Putin advisor doxed? ISIS works from Raqqa; Hamas operates "Moonlight" cyberespionage. Dyn releases details on Friday's DDoS. Correro sees a different DDoS campaign exploiting LDAP.
CyberHunta, thought to be Ukrainian hacktivists, dox Putin consigliere Vladislav Surkov, releasing emails that indicate Surkov's connections with Russian separatists fighting inside Ukraine. The Russian government has long denied such support, but vanishingly few observers believe those denials. President Putin says the emails are fabricated: "Surkov doesn't use electronic mail."
The French government looks at ongoing US experience with online political meddling (which the US has ascribed to Moscow) and warns its own candidates that they should expect to be on the receiving end of similar ministrations.
US intelligence sources say ISIS continues to seek to inspire attacks online from its Syrian headquarters in Raqqa. Vectra Networks says it's found an extensive cyber espionage campaign, "Moonlight," operated by Hamas against unnamed Middle Eastern targets.
Dyn offers more results of investigation into the distributed denial-of-service attack it sustained last week. It confirms that it was a Mirai botnet and that about 100 thousand devices were implicated (fewer than earlier estimates had put the number). The attackers used masked TCP and UDP traffic across Port 53; they also employed recursive DNS retry traffic. Investigation of the Dyn attacks is ongoing; Dyn won't speculate about attackers or their motives.
Analysts warn that more attacks like this can be expected; Singapore's StarHub already experienced them on Saturday and again on Monday. Correro reports observing exploitation of Lightweight Directory Access Protocol (LDAP) to amplify DDoS attack traffic over the weekend. The company warns that LDAP exploitation combined with a Mirai botnet could prove extremely serious.
Notes.
Today's issue includes events affecting Australia, China, France, Ireland, New Zealand, Russia, Singapore, Syria, Ukraine, United Kingdom, United States, and and Vietnam.
A note to our readers: National Cyber Security Awareness Month is now in its final full week. The theme is "our continuously connected lives: what's your 'apptitude'?"
The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at Ben Gurion University, whose Yisroel Mirsky will talk about machine learning. Our guest, Plixer's Thomas Pore, will discuss the Mirai botnet source code. As always, if you enjoy the podcast, please consider giving it an iTunes review.
Cyber Attacks, Threats, and Vulnerabilities
Hakerzy ujawnili przestępcze plany Putina (FAKT24) Ukraińscy hakerzy przejęli tajne dokumenty Rosji dotyczące Ukrainy. Plany zostały wykradzione ze skrzynki mailowej doradcy samego Władimira Putina. Chodzi o Władisława Surkowa, który podpowiada Putinowi w kwestiach Abchazji, Osetii oraz Ukrainy. Autentyczność dokumentów potwierdziła Służba Bezpieczeństwa Ukrainy (SBU)
Kremlin Brushes Off E-Mail Leak Allegedly Showing Russian Hand In Ukraine Conflict (Radio Free Europe/Radio Liberty) The Kremlin has challenged the authenticity of leaked e-mails purportedly from the inbox of presidential aide Vladislav Surkov that appear to show the Russian government's coordination with separatists in eastern Ukraine
It's On: US Mulls Tricky Options for Retataliation Against Russian Hacks (NextGov) The decision by top intelligence and Homeland Security officials to attribute election-related data breaches to top Russian government officials earlier this month marked a sea change in cyber relations between the two former Cold War adversaries
Expert at USF cybersecurity conference rejects idea of hijacked Nov. 8 election (Tampa Bay Times) Despite a concerted effort by Russians to interfere with the Nov. 8 presidential election, and constant claims by Republican nominee Donald Trump that it is rigged, American voters should not fret, says a man who was once a top spook
France warns candidates on cyber risk after U.S. election hacks (Bloomberg via the Chicago Tribune) France's cyber-security watchdog is briefing the country's presidential candidates on hacking threats, drawing lessons from attacks that have disrupted the U.S. election campaign
DDoS attacks from webcams, routers hit Singapore's StarHub (CSO) The outage follows IoT-based DDoS attacks that knocked out internet access to many US sites
DDos On Dyn Used Malicious TCP, UDP Traffic (Dark Reading) Dyn confirms Mirai IoT botnet was 'primary source' of the attack, with some 100,000 infected devices sending the bogus traffic
DDoS attack overwhelmed Dyn despite mitigation efforts (CSO) Orders of magnitude fewer devices caused the service interruptions, Dyn says
What you need to know about the botnet that broke the internet (Christian Science Monitor Passcode) Why security experts are worried about Mirai – the software attackers use to create malicious networks out of ordinary connected devices – and how you can protect yourself
Mirai Aftermath: China's Xiongmai Details Webcam Recall (BankInfo Security) But true fix requires a more resilient Internet, experts warn
Chinese Firm Says It Did All It Could Ahead of Cyber-Attack (Gadgets 360) A Chinese electronics maker that has recalled products sold in the US said Tuesday it did all it could to prevent a massive cyber-attack that briefly blocked access to websites including Twitter and Netflix
Analysts fear even bigger cyber attacks are coming (San Diego Union-Tribune) Security experts fear the big cyberattack that debilitated Twitter, PayPal, Netflix, Airbnb and dozens of other companies last week could be a precursor to a larger assault that deeply impacts American society, possibly during the holiday shopping season
DHS official: DDoS attack triggered use of new cyber-response 'schema' (Inside Cybersecurity) Last week's distributed denial of service attack that temporarily shut down social media sites triggered use of the Department of Homeland Security's new “schema” for identifying and evaluating a cyber incident in order to determine the federal government's response, according to a DHS official
Attackers are now abusing exposed LDAP servers to amplify DDoS attacks (PC World) LDAP adds to the existing arsenal of DDoS reflection and amplification techniques that can generate massive attacks
Zero-day DDoS attack vector leverages LDAP to amplify malicious traffic (SC Magazine) Corero Network Security today disclosed a zero-day distributed denial of service attack (DDoS) technique, observed in the wild, that is capable of amplifying malicious traffic by a factor of as much as 55x
‘Moonlight’ Hackers Coordinating Targeted Attacks Against Entities In The Middle East (Information Security Buzz) Vectra Networks has uncovered a hacking group (code named Moonlight) conducting cyberespionage against targets in the Middle East. Vectra has identified over two hundred samples of malware generated by the group over the last two years
Islamic State continues to plot against the West, US military warns (Long War Journal) The US military warned today that the Islamic State continues to plot attacks against the West from its headquarters in Raqqa, Syria
CyberX Threat Intelligence Uncovers Critical Vulnerability in Industrial Control Systems (ICS) Firewall (PRNewswire) Cyberattackers can exploit vulnerability to impact safety and production in critical infrastructure sectors such as energy, chemicals, transportation and manufacturing
Major Security Flaw Targets Industrial Computer Systems (Voice of America) A major security vulnerability affecting one of the world’s largest manufacturers of computerized industrial control systems, Schneider Electric, has recently been identified, according to a leading cybersecurity firm
Pager Security Can Affect Critical Infrastructure (Security Intelligence) Pagers don’t get much attention in this era of smartphones and tablets. They are, however, still widely used in industrial control systems (ICS). Pagers are also good backup for everyday communication since they are functional in areas that have poor cellphone signals
4SICS: ICS threats are mostly unknown, industry needs more information sharing (SC Magazine) Opening his Keynote speech at the third edition of 4SICS in Stockholm, Robert M. Lee, CEO of ICS security company Dragos Inc., said that “ICS threats are currently mostly unknown"
Dirty COW bug leaves 5,000 servers in Vietnam vulnerable to attack: Bkav (Tuoi Tre News) More than 5,000 computer server systems powered by Linux operating system are vulnerable to hacker attacks as they suffer the serious Dirty COW bug, a local security company has warned
Personal Tracking Devices Expose Public Privacy Risk (eWeek) A study by Rapid7 finds multiple vulnerabilities in Bluetooth tracking technologies, leading to possible security breaches as IoT device use continues to rise
Fake Blue Screen of Death faux-freezes your system like the real McCoy (Naked Security) There’s a new fake support scam in town, hiding behind a file calling itself Microsoft Security Essentials, and it’s trying to trick victims into contacting bogus help centers
Vulnerability Spotlight: Iceni Argus Buffer Overflows (Talos) Talos has identified two stack-based buffer overflows (TALOS-2016-0200 & TALOS-2016-0202) in the Iceni Argus pdf content extraction software. This software is used to convert a pdf document into various tagged and xml-based formats (such as XHTML)
AdaptiveMobile Finds That Thousands of North American iCloud Users’ Accounts Are Still Being Hijacked to Send Spam (Businesswire) Hackers turn growing number of iMessage accounts into spam bots that target China
Can the phishing epidemic be stopped? (GCN) Researchers at Germany's Friedrich-Alexander University (FAU) recently conducted two spear-phishing studies. Before the experiment was underway, a questionnaire was sent to all participants asking them to “rate their own awareness of security.” Of the 1,700 participants, 78 percent claimed they were aware of the risks of clicking on unknown links
Your Bill Is Not Overdue today! (SANS Internet Storm Center) Just as little as yesterday's order that "proceeded." It Look like today's ransomware subject is "Your Bill is Overdue." But then again, don't bother blocking it. Block ZIP'ed visual basic scripts. This round of Locky makes blocking a tad harder by using "application/octet-stream" as a Content-Type instead of "application/zip"
Ransomware for sale on nonsensical dark web malware site (Graham Cluley) “Everyone knows Locky! Time has come, new ransomware is arrived. Goliath is sell here”
Stolen medical records available for sale from $0.03 per record (Help Net Security) The development of the market for stolen data and related hacking skills indicate that the business of cybercrime in the healthcare sector is growing, according to Intel Security
Malicious Insider Threat as Hackers Target Healthcare IP (Infosecurity Magazine) Financial records continue to be far more lucractive on the darkweb markets than medical information, although healthcare organizations must be alive to the dangers of exploit kits, malicious insiders and attacks targeting IP, according to Intel Security
ATMs Still a Weak Link for Bank Security (Infosecurity Magazine) More than physical distraction and rogue software applications on the ATM itself, the securing of the hole in the wall has become a priority in banking security
NFC – Friend or Foe (Wapack Labs) Wapack Labs has previously exposed the hazards of using near-field communication (NFC) devices in our support during the 2016 Summer Olympics in Rio De Janeiro and other collection and research projects
Security Patches, Mitigations, and Software Updates
Emergency Flash Player patch fixes zero-day critical flaw (CSO) Adobe warns that hackers are already exploiting the vulnerability in limited attacks
Adobe Patches Flash Zero Day Under Attack (Threatpost) Adobe today released an emergency Flash Player update that includes a patch for a vulnerability being exploited in targeted attacks
Security Notification – Unity Simulator (Schneider Electric) Schneider Electric has become aware of a vulnerability in the Unity PRO Software product
New SCADA Vulnerability Enabled Remote Control Of ICS Networks; Fix Quickly Issued (HS Today) Cyber security vendor Indegy disclosed a vulnerability in a Schneider Electric software application that can be used to remotely control industrial processes at the 2016 Industrial Control Systems Cyber Security Conference in Atlanta today
Cyber Trends
Just a Quarter of Orgs Share Threat Intelligence (Infosecurity Magazine) US company boards are getting more involved in cybersecurity, but information-sharing of threat intelligence across business communities still lags
Good Harbor's Richard Clarke talks about the impact of Yahoo’s massive data breach (FedScoop) Clarke shares insights on what the government needs to protect the voting and election process, as well
Marketplace
Security Orchestration Market Worth 1682.4 Million USD by 2021 (MarketWatch) According to a new market research report"Security Orchestration Market by Component (Solution and Service), Application (Threat Intelligence, Network Forensics, Ticketing Solutions, and Compliance Management), Deployment Mode, End User, and Vertical, Region - Global Forecast to 2021 " published by MarketsandMarkets, the market size is estimated to grow from USD 826.1 Million in 2016 to USD 1682.4 Million by 2021, at an estimated Compound Annual Growth Rate (CAGR) of 15.3%
Inside The Foggy, Shady Market For Zero-Day Bugs (Motherboard) Earlier this year, the FBI abruptly ended a months-long acronymous legal battle with Apple to unlock the iPhone of a dead terror suspect. The bureau hasn’t told anyone that much about how it finally got into the phone, but experts assume someone gave the feds a way in thanks to an unknown vulnerability, or “zero-day"
Verizon exec: Yahoo deal 'still makes sense' despite security breach (Seeking Alpha) Verizon's (VZ -0.4%) $4.83B deal to acquire the core of Yahoo (YHOO -1.3%) still makes sense even in light of Yahoo's massive security breach, says Verizon exec Marni Walden
Why Verizon's Due Diligence May Not Have Caught Yahoo's Massive Security Breach (Fast Company) Cyber due diligence typically looks at overall policies and broad risk rather than scouring networks from top to bottom, experts say
AT&T/Time Warner seems headed for FCC review, whether AT&T likes it or not (Ars Technica) Time Warner has dozens of licenses that could trigger a public interest review
AT&T Secret For-Profit Spy Program Rakes in Millions (Infosecurity Magazine) AT&T reportedly has been running a massive secret spying program—funded by tens of millions in taxpayer money—for state and local law enforcement agencies to conduct warrantless searches of trillions of call records and other customer metadata, such as precise physical location
Conspiracy or cockup? Google hid ProtonMail's encrypted email service from search results (Graham Cluley) The jury is out
Qualcomm to acquire NXP Semiconductor for $47 billion (TechCrunch) Qualcomm will acquire NXP Semiconductor in a deal worth around $47 billion in a cash deal. The two chip-making giants were said to have reached an agreement last week, but today’s announcement from Qualcomm makes it official
Tenable Network Security makes first acquisition (Baltimore Sun) Tenable Network Security Inc. has acquired FlawCheck, a small San Francisco firm, in a deal that will expand Tenable's security software offerings
Tenable Network Security Acquires Container Security Company FlawCheck (Yahoo! Finance) Tenable Network Security, Inc.®, a global leader transforming security technology for the business needs of tomorrow, announced today it has acquired FlawCheck, becoming the first vulnerability management company to provide security for Docker containers and support organizations’ modern DevOps processes
Enterprise Mobile Device Configuration and Deployment Software, Tachyon, Acquired by Samsung Electronics (PRWeb) Acquisition will completely automate the setup process for Samsung’s enterprise Android devices, thereby leading to faster, more secure and cost-effective, accurate and complete rollouts
‘We have many IoT customers’ says Huawei CTO (Register) Czech 'em out
Cyber Security: Five Firms Working to Squash Cyber Attacks (Wall St. Daily) Angry at a journalist for writing mean things about you? Trying to make ends meet and need a blackmail scheme? Get your own DDoS botnet on the internet today!
Is Palo Alto's Recent Drop an Opportunity to Buy? (GuruFocus) Company looks set to ride on the expected industry growth
Why Akamai Technologies, Inc. Jumped 16% Today (Motley Fool) Tuesday's third-quarter report showed the former network performance expert taking on a lucrative role in network security
Twitter lays off 9% of its workforce as it posts a desperately-needed positive Q3 (TechCrunch) With Twitter’s acquisition hopes essentially dead, the company now seems it’s on its own to fend for itself and needs to figure out a way to build a reasonable and profitable business
Q&A: Tanium CEO thinks staying private would be giving in to the 'evil' side of Silicon Valley (Silicon Valley Business Journal) At the company's first user conference, we caught up with Orion Hindawi, co-founder and CEO of Tanium. The Emeryville-based cybersecurity firm has evolved into a $3.5 billion powerhouse since 2007, when Hindawi co-founded the company with his father David. It has raised more than $300 million in funding from Silicon Valley investors who include Andreessen Horowitz and Institutional Venture Partners
Rapid7 Earns Spot on UK Government Digital Marketplace (Econo Times) Rapid7, Inc. (NASDAQ:RPD), a leading provider of security data and analytics solutions, announced today that its cloud–delivered security solutions have been added to the Crown Commercial Service (CCS) registry and are now accessible to public sector organisations
MacB to support US NAVAIR’s cyber warfighting capabilities initiative (Naval Technology) MacAulay-Brown (MacB) has secured a multi-year basic ordering agreement (BOA) to support the naval air systems command (NAVAIR) cyber warfare detachment (CWD) initiative
Small Businesses Slow to Take Up Cyber Insurance (Scoop) New Zealand small businesses slow to take up cyber insurance despite cyber attacks
Lunarline Inc., Enters into Partnership with Carnegie Mellon University's Software Engineering Institute (Yahoo! Finance) Lunarline, Inc., an Arlington-based leader in cybersecurity consulting, services and training, added yet another important capability by signing on as a partner with the CERT® Program at Carnegie Mellon University's Software Engineering Institute (SEI). The partnership enables Lunarline to leverage SEI's world-renown body of research, frameworks and models to improve organizations' ability to manage cybersecurity and operational resilience programs from the board room to the server room
Cylance to open offices on Cork city's South Mall (Irish Examiner) An international anti-virus and cybersecurity company, Cylance, is to open offices on Cork city’s South Mall: a formal jobs announcement and commitment is due within days. It’s one of several new office moves on the South Mall, with Irish Life Health also taking space on the street from next week
Products, Services, and Solutions
This is how Microsoft is preventing hackers from hijacking IoT devices (Business Insider) Last week, a massive cyberattack knocked out many major websites across the internet, including Amazon, Netflix, Github, and Spotify
Trend Micro announces availability of XGen endpoint security (Technuter) Trend Micro Incorporated has announced the availability of XGen endpoint security. This new offering is powered by the XGen blend of cross-generational threat defense techniques that intelligently applies the right technology at the right time, resulting in more effective and efficient protection against a full range of threats
Brocade Ruckus Cloudpath ES 5.0 simplifies security and policy management (eCampus News) New release enables any IT organization to easily secure all network connections with identity-based policies
ESET unveils ESET Internet Security 10, ESET Smart Security Premium (Beta News) ESET has released two new products for home users, ESET Internet Security 10 ($59.99) and ESET Smart Security Premium 10 ($79.99)
Comodo Offers Free Forensic Analysis to Uncover Zero-day Malware Lurking on Enterprise Endpoints and Networks (PRNewswire) Zero-day malware – new malware that has never been seen before – continues to plague businesses of all sizes. Millions of these unknown files are being crafted or modified each year. They cannot be detected by existing security systems; they hide on endpoints and networks and remain among the most important and effective tools hackers use
There’s a new way to take down drones, and it doesn’t involve shotguns (Ars Technica) The advent of inexpensive consumer drones has generated a novel predicament for firefighters, law-enforcement officers, and ordinary citizens who encounter crafts they believe are interfering with their safety or privacy
MSPAlliance Launches Monthly Payment Option for Audit and Examination Program (Cleveland 19 News) MSP/Cloud Verify Program offers flexible payment options for improved cash flow and budgeting; enhances MSP/Cloud Verify community with new Slack channel
Technologies, Techniques, and Standards
Roundtable: Former Deputy Director of NSA Talks Insider Threats (Infosecurity Magazine) When you picture the typical venue for a cybersecurity discussion, the British Museum probably isn’t the first place that would spring to mind. However, yesterday, it played host to a press roundtable with Chris Inglis, former deputy director of the National Security Agency (NSA), and other representatives of security intelligence platform provider Securonix to explore the ever-evolving landscape of the insider threat
20 Endpoint Security Questions You Never Thought to Ask (Dark Reading) The endpoint detection and response market is exploding! Here's how to make sense of the options, dig deeper, and separate vendor fact from fiction
How to Easily Deny Denial of Service (SIGNAL) Some simple steps could prevent 99 percent of these types of cyber onslaughts
Opinion: How to fix an internet of broken things (Christian Science Monitor Passcode) The recent cyberattack that crippled much of the web last week took advantage of vulnerabilities in home products connected to the internet. Fixing those flaws is possible but it requires public action and industry cooperation
Let’s Clean Up The Internet By Taking Responsibility For Our Actions (Dark Reading) Imagine an Internet with multiple levels of security that users need to earn
Blog: Simple Steps for Social Media Security (SIGNAL) According to a recent report by cybersecurity developer Forcepoint, millennials might pose as serious a cybersecurity risk to enterprise networks as cyber criminals. The research found that the baby boomer generation, those aged 51 to 69, are more cautious online while the younger work force is more likely to abandon caution in exchange for digital convenience
Cyber Defense in an Imperfect World, a New Approach (Brink News) Cybersecurity has become a persistent topic in the nation’s boardrooms and C-suites, and it’s a complex problem that is often oversimplified and misunderstood
Debit Card Compromise: A Call to Action (InfoRisk Today) Experts outline immediate recommendations for bank CISOs, long-term ideas for industry
Solution to cyber skills shortage: Federal cyber range (Federal Times) In a recent blog on cybersecurity, we discussed the widespread labor shortage in the cybersecurity workforce. We believe that it’s not just a labor shortage but a skills shortage, and with the number of threats increasing daily, the way we train and vet cybersecurity analysts must change
Legislation, Policy, and Regulation
U.S. To Issue IoT Principles After Internet Cyberattack by Chase Martin, Yesterday, 9:06 AM (MediaPost) A recent large-scale series of cyber attacks brought down multiple major websites in the U.S. and now the Department of Homeland Security (DHS) acknowledges IoT device security to be a factor
Singapore Launches New Cybersecurity Strategy (Conventus Law) Singapore will embark on a new cybersecurity strategy which aims to establish a resilient cyber environment for the country. This was announced by Singapore Prime Minister Lee Hsien Loong at the opening of the inaugural Singapore International Cyber Week
Cyberwarfare: The Next President’s Most Pressing Battleground (VAR Guy) Many security providers in the channel that are well-acquainted with the myriad of security risks and vulnerabilities in businesses' networks think the issue of cyberwarfare should be front and center of this year's presidential debates. Instead, it's been a tangential issue for both candidates, despite recent massive breaches and clear threats to U.S. infrastructure from nation states like Russia
Cyber Mandates for Big Banks Would Build on Earlier Guidance (BankInfo Security) Regulators' proposed standards would ensure institutions are taking necessary steps
Feds Propose Voluntary Automotive Cybersecurity Standards (GovInfo Security) 2 Senators say guidelines don't go far enough, seek regulations
Cyber Command’s teams reach initial operating capability; Clapper says it’s time to separate them from NSA (Federal News Radio) The time has come to split U.S. Cyber Command from the National Security Agency and assign separate leaders to each organization, the nation’s top intelligence official said Tuesday
OMB reveals proposed guidance on federal IT modernization (Federal News Radio) The Office of Management and Budget has played it close to the vest when it comes to guidance on IT modernization, but it’s finally showing some of its cards
New HHS CIO on Emerging Threats, Top Priorities (GovInfo Security) Beth Anne Killoran discusses agency's cybersecurity efforts
Litigation, Investigation, and Law Enforcement
“He’s not Edward Snowden,” lawyers for accused NSA contractor tell judge (Ars Technica) Is Hal Martin a “serious risk to the public" as a magistrate judge found?
Privacy group shoots legal arrow at Privacy Shield (CSO) Digital Rights Ireland is said to have filed suit to annul a European Commission decision implementing Privacy Shield
IBM Blames Contractors for Aussie e-Census Stumble (GovInfo Security) As chief contractor, IBM is now in compensation discussions
Arrested LinkedIn Hacker Accused of Hacking DropBox, Stealing Bitcoins (HackRead) Turns out the Russian hacker accused of LinkedIn hack is a bigger fish than expected—the indictment made by Justice Department shows he was also behind Dropbox and Formspring hacks
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, Nov 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.
Upcoming Events
SANS San Diego 2016 (San Diego, California, USA , Oct 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills
2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, Oct 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.
14th Annual EWF National Conference (Scottsdale, Arizona, USA, Oct 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact with more than 350 global thought leaders in the fields of Information Security, Risk Management and Privacy. During this three-day event, members collaborate on round-table exercises, incident simulations, panel discussions and working groups. Exposure to new ideas and approaches, best practice management of everyday issues and learning from observing the best and the brightest is an excellent and abundant return on investment.
SecureWorld Bay Area (San Jose, California, USA, Oct 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Security By Design (McLean, Virginia, USA, Oct 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.
Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, Oct 30 - Nov 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.
Inside Dark Web (Washington, DC, USA, Nov 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.
National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, Nov 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.
GTEC (Ottawa, Ontario, Canada, Nov 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.
Black Hat Europe 2016 (London, England, UK, Nov 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, Jun 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, Nov 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.
3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, Nov 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.
Security of Things World USA (San Diego, California, USA, Nov 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.
2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, Nov 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.
IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, Nov 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.
SANS Miami 2016 (Coconut Grove, Florida, USA, Nov 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world
Federal IT Security Conference (Columbia, Maryland, USA, Nov 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.
11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, Nov 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.
SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers
Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, Nov 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.
Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.
SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market
Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing
Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.
CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more
Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.
Cybercon 2016 (Washington, DC, USA, Nov 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.
Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age
Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.
SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.
4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.
CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.