expansion

Verizon braced for drawn out battle over Yahoo acquisition (Financial Times) Buyer set to demand discount on $4.8bn price over cyber attack at internet group

Proofpoint (PFPT) Enters Agreement to Acquire Cloud Security Provider FireLayers (Street Insider) Proofpoint, Inc., (Nasdaq: PFPT) has entered into a definitive agreement to acquire FireLayers, an innovator in cloud security. With this acquisition, Proofpoint will extend Targeted Attack Protection (TAP) to SaaS applications, enabling customers to protect their employees using SaaS applications from advanced malware

Will Cisco Systems Buy These 2 Security Companies? (Motley Fool) FireEye and Imperva could be lucrative takeover targets for the networking giant

FireEye: The Black Swan And The Aftermath (Seeking Alpha) Cyber attacks are shrinking in size. Post breach remedies are not driving revenue for FireEye like before. A value creating growth catalyst is increasingly hard to come by

10 Companies Symantec Could Buy Next (CRN) At Symantec's Partner Engage event in Los Angeles last week, CEO Greg Clark celebrated the company's blockbuster acquisition of Blue Coat Systems, laying out new opportunities ahead of the company around cloud and web security. However, Clark said Symantec isn't done when it comes to making acquisitions to build its massive portfolio

HackerOne, Synack awarded DoD contracts to expand bug bounty program (CyberScoop) The Department of Defense has awarded two contracts that will allow the Pentagon to expand its bug bounty program across a variety of its digital assets

If you can't beat them, get them to join you: why all companies should hire hackers (Wired) HackerOne CTO Alex Rice explained that the safest software firms are those with the highest bug bounties

Anonymous’ Most Notorious Hacker Is Back, and He’s Gone Legit (Wired) Six months ago, Hector Monsegur hit send on an email to about a dozen new hires on the IT staff of a certain Seattle-based tech company whose names were carefully chosen from social media

Technica gets $22 million U.S. Air Force cybersecurity contract (UPI) Company will provide networking defense, systems, processes and other cyber tasks

Sophos Placed as a Leader in Endpoint Security Suites Report from Leading Industry Analyst (Marketwired) Sophos receives highest scores for strategy category

US cyber security firm set to create 58 jobs in Belfast (Belfast Telegraph) Belfast has fought off competition from the US and elsewhere to secure 58 new top tech jobs for the city

Bitdefender leases 2,300 sqm office in Palas Iasi complex (Romania Insider) Romanian group Bitdefender, an international provider of cyber security solutions, has leased an area of 2,300 sqm in the class A office building United Business Center 1 (UBC 1), which is part of the Palas Iasi complex

University of California Santa Barbara Team Wins Unrestricted $100K Security, Privacy and Anti-Abuse Grant Award from Google (Marketwired) Lastline co-founder recognized for his research on cybercrime and malware detection

root9B CEO Eric Hipkins Joins Cybersecurity Ventures Board of Advisors (PRNewswire) Eric Hipkins, Chief Executive Officer of root9B, a root9B Technologies (OTCQB: RTNB) company, has been named to the Board of Advisors of Cybersecurity Ventures, the world's leading researcher and publisher of reports covering global cybercrime damage projections, cybersecurity spending forecasts, and cybersecurity employment figures

Security Patches, Mitigations, and Software Updates

Cisco plugs critical bug in ASA security devices (Help Net Security) Cisco has patched a critical vulnerability in the Identity Firewall feature of Cisco ASA Software, which would allow a remote attacker to execute arbitrary code and obtain full control of the system (or cause a reload)

Verizon Already Sending Out Update for LG V20, Performance Tweaks and Security Patch (Droid Life) The V20 on Verizon was made available last night online, but already, the carrier is sending out the first update for the device labeled as software version VS99511A. Inside, you won’t find anything too crazy, but Verizon does list “performance enhancements"

Cyber Attacks, Threats, and Vulnerabilities

Hotspot Vigilantes Are Trying to Beam the Internet to Julian Assange (Motherboard) On Sunday October 16th, the Ecuadorian government cut off Julian Assange’s internet connection from inside the Ecuadorian embassy in London. The country’s foreign office said the severance came in response to Assange’s continued interference in the US election campaign, as WikiLeaks continued to publish hacked emails from Hillary Clinton’s campaign advisor John Podesta

How Russia Pulled Off the Biggest Election Hack in U.S. History (Esquire) Putin, WikiLeaks, the NSA and the DNC email fiasco that gave Trump and Clinton another reason to be at odds

Private Security Group Says Russia Was Behind John Podesta’s Email Hack (New York Times) At the start of 2014, President Obama assigned his trusted counselor, John D. Podesta, to lead a review of the digital revolution, its potential and its perils. When Mr. Podesta presented his findings five months later, he called the internet’s onslaught of big data “a historic driver of progress.” But two short years later, as chairman of Hillary Clinton’s presidential campaign, Mr. Podesta would also become one of the internet’s most notable victims

Russia-linked phishing campaign behind the DNC breach also hit Podesta, Powell (Ars Technica) Bit.ly-based phishing links targeted former Sec. of State, Clinton campaign chair

Russian hackers infiltrated Podesta's email, security firm says (Politico) Hillary Clinton campaign chairman John Podesta’s Gmail account was hacked by the same Russian intelligence-linked hackers that breached the DNC and the DCCC, researchers confirmed Thursday, spurring Clinton's team to immediately lash out at Donald Trump over his ongoing reluctance to blame Moscow for the spate of election-related hacks

How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts (Motherboard) On March 19 of this year, Hillary Clinton’s campaign chairman John Podesta received an alarming email that appeared to come from Google

Would You Click on These Fake Gmail Alerts? (Motherboard) The months-long espionage campaign against US political targets allegedly orchestrated by hackers working for the Russian government hinged on a simple, yet effective, hacker trick: booby-trapped emails

WikiLeaks reveals Barack Obama’s pre-presidential email address (TechCrunch) R.I.P. Barack Obama’s inbox. Among the many secrets and not-so-secrets exposed by WikiLeaks in the dump of Clinton campaign head John Podesta’s emails is the president’s personal email address

US DNC hackers blew through SIX zero-days vulns last year alone (Register) Most targets were individuals with Gmail addresses

Denying Trump’s Denial, US Intel Chief Says There’s More Evidence of Russian Hacking (Defense One) The nation’s top intelligence official says “forensic and other” evidence proves Russian election interference

Can a Cyber Attack on Journalists Influence the Election? (TVSpy) In the wake of last night’s presidential debate featuring Hillary Clinton and Donald Trump sparring over Russia’s attempt to influence the upcoming election through cyber attacks, POLITICO reports journalists should be prepared for what may happen on election day

Why a massive Election Day hack is unlikely (+video) (Christian Science Monitor Passcode) At an Atlantic Council event Wednesday, experts warned about myriad technical vulnerabilities at the polls but said a hack that could change the outcome of the presidential election was nearly impossible

Fancy Bear Spying Targets 1000s, Including NATO, Political Leaders (Infosecurity Magazine) A look under the covers of the APT group known as Fancy Bear (aka Sednit, APT28, Pawn Storm or Sofacy) shows that its cyberespionage activities are swelling as it continues to target thousands of high-profile individuals and organizations, including NATO institutions, political leaders and heads of police, and diplomats across the globe

Chinese Hackers Targeting US DoD Contractor Linked to OPM Hack (Softpedia) Security firm links malware to previous Anthem & OPM attacks

Ziggo ransomware phishing campaign still increasing in size (Fox-IT) Fox-IT’s Security Operations Center (SOC) observed fake Ziggo invoice e-mails, since October 6th 2016, linking to a ransomware variant known as TorrentLocker

New Ransomware Asks User to Play Click Me Game while Encrypting Data (HackRead) The Click Me game malware is developed by Iranian hacker as its readme file is written in Persian

This ransomware is now one of the three most common malware threats (ZDNet) The total number of ransomware attacks rose by 13 percent in September alone, say Check Point cybersecurity researchers

“Most serious” Linux privilege-escalation bug ever is under active exploit (updated) (Ars Technica) Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access

Dirty COW Linux vulnerability - what you need to know (Graham Clulely) Offal bug found in Linux

The deplorable state of IoT security (Radware Blog) Following the public release of the Mirai (You can read more about it here) bot code, security analysts fear for a flood of online attacks from hackers. Mirai exposes worm-like behavior that spreads to unprotected devices, recruiting them to form massive botnets, leveraging factory default credentials and telnet to brute and compromise unsuspecting user’s devices

Mobile Applications Leak Device, Location Data (Theatpost) Both Android and iOS apps leak data, leaving users vulnerable to data theft, denial-of-service attacks, and remote SIM card rooting

Are mobile apps a leaky tap in the enterprise? (Zscaler) In almost every enterprise, mobile and cloud represent a large and growing proportion of overall traffic. While they offer many advantages in productivity, they also bring about new challenges for organizations trying to simplify their infrastructures while maintaining critical security controls

Beware of this fake Twitter app that steals users’ credentials (Deccan Chronicle) Avast security researchers discovered a malware in a variant of the official Twitter app for Android devices

ATM Malware Hack: State Bank of India Blocks Millions of debit cards (HackRead) Some 3.2 million debit cards issued by India’s biggest banks may be exposed to a malware-induced security breakdown, the Economic Times newspaper reported on Oct. 20. Most of these cards belong to State Bank of India (SBI), HDFC Bank, Yes Bank and ICICI Bank

Hitachi claims its systems were not breached in cyber attack (Business Standard) Over 3.2 million debit cards are said to be compromised due to virus/malware in switch provider system at Hitachi

The latest casualty of cyber attack: Debit cards (Indian Express) The incident of 3.2 million debit cards being blocked by Indian lenders has sent jitters across the banking community

Weebly hacked, 43 million credentials stolen (TechCrunch) The web design platform Weebly was hacked in February, according to the data breach notification site LeakedSource

Hacked: 43M Weebly and 22M FourSquare accounts stolen (HackRead) Weebly has confirmed the data breach whilst FourSquare disputes the findings, claiming they were not hacked

Ancalog–the vintage exploit builder (Sophos) Document exploitation is a popular method of distributing malware. A common theory for its popularity is that victims can be more easily convinced to open document attachments than executables

Israeli Phone Hackers Say They Can Rip Data From... Pokémon Go (Motherboard) Cellebrite, a company that makes phone hacking and data extraction tools, is the go-to for law enforcement wanting to forensically examine mobile devices. But the Israeli firm recently announced a new feature that may split the contentious “going dark” debate wide open: it can rip data from Pokémon Go

Hacking 3D manufacturing systems demonstrated by researchers (Help Net Security) Researchers from three universities combined their expertise to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, illustrating how a cyber attack and malicious manipulation of blueprints can fatally damage production of a device or machine

Stupid encryption mistakes criminals make (InfoWorld) Blown cover: Malware authors show how easy it is to get encryption wrong and, in the process, help security pros crack their code

iCloud Phishing Campaign Zycode Back From the Dead (Threatpost) A phishing campaign aimed at Chinese Apple users that was thought to be in hibernation has been roused from its slumber

Blog: Plenty of Phish in Your Sea of Emails (SIGNAL) National Cyber Security Awareness Month is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about cybersecurity; provide them with tools and resources needed to stay safe online; and increase the resiliency of the nation in the event of a cyber incident. This week’s theme is “Recognizing and Combating Cybercrime”

Academia

UMD cybersecurity program to start offering NSA-led courses, mentorships (Diamondback) The University of Maryland took another step forward in the cybersecurity field this week, announcing a new collaboration between this university's honors cybersecurity program and the National Security Agency

Purdue computer science professor to receive international award (Purdue Exponent) A Purdue professor will be honored in Rome next year by an international cybersecurity organization

Litigation, Investigation, and Enforcement

Government alleges former NSA contractor stole ‘astonishing quantity’ of classified data over 20 years (Washington Post) Federal prosecutors in Baltimore on Thursday said they will charge a former National Security Agency contractor with violating the Espionage Act, alleging that he made off with “an astonishing quantity” of classified digital and other data over 20 years in what is thought to be the largest theft of classified government material ever

Prosecutors Detail What May Be NSA’s Worst-Ever Security Breach (Foreign Policy) When the FBI announced earlier this month it had arrested NSA contractor Harold Martin, it was clear the American signals intelligence agency had suffered a huge breach of internal security. But no one imagined the staggering amount of information Martin allegedly amassed in his suburban Maryland home: a digital archive that may reach 500 million pages, much of it secret

Read the government's argument to keep former NSA contractor Harold Martin in jail (Washington Post) Federal prosecutors in Baltimore on Thursday said they will charge with violating the Espionage Act a former National Security Agency contractor accused of carrying out perhaps the largest theft of classified government material ever. In a 12-page memo, U.S. Attorney Rod Rosenstein and two other prosecutors laid out a much more far-reaching case against Harold T. Martin III than was previously outlined

Read Harold Martin's arguments to be released from detention (Washington Post) Federal prosecutors plan to charge former NSA contractor Harold Martin with violating the Espionage Act. A conviction under the act could send Martin to prison for up to 10 years. Here is his defense

Bitter feud between partners as IBM deflects eCensus blame (DDoSInfo) NextGen, Vocus refute claims of error. A bitter feud has broken out between IBM and its internet service provider partners for the 2016 eCensus as the main contractor tried to deflect blame for the site’s meltdown on August 9 In its first detailed response to the failure, IBM said it had plans in place for the risk of DDoS attacks, but its efforts were to no avail thanks to a failure at an upstream provider

Data Breach Victims: Alleging "Substantial Risk of Harm" Will Get You The Proverbial Day In The Courts of the Sixth, Seventh, and Ninth Circuits (LinkedIn) Allegations of “substantial risk of harm” are sufficient for standing under Article III of the U.S. Constitution, say the Sixth, Seventh, and Ninth Circuits

Design and Innovation

Give System Attackers the Boot (Electronic Design) Incorporating crypto elements into the secure-boot process is quickly becoming a key ingredient in IoT device development

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

upcoming Events

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations.

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

18th Annual AT&T Cybersecurity Conference (New York, New York, USA, October 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Fancy Bear again, and WikiLeaks (also again). Chinese hackers return, now after infrastructure companies. Debit card hacking epidemic in India.