The CyberWire Daily Briefing 10.24.16

Summary

By The CyberWire Staff

The Internet has largely recovered from Friday's very large denial-of-service attacks. Arriving in several waves throughout the day, the attacks produced outages mostly in the United States, Western Europe, and Australia. DNS provider Dyn was the central point of attack, although Dyn itself may not have been the ultimate target. The effect of the attacks cascaded through many popular sites, rendering services like PayPal and Twitter temporarily inaccessible.

This DDoS attack, called by many the largest on record, follows the template established by the September 20 attacks against KrebsOnSecurity, in which the Mirai Trojan herded a large number of insecure Internet-of-things devices into a botnet that flooded its target with more requests than the host could handle. The compromised devices include, prominently, security cameras and home routers, and it's thought that hundreds of thousands of these were used in the attack. Given that there are so many of these devices in the hands of small businesses and private users, and given that they tend to be poorly patched and protected, it's expected that mopping up the vulnerabilities could take years.

The WikiLeaks-friendly New World Hackers tweeted claims of responsibility for the attacks, but observers remain cautious about buying that attribution. It's possible this could have been hacktivism, given publication of Mirai source code in the wake of Septembers attacks. But it's also possible, as former NSA Director Keith Alexander speculated Saturday at CyCon U.S., that the operation was a test-run by Russian security services interested in establishing a disruptive capability.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bosnia and Herzegovina, Bulgaria, Canada, China, Colombia, Czech Republic, Denmark, European Union, France, Hungary, India, Oraq, Ireland, Italy, Latvia, Lithuania, Nigeria, Netherlands, Pakistan, Portugal, Russia, Spain, Switzerland, Syria, United Arab Emirates, United Kingdom, United States and Vietnam

A note to our readers: National Cyber Security Awareness Month is now in its final full week. The theme is "our continuously connected lives: what's your 'apptitude'?"

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at Virginia Tech's Hume Center, as Dr. Charles Clancy talks about quantum computing and its attendant encryption challenges. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Selected Reading

Cyber Trends

IoT security: Defending a young industry from attack (Help Net Security) As the IoT industry matures, it’s safe to say we’re well past “early adopter” phase and seeing broader development and deployment

Legislation, Policy and Regulation

The Trouble with Vietnam’s Cyber Security Law (Diplomat) The country’s efforts in the cyber domain appear to be misdirected

Congressman raises concern over potential use of Russian satellites for troops’ Internet service (Washington Post) In a letter to the Pentagon Friday, U.S. Rep. Duncan Hunter said he was concerned a contract to provide Internet service to deployed soldiers could allow the use of Russian satellites, jeopardizing troops’ privacy and security

Cyber warfare: The new international warfront (Al Jazeera) Faced with increased cyber attacks, US government is balancing attack on and defense from hackers and cyber criminals

U.S. Cyber Command acquisition experiment begins broader cyber self-assessment (Federal News Radio) The federal government’s cybersecurity policy has reached a crossroads, and the upcoming presidential transition is an opportunity to take a long, hard look in the mirror, and decide how to move forward

Former Intelligence Leader Details Roles Played in National Security (Cape May County Herald) Balancing civil liberties, while protecting Americans and American assets, is a continuing struggle for the U.S. intelligence community, according to a former leader and advisor to two presidents

Dateline

Innovation and International Cooperation (the CyberWire) CyberMaryland 2016 featured an unusual group of companies. Foreshadowing what appears to be a likely trans-Atlantic community, the conference attracted a number of companies from both Maryland and the English Midlands

Human Capital and Cyber Security: a Keynote by NSA's Admiral Rogers (the CyberWire) Early in his keynote NSA Director Admiral Michael Rogers said, "I'm here because I'm part of the Maryland cyber ecosystem," and his talk concentrated on the centrality of workforce development to his organizations' ability to accomplish their missions

The Attacker's Advantage and Pervasive Connectivity: Remarks by Michael Chertoff (the CyberWire) We are facing a growing and increasingly important area of our national security. We need the innovation of the private sector to keep ahead of the adversary. The attacker's advantage (only needing to be right once) makes it all the more important to stay ahead of the adversary

Products, Services, and Solutions

IBM Watson: Not So Elementary (Fortune) Five years after its Jeopardy! victory, IBM’s cognitive computing system is through playing games. It’s now a hired gun for thousands of companies in at least 20 industries. A Q&A with the Watson boss

Is Kaspersky’s free ICS service for real? (CyberScoop) Russian cybersecurity company Kaspersky launched a new, free service this week aimed exclusively at the owners and operators of computerized industrial machinery

IPVanish VPN unveils new app, security improvements (Help Net Security) US-based IPVanish VPN, whose VPN network spans 40,000+ IPs on 500+ servers in 60+ countries, has recently pushed out a major new edition of its app

Technologies, Techniques, and Standards

FFIEC Sheds Light on Use of Cybersecurity Assessment Tool (BankInfo Security) Two regulatory agency officials describe new FAQ guide

RASP rings in a new Java application security paradigm (ITWorld) Runtime-based technologies use contextual awareness to boost Java application security

Honeypots Versus Threat Intelligence (Information Security Buzz) When faced with daily reports of security breaches in global entities like SWIFT and Fortune 500 companies, and small enterprises being held hostage with ransomware

WTF is machine learning? (TechCrunch) While the number of headlines about machine learning might lead one to think that we just discovered something profoundly new, the reality is that the technology is nearly as old as computing

Marketplace

When It Comes To Cyber Security, Firms Must Prove Due Diligence Or Be Passed Up For Partnership (Information Security Buzz) In terms of business risks, data breaches and cyber-crime in general are quickly marching up the list of priorities for companies around the world

What is the Full Impact of a Healthcare Cybersecurity Attack? (Health IT Security) Healthcare cybersecurity attacks can have harmful effects on covered entities, with “beneath the surface” issues creating long-lasting issues, according to Deloitte research

Cybersecurity Insurance: A Catalyst for Change (InfoRisk Today) vArmour's Weatherford on How Need for Insurance Could Lead to Ramped Up Security

AT&T to buy Time Warner in US$85.4 billion deal (CRN) AT&T has entered into an agreement to buy Time Warner for US$85.4 billion in a stock-and-cash transaction that values Time Warner at US$107.50 (A$141.30) a share

AT&T’s $85 Billion Time Warner Buyout Faces Tough Federal Scrutiny (Motherboard) AT&T, the giant wireless and pay-TV provider, on Saturday announced a plan to buy entertainment titan Time Warner in a massive $85 billion deal that would dramatically reshape the US media landscape

AT&T’s Time Warner deal looks like bad news for Verizon (Washington Post) AT&T's $85.4 billion megadeal to acquire Time Warner is an unprecedented bid to diversify the telecom giant as network operators nationwide scramble to marry their communications pipes with exclusive content

The Aftermath of the Yahoo Data Breach: What Now? (EDM Digest) Yahoo is the latest victim

EU Sent Questionnaires About Microsoft-LinkedIn Deal to Rivals (Wall Street Journal) European Commission asks if LinkedIn’s data can be replicated and about the differences between professional and personal social-media networks

Proofpoint acquires Firelayers for $55 million and announces new anti-malware tool (Geektime) Israeli Firelayers will help Proofpoint expand its services for cloud-based security options

Despite IBM's Changes, Investors Should Treat the Stock With Caution (The Street) Despite beating Wall Street's third-quarter revenue and EPS estimates, Big Blue's revenue declined, and the company's gross margins are soft

AI will 'supercharge' cyberattacks. Meet the cyber defenders standing in its way (Wired) Dave Palmer, director of technology at Darktrace, warned the audience at WIRED Security that machine learning is going to supercharge cyberattacks

Radware Should Have Insight Into Recent DDoS Attacks (Seeking Alpha) Several enterprise web sites have been taken offline by DDoS attacks. Radware specializes in DDoS. Information should become available about vulnerabilities or exploits

Private Eyes: The Little-Known Company That Enables Worldwide Mass Surveillance (Intercept) It was a powerful piece of technology created for an important customer. The Medusa system, named after the mythical Greek monster with snakes instead of hair, had one main purpose

DOD Launching Expanded Hack the Pentagon Bug Bounty Program (eWeek) The Hack the Pentagon program was such a success that the DOD is launching a longer-term effort and has contracted with HackerOne and Synack to run it

The technologist convincing the Pentagon to love hackers (Christian Science Monitor Passcode) Lisa Wiswell was the driving force behind the Defense Department's first-ever bug bounty program, which rewarded outside security researchers for finding vulnerabilities in its websites. Now, the Pentagon is expanding the effort

Waterloo startup focuses on security for the quantum age (Record) A small startup in Waterloo is working on a problem that touches everyone using the Internet for buying, selling and banking — securing sensitive data against attacks from quantum computers

Nuix Aims to Deliver Security Insight (eSecurity Planet) Chris Pogue, CISO of Nuix, explains how by understanding hacker activities, risks can be minimized for enterprises

Divided We Stand: Will Brexit Weaken the UK’s Cybersecurity Industry? (Infosecurity Magazine) After the historic EU referendum result in June, Phil Muncaster takes a look at what the next steps are

Silicon Valley venture capitalist sees potential in Baltimore (Daily Record) In many ways, Anders Jones has the classic Silicon Valley story

NTT Security begins shifting sales staff to Dimension Data (ChannelWeb) But security services firm denies that sales staff have been asked to reapply for their roles as they move across to sister company

National Cyber Security Alliance to Ring the Nasdaq Stock Market Closing Bell (Military Technologies) In recognition of October as National Cyber Security Awareness Month (NCSAM), a group of NGO officials, government and digital industry leaders will visit the Nasdaq MarketSite in Times Square to close the market

Research and Development

root9B Announces Collaborative Effort with United States Air Force Academy (Stockwatch) root9B, a root9B Technologies (OTCQB: RTNB) company and leading provider of advanced Cybersecurity products, services, and training for commercial and government clients, announced a collaborative effort with United States Air Force Academy (USAFA) to develop effective Intrusion Detection Tools for Industrial Control Systems (ICS)

Security Patches, Mitigations, and Software Updates

Ubuntu security notices (Ubuntu) These are the Ubuntu security notices that affect the current supported releases of Ubuntu. These notices are also posted to the ubuntu-security-announce mailing list (list archive)

Mozilla Turning TLS 1.3 On By Default With Firefox 52 (Threatpost) When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default

Cyber Attacks, Threats, and Vulnerabilities

Cyberattack that disrupted access to major websites is under investigation (Washington Post) Web service provider Dyn said Saturday evening that a cyberattack that disrupted huge chunks of the Internet Friday is under investigation

After Years of Warnings, Internet of Things Devices to Blame for Big Internet Attack (Fast Company) Hundreds of thousands of cameras, routers, and DVRs have been hijacked by malware for use in massive denial of service attacks

Dyn Statement on 10/21/2016 DDoS Attack (Dyn) It’s likely that at this point you’ve seen some of the many news accounts of the Distributed Denial of Service (DDoS) attack Dyn sustained against our Managed DNS infrastructure this past Friday, October 21

ISC Briefing: Large DDoS Attack Against Dyn (SANS Internet Storm Center) Last Friday, a large DDoS attack against Dyn caused many popular websites to be unreachable

Chinese firm admits its hacked products were behind Friday's massive DDOS attack (CSO) Botnets created from the Mirai malware were involved in Friday's cyber attack

Dyn DDoS attack: The aftermath (Help Net Security) On October 21, New Hampshire-based Internet performance management company Dyn suffered the largest DDoS attack ever to be registered

Twitter Account Shows Mirai Botnets Using Your Security Camera In Cyber Turf War (Motherboard) In the wake of a major cyber attack that blocked access to popular websites along the East Coast on Friday, security researchers have created a Twitter account that posts live updates

Someone Weaponized the Internet of Things (Defense One) Friday’s internet disruption could be a taste of what’s to come when nations and non-state actors stop using the web and start attacking it

15 Percent of All Routers Use Weak Passwords, 20 Percent Have Open Telnet Ports (Softpedia) Router security just as bad as you'd thought it is

Hackers Wrecked the Internet Using DVRs and Webcams (Popular Mechanics) Smart home gadgets—not computers—likely did the bulk of the nefarious work today

Here's what crippled the internet (Christian Science Monitor Passcode) An unprecedented and alarming attack on the internet's core infrastructure shutdown much of the web Friday in another sign of the growing sophistication of malicious cyberattacks

A massive cyberattack blocked your favorite websites; FBI and Homeland Security are investigating (Los Angeles Times) The Department of Homeland Security and the FBI are investigating a massive cyberattack

Major Australian websites disrupted in international cyber attack (Sydney Morning Herald) Popular Australian media, banking, insurance, retail and hotel websites have experienced outages and interruptions following cyberattacks in the US overnight

Who launched cyber attack that hit Twitter, Paypal, HBO? (San Diego Union-Tribune) Dozens of the nation’s most popular websites — including Twitter, PayPal, Airbnb, Netflix, Reddit and Spotify — were disrupted Friday by a major cyber attack that exposed the fragile nature of the Internet

Friday's cyber-attack hurt local business (AZFamily) A federal investigation is underway at this hour into a massive cyber-attack on the world's most popular websites

When burglars take over the alarms - cyber risks and the IoT (Irish Times) After Friday's disruption to Twitter and Spotify, home devices such as burglar alarms and heating controls known as the ìnternet of things` could be vulnerable to a hacking attack

Hackers Claim Responsibility for Friday's Massive Cyber Attack, Warn of More (AP via ABC7 News) Could millions of connected cameras, thermostats and kids' toys bring the internet to its knees?

WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical (Politico) A massive cyberattack Friday on a key internet routing company knocked offline major websites like Spotify, Twitter and The New York Times, as WikiLeaks supporters claimed credit

Who Is Trying To Destroy The Internet? (Science 2.0) A prolonged Internet outage affecting major sites like Twitter, Netflix, Spotify and The New York Times on Friday has commentators concerned that this is was a practice run for future, more widespread disruption of the internet

It probably wasn’t Russia who attacked the Internet yesterday. That’s what’s scary (Matthewaid) It probably wasn’t Russia who attacked the Internet today. That’s what’s scary

Today's Brutal DDoS Attack Is the Beginning of a Bleak Future (Gizmodo) This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider

Massive Internet Outage Could Be a Sign of Things to Come (MIT Technology Review) Hackers have shown how they could take down the Internet

No Ordinary Attack: With Flawed Security, Cyberthreat Posed by Internet of Things Will Only Grow (Haaretz) The attack that brought down leading websites such as Twitter and Netflix is further proof that every time firms try to link up other products to the web, security always takes a back seat

Hackers smell blood after co-opting ‘internet of things’ (Sunday Times) An army of copycat hackers could seize control of internet-connected home devices to carry out cyber-attacks, security experts have warned

Friday's cyber attacks a 'wake-up call' for insurers and public alike (Property Casualty 360) Waves of online attacks on Domain Name Server (DNS) provider Dyn Inc. blocked access to Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, The New York Times and various other sites throughout Friday

Evidence ties Russia to Podesta and Powell email hacks (Engadget) They appear to be part of a unified effort to disrupt the US presidential election

HomeAmerica Brent Budowsky to RT: ‘Washington has evidence Russia hacked US’… no proof though (Russia Today) US intelligence has “evidence” that links Russia to meddling in the US elections, The Hill columnist Brent Budowsky told RT, yet failing to name exact facts, not disclosed by American authorities either

Here’s Cryptographic Proof That Donna Brazile Is Wrong, WikiLeaks Emails Are Real (Daily Caller) Cryptographic signatures demonstrate that Democratic National Committee Chairman Donna Brazile is wrong when she suggests the WikiLeaks emails were altered and that she did not send an email tipping off Democratic presidential nominee Hillary Clinton to debate questions

American vigilante hacker sends Russia a warning (CNn Money) An American vigilante hacker -- who calls himself "The Jester" -- has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets

Russia cyber hacking to undermine democracy globally: US expert (INdian Express) Christopher Porter said FireEye has observed Russian interference in elections for many years now

Chinese hackers targeted US aircraft carrier (Financial Times) Cyber security group says attack launched against visitors to vessel in South China Sea

Inside the Cyberattack That Shocked the U.S. Government (Wired) The US Office of Personnel Management doesn’t radiate much glamour

Pakistan Government Officials Targeted with RATs in Cyber-Espionage Campaign (Softpedia) No clues on the attackers' identity as of yet

UK spy agency GCHQ paid NZ firm Endace to power Internet fiber-optic taps (TechCrunch) The 2013 Snowden documents revealed UK intelligence agency GCHQ to be tapping into the undersea cables that carry Internet traffic, covertly gathering vast amounts of digital comms data under a surveillance program code-named Tempora

Pentagon Expects Mosul Push to Unlock Trove of ISIS Intelligence (New York Times) The Pentagon is sending dozens of additional intelligence analysts to Iraq to pore over a trove of information that is expected to be recovered in the offensive to recapture Mosul from the Islamic State, data that could offer new clues about possible terrorist attacks in Europe

Electronic threats from above (C4ISRNET) Adversarial capabilities writ large have significantly improved vis-à-vis the United States (hence the necessity of the Defense Department’s so-called third offset strategy)

Microsoft warns of fake Security Essentials installer malware scam (WinBeta) Security is a huge (and growing) issue in the ever-more connected world in which we live. Malware has plagued computers for years, despite many tools being available that work to prevent it

Using Rowhammer bitflips to root Android phones is now a thing (Rowhammer) Permission-less apps take only seconds to root phones from LG, Samsung and Motorola

Giving Google Your Mobile Number Could Make Your Gmail Account Less Secure, Expert Warns (Huffpost Tech) If you’re a Gmail user, Google probably holds the keys to your digital life

Linux kernel bug: DirtyCOW “easyroot” hole and what you need to know (Naked Security) Here comes what we’re calling a bus-scenario BWAIN

Cyber security experts warn firms about dark side of social media use as hackers hunt data (Independent) Networking sites LinkedIn and Facebook are mined by scammers in a sophisticated bid to steal identities and emails, writes Simon Rowe

Litigation, Investigation, and Enforcement

Judge orders ex-NSA contractor accused of stealing secrets held in custody (Fox News) A former National Security Agency contractor accused in a massive theft of classified information will remain in custody as prosecutors continue building a criminal case against him, a federal judge ruled Friday

Ex-NSA contractor accused of massive theft is a ‘collector,’ not a ‘traitor,’ lawyers say (Washington Post) A federal judge found Friday that a former National Security Agency contractor accused of carrying out what is thought to be the largest theft of classified secrets in U.S. history posed a flight risk and ordered that he continue to be held in jail

How Could NSA Contractor Harold Martin Have Been Taking Home Classified Info For 20 Years Without NSA Noticing? (Tech Dirt) A few weeks back, we wrote about the arrest of Harold Martin, an NSA contractor working at Booz Allen, for apparently taking "highly classified information" from the NSA and storing it electronically and physically in his home

1,000 Clinton-Petraeus emails missing from records sent to State, FBI files show (Fox News) Roughly 1,000 emails between Hillary Clinton and Gen. David Petraeus were thought to be missing from the 30,000 emails provided by Clinton’s team to the State Department in December 2014, according to the newly released FBI investigative files

Clinton lectured State Dept. staff on cybersecurity in 2010 video (Fox News) Despite conducting her own government business through a personal “homebrew” server while secretary of state, Hillary Clinton is seen in a newly obtained video lecturing her staff of their “special duty” to recognize the importance of cybersecurity

U.S. indicts Russian for hacking LinkedIn, Dropbox, Formspring (CSO) Czech police arrested the 29-year-old earlier this month

Interpol to assist Hyderabad cops nab Nigerian cyber criminals (New Indian Express) The Interpol (International Criminal Police Organisation), the world’s largest international police organisation, is ready to assist Hyderabad city police to nab Nigerian nationals, who escaped from India after obtaining bail in cyber crime cases

More police forces back ‘No More Ransomware’ project–Kaspersky (Business Mirror) Law-enforcement agencies in 13 more states have recently joined the global campaign against ransomware, Kaspersky Lab ZAO said

Child sex abuse org urges Web firms to sign up to “game-changing” hash list (Ars Technica) Online outfits can stamp out copies, stop sharing, prevent image uploads, says IWF chief

Design and Innovation

Army issues computer simulation challenge for cyberwar training (Bloomberg Government) The Army’s Program Executive Office for Simulation, Training, & Instrumentation (PEO STRI) wants to create a Persistent Cyber Training Environment (PCTE), and, along with U.S. Cyber Command and others, is initiating the fifth cyber innovation challenge to find possible solutions

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

18th Annual AT&T Cybersecurity Conference (New York, New York, USA, October 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them. That’s why we’re hosting the 18th Annual AT&T Cybersecurity Conference.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.