The CyberWire Daily Briefing 11.01.16

Summary

By The CyberWire Staff

The Shadow Brokers resurfaced for Halloween, dumping an archive they call "trickortreat" and still writing completely implausible broken English. (Why cartoonist Stephen Pastis doesn't sue them for ripping off the crocodiles' diction from "Pearls before Swine" is beyond us.) Flashpoint, who's suffered through the present participles malapropistes so the rest of us don't have to, says the dump appears to reveal server stage infrastructure used by the Equation Group. The Equation Group is thought by most observers to be, roughly speaking, an NSA contractor. Flashpoint also notes that the Shadow Brokers tend to mirror Russian President Putin's jibes at the American political system, this time, for example, calling it "free, as in free beer," a one-liner Mr. Putin delivered recently at the St. Petersburg Economic Forum.

Concerns about US elections persist—forty-six states have now asked for Federal help securing the vote. More WikiLeaks doxing is expected before next Tuesday's voting. The FBI's newly resumed investigation into candidate Clinton's State Department era email practices continues.

Google discloses flaws it discovered in Microsoft Windows and Adobe Flash.

Researchers continue to consider approaches to cleaning up Mirai and similar Internet-of-things threats. One proof-of-concept, a white-hatted worm that changes default passwords, is unlikely to pass legal muster.

Experts call for active defenses short of hacking back.

Canadian anti-bullying law may be seeing anti-journalism applications.

The Furby is back in a new, more connected form. We assume Furbys are still banned from Fort Meade and its environs? Check before you bring one to work.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, India, Netherlands, Russia, Spain, United Kingdom, and United States.

A note to our readers: We'll be in Washington tomorrow and Thursday covering the SINET Showcase 2016. We're particularly looking forward to getting to know this year's SINET 16, a selection of some of the most innovative young companies in our industry.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we meet a new partner, Palo Alto Networks' Unit 42. Rick Howard will introduce himself and the Unit 42 team. Our guest is Ferruh Mavituna from Netsparker, who will discuss content security policy. And as always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Selected Reading

Cyber Trends

Predicting The Proliferation Of Cyber Weapons Into Small States – Analysis (Eurasia Review) Recent analysis of cyber warfare has been dominated by works focused on the challenges and opportunities it presents to the conventional military dominance of the United States

Smart machines: Is full automation desirable? (Help Net Security) By 2020, smart machines will be a top five investment priority for more than 30 percent of CIOs, according to Gartner. With smart machines moving towards fully autonomous operation for the first time, balancing the need to exercise control versus the drive to realize benefits is crucial

The difference between IT security and ICS security (Help Net Security) In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about the difference between IT security and ICS security

Legislation, Policy and Regulation

Spy chief warns of cyber attack threat from Russia (Telegraph) ussia is being "increasingly aggressive" and is willing to use "propaganda, espionage, subversion and cyber-attacks" against countries including the UK, the head of MI5 has said

Philip Hammond: UK will 'strike back' if it comes under cyber-attack (ITV) The UK will "strike back" if it comes under cyber-attack, Chancellor Philip Hammond said as he announced cyber-defence funding will get a boost from a £1.9bn government security strategy

UK commits £1.9B to National Cyber Security Strategy, working with Microsoft and more (TechCrunch) The recent rush of allegations against countries like Russia and China and their possible roles against cyber attacks on countries like the U.S. have prompted a big move from the UK: the government said today that it plans to invest £1.9 billion ($2.3 billion) over the next five years in a new cyber defense strategy, called the National Cyber Security Strategy, to prepare for and fight back against cyber attacks in the future

New report: Into the Gray Zone: The Private Sector and Active Defense against Cyber Threats (George Washington University) A new report from the GW Center for Cyber and Homeland Security offers the most comprehensive assessment to date of the legal, policy and technological contexts that surround private sector cybersecurity and active defense measures to improve U.S. responses to evolving threats. The report provides a framework to develop active defense strategies and offers a set of policy recommendations to the public and private sectors to support implementation of more effective cybersecurity defenses

US Should Help Private Sector 'Active Defense,' But Outlaw 'Hacking Back', Says Task Force (Dark Reading) Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trou

U.S. Should Strike Back at Cyberattackers: Report (Security Week) The US government and private sector should strike back against hackers to counter cyberattacks aimed at stealing data and disrupting important computer networks, a policy report said Monday

The next president will face a cybercrisis within 100 days, predicts report (CNBC) The next president will face a cybercrisis in the first 100 days of their presidency, research firm Forrester predicts in a new report

Hey Silicon Valley, John Kerry Wants You to Help Save the World (Wired) When the Secretary of State pitches Silicon Valley, he’s looking for more than just series-A capital. John Kerry’s looking for help—for technological innovations that could help win the online war with extremist groups like ISIS, find a path between privacy for US citizens (and dissidents abroad) and unbreakable encryption available to terrorists, and maybe even provide energy without damaging Earth’s climate or global economies

Products, Services, and Solutions

RiskIQ Advances PassiveTotal to Improve Digital Risk Monitoring Across Growing Web, Social, and Mobile Threats (RealWire) New Internet data sets, monitoring, and project features yield greater context into attackers’ infrastructure

LockPath wins 2016 GRC Value Award for Policy Management (Yahoo! Finance) LockPath, a leader in governance, risk management and compliance (GRC) solutions, today announced the company is being honored with the 2016 GRC Value Award in Policy Management. The GRC Value Awards program recognizes real-world implementations for GRC programs and processes that have returned significant and measurable value to an organization

Optus bids to become cyber security player with $8 million operations centre (Financial Review) Optus has invested $8 million to create a new Advanced Security Operations Centre, which it hopes will position the telecommunications giant as a leading cyber security player

Inmarsat to roll out cyber security solution (Seatrade Maritime News) Satcoms operator Inmarsat is developing its own cyber security solution that it plans to roll out early next year

Potentially Unwanted Programs Put Enterprise Data at Risk. How do You Tell Good Apps from Bad Apps? (Security Week) In the beginning we just had adware. These were genuine software applications usually free to the user, but supported – or monetized – by advertising

TrapX Deception Technology Aims to Mitigate Risk of SWIFT Attacks (eWeek) As hackers take aim at financial services, there is an increasing need to find new ways to deflect attacks

Ixia Launches the First Software Solution Specifically Designed for Pre-silicon Testing (BusinessWire) Ixia IxVerify™ & Mentor Graphics Veloce® virtual network (VN) app accelerate verification of complex networking chips

Radware New Operator Toolbox Automation Tool Designed to Save Personnel Time and Simplify Operations (GlobeNewswire) First end-to-end automation tool cuts time spent on DDoS and WAF solution management, ADC provisioning, maintenance, and monitoring by more than 90 percent

Symantec Unveils the Future of Endpoint Security (BusinessWire) Symantec Endpoint Protection 14 provides multi-layered protection including advanced machine learning and response capabilities to protect and respond to cyber threats at the endpoint

SafeClix Inc. Launches Game Changing Internet Security Device; There's Hope for People in Need of a Safer Internet Experience (PRNewsire) A small, innovative Connecticut security company is launching its new flagship product SafeCLIX as the solution to securing your Windows devices

Review: Furby Connect (Wired) People of Earth, Furby has returned. And its beady eyes are aimed at your wallet

Technologies, Techniques, and Standards

What Does an Organization Need to do to Get Shadow IT Under Control? (Security Week) Shadow IT and sanctioned cloud apps are gaining ground in the enterprise. At last count, employees at enterprise-class organizations were using 841 different apps on average, according to Blue Coat Elastica Cloud Threat Labs

Best practices for enterprises to effectively combat cybercrime (Help Net Security) Employee training and cyber awareness, combined with a solid defense strategy and best-in-class cybersecurity tools and software, are essential to reducing the risks of data breaches

4 Essential IoT Security Best Practices (eSecurity Planet) With IoT security top of mind in the wake of recent IoT-based attacks, here are four tips on improving your Internet of Things security measures

Marketplace

The Cyber Insurance Emperor Has No Clothes (Exploring Possibility Space) Of course, the title is hyperbole and attention-seeking. Now that you are here, I hope you'll keep reading

Researchers Claim Wickr Patched Flaws but Didn't Pay Rewards (Security Week) Vulnerability Lab security researchers claim that Wickr Inc., the company behind encrypted messaging service Wickr, hasn’t paid promised bounties for multiple vulnerabilities disclosed years ago, although the company did patch all of them

Why India’s 'Leaky' Submarines Matter (National Interest) The wide-ranging data leak on India’s French-origin Scorpene submarines uncovered by The Australian in August 2016 has undermined New Delhi’s sensitive submarine construction program

BlackRidge Technology Wins SINET 16 Innovator Award for Cybersecurity (PRWeb) BlackRidge Technology team attends SINET Showcase in Washington, DC to accept award and present the company

Research and Development

Call for Papers (International Journal of Business and Cyber Security) We are currently seeking scholarly papers for the next issue of IJBCS which is due for publication in January 2017. This important area of research is undergoing a period of rapid change, and thus it is vitally important to be up with current developments, hence the growing interest in IJBCS () IJBCS is a scholarly and refereed journal that provides an authoritative source of information for scholars, academicians, policy makers and professionals regarding business and cyber security. It is peer reviewed journal that is published twice a year and serves as an important research platform

Security Patches, Mitigations, and Software Updates

PC Users Failing to Patch Non-Microsoft Apps (Infosecurity Magazine) UK PC users are still struggling to patch non-Windows applications, exposing themselves to unnecessary risk, according to Secunia Research

Cyber Attacks, Threats, and Vulnerabilities

“The Shadow Brokers” “Trick or Treat” Leak Exposes International Stage Server Infrastructure (Flashpoint) The hacker collective known as “The Shadow Brokers” has published another leak related to the “Equation Group” — a group of hackers believed to be operated by the National Security Agency (NSA). The group posted an archive titled “trickortreat,” leaking the pair (redirector) keys allegedly connecting stage servers of numerous covert operations conducted by the NSA. The Shadow Brokers’ most recent leak is related to the server stage infrastructure used by the various exploits from the group’s previous leak

NSA data may have been dumped in second leak (Washington Times) The group responsible for publishing National Security Agency data over the summer released hundreds of new files on Monday, exposing domains and Internet protocol addresses that could reveal who the agency has targeted over the last several years

New leak may show if you were hacked by the NSA (Ars Technica) Shadow Brokers identifies hundreds of organizations it claims were hacked by NSA

"Shadow Brokers" Leaks Servers Allegedly Hacked by NSA (Security Week) The group calling itself Shadow Brokers has leaked more files, including a list of servers allegedly used by the NSA-linked Equation Group in its attacks

Hackers apparently fooled Clinton official with bogus email (Federal Times) New evidence appears to show how hackers earlier this year stole more than 50,000 emails of Hillary Clinton's campaign chairman, an audacious electronic attack blamed on Russia's government and one that has resulted in embarrassing political disclosures about Democrats in the final weeks before the U.S. presidential election

Silicon Valley is seriously worried about a cyber attack on Election Day (CNN Money) Imagine a major attack against the Internet on Election Day with a singular goal: disrupt voter turnout

Election 2016: Cyber help requests now up to 46 states (CNN Politics) All but four states have now asked the Department of Homeland Security for assistance shoring up their election systems against cyberthreats, according to a senior DHS official

Google Publicly Discloses Security Flaw In Adobe Flash, Microsoft Windows (International Business Times) Google’s Threat Analysis Group recently discovered vulnerabilities in Adobe Flash and Microsoft’s Windows which allow malware attacks on the Chrome web browser. The company made the discovery on Oct. 21 and has also disclosed it publicly today, which isn’t sitting well with Microsoft

Google Reveals Windows Kernel Zero Day Under Attack (Threatpost) A Windows zero-day vulnerability is being used in an unknown number of attacks, Google disclosed today, 10 days after it privately reported the issue to Microsoft

Windows Atom Tables Could Blow Up Security, Researchers Say (Security Intelligence) Researchers from enSilo may have too much time on their hands: Instead of putting out fires, they came up with a method to nuke Windows security. To make it worse, this attack vector cannot be patched because of how it uses Windows atom tables, which are basic system calls, to operate

Hackforums Shutters Booter Service Bazaar (KrebsOnSecurity) Perhaps the most bustling marketplace on the Internet where people can compare and purchase so-called “booter” and “stresser” subscriptions — attack-for-hire services designed to knock Web sites offline — announced last week that it has permanently banned the sale and advertising of these services

IoT-based Linux/Mirai: Frequently Asked Questions (Fortinet) Ever since the Mirai DDoS attack was launched a few weeks ago, we have received a number of questions that I will try to answer here. If you have more follow-up questions, please let me know

Can we extinguish the Mirai threat? (Help Net Security) The recent massive DDoS attack against DNS provider Dyn has jolted (some of) the general public and legislators, and has opened their eyes to the danger of insecure IoT devices

'Do Gooder Worm' Changes Default Passwords In Vulnerable IoT Devices (Dark Reading) A security researcher has proposed an unusual approach for protecting Internet of Things devices against Mirai-like threats. It's not likely to see the light of day, either

Anti-worm ‘Nematode’ Could be Answer to Mirai Botnets (Infosecurity Magazine) A security researcher has uncovered what is claimed to be an effective way to mitigate the threat from Mirai-powered IoT botnets like the one that caused a massive internet outage over a week ago

After botnet attacks, stakes rise for security in connected things (Christian Science Monitor Passcode) At the Security of Things Forum in Washington, cybersecurity experts addressed the challenges of securing the Internet of Things after hackers shut down large segments of the web by taking advantage of insecure connected devices

Trend Micro: Fake Apple iOS Apps Are Rampant (Infosecurity Magazine) The Apple iOS environment is riddled with malicious fake apps, signed with enterprise certificates and had the same Bundle IDs as their official versions on the App Store. Repackaged versions of Pokemon Go, Facebook, and several other gaming apps are just some of the affected titles

Nymaim Dropper Updates Delivery, Obfuscation Methods (Threatpost) A new variant of the Nymaim dropper has been identified that includes updated delivery and obfuscation methods, and the use of PowerShell routines to download its payloads

Indetectables RAT Receives Help from Several White Hat Hackers (Wapack Labs) In late September 2016, a Spanish speaking hacker released an updated version of a popular white hat developed Remote Access Tool (RAT) named “Indetectables RAT” on the Spanish language hacker forum Indetectables[dot]net

Lost thumb drives bedevil US banking agency (CSO) The drives contained privacy information and their loss is "a major information security incident"

Services disrupted at three UK hospitals due to virus attack (Help Net Security) Computer systems of the Northern Lincolnshire and Goole NHS Foundation Trust have been hit by a “virus”, and the HNS Trust reacted by shutting down the majority of them

History and Evolution of the Locky Ransomware (HackRead) Although Locky sounds like fun, it actually denotes one of the today’s prevalent ransomware families

Trick or Tweet: the 5 Spookiest Social Media Cyber Security Incidents (ZeroFOX Team) The rise of social media cyber security incidents has been explosive in recent years. According to Cisco, Facebook scam are now the #1 way to breach the network. In the spirit of Halloween, ZeroFOX is looking back at the 5 scariest cyber security incidents we’ve seen on social networks. It ranges from high-profile account hacks to nasty malware distributed via Facebook or Twitter

Academia

La Trobe University campuses to become futuristic mini-cities with Optus partnership (The Age) La Trobe University campuses and its students will be test beds for futuristic parking, safety and traffic technology, as part for an $8 million partnership with Optus

Litigation, Investigation, and Enforcement

How Canada’s Anti-Cyberbullying Law Is Being Used to Spy on Journalists (Motherboard) Patrick Lagacé, a columnist for Montreal’s La Presse newspaper, says that police told him he was a “tool” in an internal investigation when they tapped his iPhone’s GPS to track his whereabouts and obtained the identities of everyone who communicated with him on that phone

FBI Obtains Warrant Needed to Start Reviewing Emails Found on Laptop Used by Clinton Aide (ABC News) Federal investigators looking into the Hillary Clinton email matter have obtained a warrant needed to start reviewing the emails found on a laptop used by Clinton aide Huma Abedin and her husband, Anthony Weiner

What to Know About the New Clinton-Related Emails (ABC News) The revelation that the FBI is working to review a cache of newly discovered emails potentially tied to the agency’s probe of Hillary Clinton’s private email server has jolted her campaign and put FBI Director James Comey in the crosshairs of even longtime supporters. But exactly what do we know about the emails? The bottom line: not much

FBI Director Comey in hot seat in wake of Clinton e-mail announcement (Ars Technica) Voters appear unmoved by story: Clinton leads Trump by 3 in the polls—same as before

Attacks on FBI Director James Comey Over Russia Are Completely Premature (Law Newz) A new report published on Monday afternoon claims FBI Director James Comey opposed coming out with a statement accusing Russia of attempting to meddle in the 2016 election

Lawmaker: Clinton left classified papers in Russia, China (Washington Examiner) House Intelligence Committee Chairman Devin Nunes charged Monday that Hillary Clinton left sensitive documents while traveling overseas, and demanded an answer to those charges by the middle of this week

Judge Rules in Favor of Palantir in Lawsuit Against US Army (Defense News) In what could be a big blow to the Army’s current path to develop its internal intelligence software suite -- which has been long been marred in controversy -- a presiding judge in a lawsuit brought by Palantir Technologies protesting the Army’s acquisition efforts for the system has ruled in favor of the Palo Alto-based company

WhatsApp Blasted by EU Data Protection Group Over Facebook Sharing (Threatpost) Yet another privacy coalition is urging WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws on the books in Europe

Dutchman 'Who Almost Broke the Internet' to Go on Trial (Security Week) A Dutchman accused of launching an unprecedented cyberattack that reportedly "almost broke the internet" is to go on trial Tuesday on charges of masterminding the 2013 incident that slowed down web traffic world-wide

Anthem subpoenaed over cybersercurity knowledge prior to that massive 2015 data breach (Healthcare DIVE) A class-action lawsuit against Anthem, brought in follow-up to the insurer's massive 2015 data breach, is asking the federal government to share documents from an audit

OPM left doors open on personal and confidential data (Federal News Radio) Don’t make promises you can’t keep and don’t forget to lock the door

600,000 breach victims need to re-enroll in credit monitoring services, OPM says (Federal News Radio) Victims of the Office of Personnel Management’s cyber breach who enrolled in credit monitoring services with Winvale/CSID about 18 months ago will soon have to re-enroll for the same services with a new vendor

Hacker busted after laundering money using his own email and IP address (Graham Cluley) Never underestimate the stupidity of idiots

Design and Innovation

Former CYBERCOM official calls for human oversight of autonomous systems (C4ISRNET) There must be human input and oversight when it comes to autonomous systems meant to make decisions on when, where and on whom to pull the trigger, the former deputy commander of U.S. Cyber Command said during a panel at a conference focused entirely on the so-called third offset strategy

Injecting Security Into DevOps (Information Security Buzz) DevOps is now being met by the OpsDev movement, which some say is just NetOps with SDN thrown in

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the complexity and the scalability of the main challenges of today’s cyber threats. The regional cybersecurity summit has been conducted for the last 4 years under the umbrella of ITU-ARCC in Oman to share experience and knowledge, learn from each other, get in tight to recent updates and collaborate to enhance organizations’ cybersecurity became a must.

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Shadow Brokers dump alleged Equation Group server stage infrastructure. Google discloses Windows, Flash bugs. A worm dons a white hat. Anti-bullying turns anti-journalism? Furby's back, more connected than ever.