The CyberWire Daily Briefing 10.28.16

Summary

By The CyberWire Staff

Vladislav Surkov, the Putin consigliere who doesn't use email? He uses email. Several of the very large number of documents hacked and released by CyberHunta are confirmed as genuine; some of them indicate Russian government contingent plans to force a showdown over the Donbas as early as next month.

Meanwhile, Mr. Putin dismisses (widely believed, strongly supported) claims that Russia is meddling in US elections, accusing American officials of acting like a bunch from a Banana Republic (he has the dismissive stereotype of a small Central American government in mind, not the clothing retailer) trying to whip up "hysteria."

Mirai botnets are continuing spurts of activity against targets that strike observers as selected more-or-less randomly. Since Mirai's source code was released, Arbor Networks has been tracking its mutations. Hackers (dismissed by Motherboard as "wannabes") have been adding buggy features to that code.

The DDoS attacks against Dyn a week ago were very large, perhaps exceeding a terabyte per second. Various proposals for dealing with botnet-driven distributed denial-of-service attacks by ISPs include increased filtering and blocking (controversial because of the potential for censorship or other other misuse) and notification to customers of device compromise.

Some promising university research into ways of controlling the traffic amplification and reflection provided by blackmarket "booter" (or "stresser") services is out.

EnSilo reports finding a code-injection vulnerability affecting all Windows versions—they're calling it "AtomBombing."

RIG and Neutrino continue to distribute ransomware, respectively CrypMIC and Cerber.

The Australian Red Cross has suffered a major data breach.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bulgaria, Chad, China, Ethiopia, Gabon, Israel, Kenya, NATO, New Zealand, Nigeria, Russia, Singapore, Uganda, United Kingdom, United States, and and Zimbabwe.

A note to our readers: OK, we know you're tired of hearing this, but National Cyber Security Awareness Month is now in its final full week. The theme is "our continuously connected lives: what's your 'apptitude'?" It's "apptitude" (sic) as in "app," get it? So seriously, spare a moment to think about how you're choosing, downloading, and using apps. The digital exhaust you save could be your own.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at the University of Maryland's Center for Health and Homeland Security as Ben Yelin describes his experience testifying about surveillance technology at the Maryland State House. Our guest, Dug Song from Duo Security, argues against the conventional wisdom that holds “it's not if, but when,” you'll be hacked. (He's not buying it.) As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Selected Reading

Cyber Trends

Computer Users Offer a Word about Cybersecurity: Enough (SIGNAL) As DHS' cyber aware month winds down, people report security fatigue

Watch The FBI's Hilariously Overacted Cybersecurity PSAs (Motherboard) Sacred of being hacked? Have no fear, Americans, the FBI is here to help. Earlier this week, the agency released a collection of amazing, hilariously overacted cybersecurity public service announcements on YouTube

Famed former FBI agent Eric O'Neill gives sober warning about cyber espionage (San Diego Union-Tribune) You probably don’t know his name, but you likely know what he did

The Shifting Cyber Attack Target Set And Why It Matters To The Mid-Sized Business (CTO Vision) For years now the firms with the most to lose by cyber crime have been investing in cyber defense technologies, techniques and procedures designed to mitigate threats. Motivation do enhance defenses has largely been directly correlated to the potential for loss

Five Key Cybersecurity Lessons from ISACA’s CSX North America Conference (Payment Week) ISACA’s CSX 2016 North America conference convened last week in Las Vegas to discuss emerging cybersecurity challenges and opportunities

Legislation, Policy and Regulation

Putin’s Chaos Strategy Is Coming Back to Bite Him in the Ass (Foreign Policy) The Russian president has sown confusion and conflict around the world the past two years. But his short-sighted meddling isn’t the work of a mastermind

Facebook’s Free Basics Is an African Dictator’s Dream (Foreign Policy) The tech giant’s no-frills app gives governments a version of the internet they can influence, if not totally control

Former High-Ranking IDF Intel Official: Recent Cyber Attack Against Major US Websites Was ‘Reminder’ of Dangers Posed by Cyber Warfare (Allgemeiner) Cyber attacks are one of the biggest threats facing the world today and countries must rise to the challenge posed by this new type of warfare, a former high-ranking IDF intelligence official told The Algemeiner on Thursday

Bulgaria and NATO boost cooperation on cyber defence (NATO/OTAN) Bulgaria and NATO will boost their cooperation on cyber defence. A new Memorandum of Understanding, signed during NATO Defence Ministers’ meeting in October 2016, will facilitate information-sharing on cyber threats and best practices, improve the prevention of cyber incidents and increase Bulgaria’s resilience to cyber threats. Furthermore, the new arrangement will facilitate assistance between NATO and Bulgaria’s cyber defence authorities in case of need

White House probes centralized cyber capabilities (FCW) The White House is working on a plan to create a centralized cybersecurity model for agencies that could guide federal cybersecurity efforts for the next four to eight years

The FCC just passed sweeping new rules to protect your online privacy (Washington Post) Federal regulators have approved unprecedented new rules to ensure broadband providers do not abuse their customers' app usage and browsing history, mobile location data and other sensitive personal information generated while using the Internet

Products, Services, and Solutions

Known unknown (Economist) Another crypto-currency is born

Microsoft Extends Malicious Macro Protection to Office 2013 (Threatpost) Microsoft is combating a surge in macro-based malware with a new feature that allows system administrators to configure Office 2013 to block Word, Excel, and PowerPoint macros. The capability had previously been introduced in March by Microsoft for its Office 2016 software

Microsoft offers security for Azure against IoT vulnerabilities (Australian) Microsoft decision to secure the Internet of Things for Azure customers is timely, just after the Dyn DDoS attacks

IBM Launches new anti-malware updates to ward off cyber attacks on banks (Econmic Times) Global technology service provider IBM has launched behavioral biometric analysis capabilities in its digital banking fraud prevention technology, Trusteer Pinpoint Detect, using patented technology for real-time fraud detection

PwC Honors Morphisec with People's Choice Award for the Most Innovative and Promising Solution (PRNewswire) Morphisec, pioneer of Moving Target Defense (MTD) technology and leading provider of endpoint threat prevention solutions, today announces it has been recognized by PricewaterhouseCoopers as the People's Choice Award winner at PwC Cyber Security Day 2016 in Luxembourg

Securonix's SNYPR Security Analytics Platform Recognized with the 2016 InfoTech Spotlight Big Data As-a-Service Excellence Award (MarketWired) The industry's most advanced security analytics platform is honored for innovation and leadership in a rapidly growing tech segment

Fortinet's FortiCare 360 Degrees Cloud Service Delivers Continuous Assessment of Enterprises' Network Security Posture (Broadway World) John Maddison, senior vice president of products and solutions, Fortinet: "Misconfigured, suboptimized, and unpatched security components are the number one cause of security incidents reported globally, according to Verizon's 2016 Data Breach Investigations Report

Palo Alto Networks Named a Strong Performer in Endpoint Security Report (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced that its Traps™ advanced endpoint protection offering was recognized by Forrester® Research as a strong performer among endpoint security suite providers

Security apps you need on your new Pixel (CSO) Google's new Pixel phone

Technologies, Techniques, and Standards

Former Boeing executive to take over Auto-ISAC to help US automakers with cyber security (First Post) The organisation that automakers in the United States created to cope with cybersecurity threats said on Wednesday it has hired a former Boeing Co executive as its leader. Faye Francy, who most recently was head of the aviation industry’s cyber security clearinghouse, known as the Aviation-ISAC, will take over the Automotive Information Sharing and Analysis Center, or Auto-ISAC

Can Banks Protect Against the Threat of Everyday Devices? (American Banker) There's a lesson for banks in the cyberattack that took down PayPal, Netflix, Facebook, and other sites for hours — and it's not just "have a backup domain name system provider"

Marketplace

Cyber insurance is the next frontier (ITWire) New figures from Norton by Symantec state that just 19% of small businesses in Australia and 9% in New Zealand are looking to purchase cyber cover in 2017

Booz Allen Hamilton Launches External Security Review in Wake of Harold Martin Arrest (Wall Street Journal) Company hires former FBI director Robert Mueller to conduct review

Blog: Cybersecurity Diligence in M&A Transactions: Lessons from Verizon/Yahoo! (JDSupra) Recently, in the midst of an M&A transaction involving Verizon and Yahoo!, news broke of a Yahoo! cybersecurity breach that had occurred approximately two years earlier. This event raised a lot of speculation around what effect the breach may have on the deal, including by how much it might change the valuation of the transaction (with some commentators speculating in the multiple billions of dollars) and whether Verizon might try to walk away from the deal by invoking a clause which gives it the right to avoid closing the transaction if the purchased business suffers a “material adverse effect.” Regardless of the outcome, the Verizon/Yahoo! situation highlights the importance of cybersecurity diligence and data privacy and security provisions generally in M&A deals

FireMon acquires Israeli cloud security co FortyCloud (GLOBES) The Hod Hasharon startup will boost FireMon's cloud management capabilities across all major cloud platforms

Is the NSA mellowing on Huawei? (American Enterprise Institute) Ten days ago, the American Enterprise Institute hosted NSA Deputy National Manager for National Security Curt Dukes for a conversation on the defense of cyberspace, which included a wide-ranging discussion of US intelligence agencies’ methods of detecting and countering cyberattacks, addressing software flaws, and planning for longer-range protection of US cybersecurity systems

Cybersecurity Stocks Benefit Of Global Increase In Cyber Attacks (ValueWalk) Cyber attacks are currently one of the top five global risks according to the World Economic Forum and are plaguing individuals, corporations, and institutions alike

Company failures like Wynyard Group attract tall poppy syndrome (Stuff) It is sad to see the news this week of Wynyard Group's troubles, the intelligence software company has been a high profile, high speed growth story ever since it was spun out of Jade Software in 2012

Fighters of cybertheft spend their time on the ‘dark net’ (Fox 31) In a high-rise above downtown Denver, a group of elite cybersecurity technicians are hard at work combing through an unusual and unpredictable online underworld

What is the Sophos security opportunity? (ARN) Hacking small business is creating more business for partners

FireEye Inc (FEYE) Stock Is Losing Its Security (Investor Place) FireEye stock lost its growth potential

WWT and Tanium Establish a Powerful Strategic Partnership (BusinessWire) Alliance extends ability to deliver integrated solutions that mitigate risk, enhance threat intelligence and optimize security incident response

Fortinet Sees Sales Slip As North American Restructuring Takes Hold (CRN) Fortinet reported a 23 percent drop in third-quarter net income as its North American sales realignment is taking longer than expected to yield results

Hackers Earn $215,000 for Hacking Nexus 6P, iPhone 6S (HackRead) Tencent Keen Security Lab team hackers win $215,000 for infecting a fully updated and patched Nexus 6P

CrowdStrike adds to senior management team (BanklessTimes) Cloud-delivered endpoint protection provider CrowdStrike has added a pair of executives they hope will help them meet the global demand for its services

Security Patches, Mitigations, and Software Updates

Cisco Patches Critical Vulnerability in Facility Events Response System (Threatpost) Cisco Systems issued a security bulletin Wednesday for a critical vulnerability found in its IP Interoperability and Collaboration System (IPICS). The feature is a key part of a mechanism used by Cisco to facilitate emergency responses for “facility events”

Cyber Attacks, Threats, and Vulnerabilities

Some hacked e-mails, documents from Putin advisor confirmed as genuine (Ars Technica) Ukrainian hacking group's haul shows Russian plans to destabilize Kiev...maybe

Киберхунта Передает Привет Суркову (Киберхунта!) Мы, украинские патриоты «КиберХунта», сегодня получили доступ и полностью контролируем переписку одного из почтовиков врага Украины В. Суркова

Putin: US is a 'Banana Republic' Whipping Up Hysteria Over Hacking (Motherboard) US officials are trading in “hysteria” when it comes to Russian hacking claims, according to Russian President Vladimir Putin

Putin slams US for alleging Russian meddling in elections (International Business Times) The Russian president denied that Donald Trump is the Kremlin's favoured candidate

Hacking the Presidential Election: Can It Happen? (eSecurity Planet) Hackers can leverage lots of technical vulnerabilities to affect election results. But a coordinated attack would be tough, due to voting systems' fragmented nature

Malware from Friday's DDoS attack continues to harass in short bursts (CSO) Mirai-powered botnets are found attacking new, seemingly random targets

Wannabe Hackers Are Adding ‘Terrible’ and ‘Stupid’ Features to Mirai (Motherboard) In early October, a hacker named Anna-senpai published the source code of a malware created to automatically scour the internet for poorly secured and easy-to-hack connected devices that could be enlisted into an Internet of Things zombie army. That malware, known as Mirai, has fueled some of the worst cyberattacks the internet has ever seen, including one that took down Twitter, Reddit, Netflix and other popular sites as collateral damage last week

Mirai IoT Botnet Description and DDoS Attack Mitigation (Arbor Networks) Since its inception in August of 2016, the Mirai ‘Internet-of-Things’ (IoT) botnet, comprised largely of Internet-enabled digital video recorders (DVRs), surveillance cameras, and other Internet-enabled embedded devices, has been utilized by attackers to launch multiple high-profile, high-impact DDoS attacks against various Internet properties and services

Dyn DDoS Could Have Topped 1 Tbps (Threatpost) As more time passes, researchers are getting insight into the size and structure of the DDoS attack against DNS provider Dyn last week, and the capabilities of the Mirai botnet

The Big DDOS Attack And What IOT Cyber Security Do We Need? (Hufington Post) Several Internet experts have been warning for years that the Internet was vulnerable to attack with pinch points like DNS services that translate URLs into machine addresses

Are the Days of “Booter” Services Numbered? (KrebsOnSecurity) It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as “booter” or “stresser” services, new research released today suggests

Internet Providers Could Be the Key to Securing All the IoT Devices Already out There (Wired) A cyber attack on the Internet infrastructure company Dyn on October 21 hindered internet browsing for hours while the company scrambled to restore service. The as-yet unidentified attackers were helped by a millions-strong army of Internet of Things devices, including enterprise webcams and DVRs, that were quietly conscripted into a botnet to launch the denial-of-service attack. The incident is the latest reminder that many IoT devices aren’t adequately secured. These types of attacks will continue as long as a large enough number of vulnerable devices exists. So the question facing the security industry is how to shrink that number

Mirai - How a Botnet Made IoT a Security Reality (Infosecurity Magazine) Following the news of the 1Tbps DDoS attack on DNS provider Dyn last week, which was apparently enabled using the power of IoT devices, the buzzword is well and truly back in the headlines

Anything Connected to the Internet can be Target of Cyber Criminals (The New Paper) Recent problems with StarHub's broadband network caused by its customers' own machines

Understanding IoT botnets (Help Net Security) IoT botnetsIf you were online on Friday October 21st, you were probably affected by the DDoS attack against managed DNS provider Dyn

New code injection method exposes all versions of Windows to cyberattack (ZDNet) Updated: To make matters worse, there is no fix

AtomBombing: A Code Injection that Bypasses Current Security Solutions (Ensilo Blog) Our research team has uncovered new way to leverage mechanisms of the underlying Windows operating system in order to inject malicious code. Threat actors can use this technique, which exists by design of the operating system, to bypass current security solutions that attempt to prevent infection. We named this technique AtomBombing based on the name of the underlying mechanism that this technique exploits

An analysis of the RIG exploit kit (Nettitude Labs) Over the last few weeks, we have observed an increase of RIG exploit kit alarms, delivering CrypMIC ransomware. This happened shortly after a major malvertising campaign, that delivered the same ransomware via the Neutrino exploit kit, was shut down by Cisco’s Talos Security Intelligence and Research Group earlier this month [1]. It appears that several different malvertising campaigns such as “Pseudo-Darkleech” or “ElTest” are now levering the RIG exploit kit

Neutrino exploit kit sends Cerber ransomware (SANS Internet Storm Center) Seems like we're always finding new ransomware. In early March 2016, BleepingComputer announced a new ransomware named Cerber had appeared near the end of February. A few days later, Malwarebytes provided further analysis and more details on subsequent Cerber samples

Easy Solutions Releases Fraud Beat 2016 (Yahoo! Finance) Easy Solutions, the Total Fraud Protection® company, today released The Fraud Beat 2016 – Taking Pulse of Cybercrime, a new report that identifies the most recent and sophisticated cyber-attacks impacting companies, financial institutions and consumers across the globe. The report also provides exclusive insight into the future of online attacks and the best recommended protection practices to minimize the risks and effects of targeted threats

The Fraud Beat 2016 (Easy Solutions) The digital revolution, led by users who are always connected to the Internet through their smartphones, offers boundless financial opportunities for banks and businesses. But it is also attracting the attention of cybercriminals for the same reasons

Personal data of 550,000 Red Cross blood donors was breached (CSO) The leak in Australia happened because a file was left unsecured by a third party provider

Australia’s biggest data breach sees 1.3m records leaked (IT News) Medical data exposed

Hackers target all major UK banks with new Twitter phishing campaign (International Business Times) Hackers posing as customer support staff on Twitter to hoodwink customers into divulging credentials

Academia

Security community needs “cultural change”, warns Australia’s newest Cyber Guardian (CSO) Cybersecurity experts need to take a more progressive approach to security education and drive a “cultural change” to improve accessibility to high-level security skills, Australia’s newest SANS Institute-accredited Cyber Guardian has advised

USNA breaks ground at new Cyber Security Studies Center (Joint Base Journal) The U.S. Naval Academy (USNA) held a groundbreaking ceremony for its new $106-million Center for Cyber Security Studies Oct. 21

Litigation, Investigation, and Enforcement

US: Contractor in NSA case had intelligence officers' names (McClatchy) Classified information stolen by a former National Security Agency contractor included the names of covert intelligence officers, according to a federal court filing on Thursday

Report: Chinese Spies Stole Pentagon Secrets (Washington Free Beacon) Beijing's human, technical spying increasing and poses serious threat

Who’s Responsible When Your DVR Launches a Cyberattack? (Atlantic) The companies who make the devices could be held accountable

EU privacy watchdogs seek answers from WhatsApp and Yahoo about users' data (CSO) They told WhatsApp to stop sharing users' data with Facebook until an EU investigation is complete

Treasury, DOJ, DHS joining forces to fight phone scams (Federal News Radio) It started with Homeland Security Department officials, then Internal Revenue Service agents

Jose Santana Pleads Guilty In Cell Phone Fraud Scheme (Dark Reading) Santana and co-conspirators committed identity theft costing victims $150,000, according to US Department of Justice

Feds Bust Teen for Allegedly Offering Dark Web Contract Killing Services (Motherboard) One of the most prevailing myths of the dark web is the existence of hitmen; technologically sophisticated murderers who offer their services in exchange for cash. The sites, however, are likely scams; some more elaborate than others

Florida Man To Plead Guilty in JPMorgan, Bitcoin Hack Case (Dark Reading) In Manhattan District Court today Michael Murgio will admit to operating an illegal money transmitting business and paying a bribe to gain access to a credit union

Suspect arrested in Phoenix-area cyber attack on 911 phone systems (12 News) Meetkumar Hiteshbhai Desai, 18, was arrested and booked into the 4th Avenue Jail on three counts of felony computer tampering

Pennsylvania man sentenced to 18 months for celeb hacking (CSO) The man wasn’t charged with the leaks of intimate snaps of female celebrities

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.

upcoming Events

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have certifications that are aligned with DoD Directive 8570/8140 and all courses at this event are associated with GIAC Certifications. This event was planned to give you the weapons you need to defend against attackers and advance your career. You will learn from leading experts in courses that have been carefully selected to arm you with the latest tactics and strategies that will sharpen your skills

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

CyberHunta doxing of Kremlin looks genuine. Mirai botnets continue spasmodic attacks. Defense against DDoS explored. Windows vulnerable to code injection. RIG and Neutrino EKs still spread ransomware. Australian Red Cross blood donor records breached.