The CyberWire Daily Briefing 11.02.16

Summary

By The CyberWire Staff

ISIS territory continues to shrink, and its opponents turn to information operations against the Caliphate's coming diaspora. Various Anonymous affiliated hackers have been after ISIS for some time; it's unclear, says Motherboard, with what effect.

Analysts have now sifted through the Shadow Brokers' trickortreat data dump and find it mostly old news—the servers listed apparently weren't in Equation Group use after 2010. The Shadow Brokers are still grumping about the wealthy elites, US elections, and people not bidding on the exploits being auctioned.

Microsoft says the Windows zero-day Google publicly disclosed this week is being actively exploited by APT28, the Russian threat actor also known as Fancy Bear, a GRU operation best known for recent incursions into US political organizations. (Britain's MI5 is also raising an alarm about Russian intelligence services' growing activity in cyberspace.) Microsoft is upset with Google over the disclosure, which Redmond says has needlessly exposed Windows users to attack. A patch won't be available until next week at the earliest.

Terbium has a report on the sinister-sounding dark web, which became famous in the popular mind during the Silk Road prosecutions. But while there's certainly bad stuff going on there, most of the activity on the dark web is perfectly innocent, or at the very least legal: it's just the Tor accessibility that makes the dark web dark.

A bogus Android Flash player is a vector for an unusually capable banking Trojan.

NIST has released CyberSeek, an online tool showing where the sector's jobs are.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Bosnia, China, Iran, Iraq, Japan, Republic of Korea, Netherlands, Russia, Syria, United Kingdom, and United States.

A note to our readers: We'll be in Washington today and tomorrow covering the SINET Showcase 2016. Watch for full coverage in upcoming issues.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partners at Ben-Gurion University are represented by Ran Yahalom who'll talk about how you go about hiding data in USB devices. Our guest, Jerry Thompson from Identity Guard, will discuss innovations in identity protection. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Sponsored Events

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Selected Reading

Cyber Trends

Observations and Implications from the 2016 ICS Cyber Security Conference (Control) The 2016 ICS Cyber Security Conference was held October 24-27, 2016 at Georgia Tech in Atlanta

Most employees violate policies designed to prevent data breaches (Help Net Security) Companies are increasing technology investments to protect against external data breaches, but employees pose a bigger threat than hackers, according to CEB. To mitigate the rising costs of breaches, organizations need to reduce the burden of complying with privacy policies

New Era of Complex Military Operations Brings Cyber Concerns to Forefront (SIGNAL) The future of warfighting is smaller and lighter—technology that will let troops conduct battles from a smartphone or tablet, said Lt. Gen. Alan Lynn, USA, director of the Defense Information Systems Agency, or DISA.

Majority of IT security teams experiencing 'threat overload,' neglect to share security data (Healthcare IT News) Security departments within organizations aren't prepared to share threat intelligence, and even more don't use threat data to combat malicious activities, according to a Ponemon report released today

Legislation, Policy and Regulation

“Cybervandalism” or “Digital act of war”? America’s muddled approach to cyber incidents won’t deter more crises (Lwfire) If experts say a malicious cyber code has “similar effects” to a “physical bomb,” and that code actually causes “a stunning breach of global internet stability,” is it really accurate to call that event merely an instance of “cybervandalism”?

Industry reactions: UK government cyber security strategy (Help Net Security) Yesterday, the UK government announced a new £1.9bn cyber security strategy, which includes an increase in automated defences to combat malware and spam emails, investment to recruit 50 specialists to work on cybercrime at the NCA, the creation of a Cyber Security Research Institute, and an “innovation fund” for cyber security start-ups

It’s Finally Legal To Hack Your Own Devices (Even Your Car) (Wired) You may have thought that if you owned your digital devices, you were allowed to do whatever you like with them. In truth, even for possessions as personal as your car, PC, or insulin pump, you risked a lawsuit every time you reverse-engineered their software guts to dig up their security vulnerabilities—until now

The Pentagon's New Chief Innovation Officer Should Tread Lightly (War on the Rocks) Unlike most government boards, the Defense Innovation Advisory Board is a particularly eclectic assembly that includes astrophysicist Neil deGrasse Tyson, Amazon CEO Jeff Bezos, and Instagram Chief Operating Officer Marne Levin

The Cyber Implications of Acquisition Speed: Part VII (SIGNAL) Shrinking the pool of prospective bidders increases acquisition agility

Ohio taps National Guard to defend election system from hackers (CNN) Ohio is calling upon the National Guard to help defend the state's election system from hackers

Dateline

SINET Showcase (SINET) We believe that effective Cybersecurity is required to facilitate economic growth, protect critical infrastructure and maintain political stability. To accomplish this objective, SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration. SINET is a catalyst that connects senior level private and government security professionals with solution providers, buyers, researchers and investors

SINET 16 Innovator Award Overview (SINET) Each year, SINET evaluates the technologies and products of hundreds of emerging Cybersecurity companies from all over the world, and selects the 16 most innovative and compelling companies. These 16 companies, known as the SINET 16 Innovators, are invited to present their products and solutions on stage in Washington D.C. at our annual SINET Showcase

Products, Services, and Solutions

NIST Announces CyberSeek, An Interactive Resource for Cybersecurity Career Information (NIST) The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) today introduced CyberSeek (link is external), an interactive online tool designed to make it easier for cybersecurity job seekers to find openings and for employers to identify the skilled workers they need

Hack the Gap: Close the cybersecurity talent gap with interactive tools and data (CyberSeek) Cybersecurity workers protect our most important and private information, from bank accounts to sensitive military communications. However, there is a dangerous shortage of cybersecurity workers in the United States that puts our digital privacy and infrastructure at risk

LightCyber Increases Precision of Behavioral Attack Detection with Added User Behavior Visibility and VPN Granularity (LightCyber) New release uncovers malicious insider or targeted attacker faster and with even higher accuracy

NSS Labs Tests Leading Web Browsers for Secure End User Experience (MarketWired) Ransomware, socially engineered malware, and phishing increasingly used by attackers

Savvius Raises Bar for Network Forensics Software with Omnipeek 10 (Yahoo! Finance) Savvius™, Inc., leader in network analytics for performance diagnostics and security investigations, today announced a major upgrade to Omnipeek®, its best-in-class software for network performance diagnostics and troubleshooting, and now with version 10, security investigations. Omnipeek 10 dramatically streamlines network troubleshooting and security investigations using powerful packet data analytics and visualizations that can be adapted to any workflow

Tychon Formally Launches; Introduces Integrated Systems Management and Security Optimization Solution (BusinessWire) Tychon delivers comprehensive, automated, endpoint security solution to eliminate the classic “IT vs Security” separation

Webroot Introduces Unity API (PRNewswire) Unity empowers MSPs by enhancing automation and productivity, improving services and reducing security management costs

Carbon Black's Cb Defense is the First Next-Generation Antivirus (NGAV) to Prove Complete Antivirus (AV) Efficacy to Meet PCI DSS Requirement 5 (GlobeNewswire) Results from Coalfire Systems' attestation report provide evidence that Cb Defense has stronger AV efficacy than previously published reports from CrowdStrike and Cylance

Rapid7 Aims to Stop IoT Devices from Becoming Pawns in Future Cyber Attacks (Bostinno) A little over a week ago, the East Coast suffered a major cyber attack that prevented users from accessing dozens of major websites, including Twitter, Amazon, Netflix, AirBnb and Reddit. The reason the internet essentially blew up for people on the Eastern seaboard is a major distributed denial of service, or DDoS, attack had been unleashed on Dyn, a New Hampshire-based DNS service provider that resolves domain names into IP addresses

Google Security Engineer Claims Android Is Now As Secure as the iPhone (Motherboard) If you’re paranoid, Android will protect you just as well as the iPhone, according to Google’s director of security for Android

Owl Computing Technologies Announces Elite Owl Data Diode Technology Now Available at Market Entry Pricing (PRNewswire) New robust OPDS-5D cybersecurity product features lowest total cost of ownership available

Symantec launches endpoint protection solution based on artificial intelligence (ZDNet) The company's new endpoint security system uses machine learning for multi-layered defense

Symantec creates world’s largest GIN (ITWire) Symantec has combined its threat intelligence and Blue Coat Threat Intelligence into its Global Intelligence Network (GIN). This creates the security industry’s largest and most diverse set of threat data combining threat data results in 500,000 additional attacks being blocked for Symantec customers every day

Retail Industry Cyber Security Pain Points Addressed by Tailored Training Program from Wombat Security (PRNewswire) A mix of email security, social engineering, data protection and PCI DSS training modules are prescribed to address retail's biggest security awareness challenges

Hillstone CloudEdge is Microsoft Azure Certified and Available in Azure Marketplace (BusinessWire) Hillstone’s virtual network security solution is now more accessible to enterprises of all sizes in public cloud

Zscaler and Carahsoft Join Forces to Bring Leading Cloud Security Solution to the Public Sector via GSA Schedule (Yahoo!) Carahsoft Technology Corp., the trusted government IT solutions provider, today extends its existing partnership with Zscaler®, the leading cloud security platform, to bring simple, scalable cloud security as a service to organizations in the public sector

Cryptzone beefs up Software Defined Perimeter (Enterprise Times) Security vendor Cryptzone has beefed up its AppGate Software Defined Perimeter (SDP) solution. Companies are moving to a hybrid IT mix of on-premises, cloud-based and mobile computing

TrapX Ship's World's First Deception-Based Security Solution To Protect SWIFT Financial Networks (HostReview) Latest update to DeceptionGrid includes both traps and tokens targeted directly against malicious SWIFT cyber attackers

CRN Exclusive: Avnet, SentinelOne Team Up To Provide Next-Gen Endpoint Protection (CRN) The crowded security market and increased security threats make it an especially good time to see vendor partnerships that provide a clear channel benefit

Technologies, Techniques, and Standards

The DevOps Model is Not Helping to Safeguard Applications: Report (Nearshore Americas) A shortage in IT security professionals and a lack of interaction between security professionals and DevOps teams are the chief culprits

How businesses can prevent point-of-sale attacks (Computerworld) Point-of-sale malware has been targeting retailers to steal credit card data

Why Enterprise Security Teams Must Grow Their Mac Skills (Dark Reading) From coffee shops to corporate boardrooms, Apple devices are everywhere. So why are organizations so doggedly focused on Windows-only machines?

Security All Saints: security is for life, not just for Halloween (Naked Security) Yesterday, we wrote a slightly satirical Zombie Myths piece for Halloween

Centrify Reveals Seven Tips To Reduce Risks Of Data Breaches (Information Security Buzz) As National Cybersecurity Awareness Month ends today, Centrify reminds businesses to implement cybersecurity best practices

Marketplace

Consolidation in the security market: how workplace trends are shaking up cyber security (Information Age) In the past year, the Internet security market has seen several high-profile mergers and acquisitions

Cisco says it'll make IoT safe because it owns the network (Network World) The company plans to certify IoT products to take advantage of network security capabilities

SonicWall splits from Dell to become independent security vendor (ZDNet) Dell Technologies has officially spun out its software group after the EMC acquisition left a $67 billion dent in its purse

CounterTack Announces $10M Round of Funding (BusinessWire) Financing round closed to accelerate global expansion in APAC and Federal business

Falanx Group cyber revenue grows more than 1000pc (Digital Look) Global intelligence, security and cyber defence provider Falanx Group announced its interim results for the six months to 30 September on Tuesday, with the board claiming significantly increased cyber revenue to £0.3m

Pentagon awards $114M cyber contract (C4ISRNET) CSRA has won a $114 million task to develop a cyber defense strategy for various offices within the Pentagon

Forcepoint™ Announces Executive Leadership Appointment (PRNewswire) Kristin Machacek Leary joins as Vice President and Chief Human Resources Officer

Bitglass Appoints SVP Worldwide Field Operations Amid Growing Demand for Cloud-Access Security Broker Solutions (Marketwired) Former Proofpoint and Aerohive executive Dean Hickman-Smith to expand Bitglass sales into new domestic, international markets

Rapid7 Appoints Former SanDisk CFO, Judy Bruner, to its Board of Directors (GlobeNewswire) Appointment brings high-tech industry experience and expertise in driving business growth and scale

CrowdStrike Fills Two Leadership Positions (Defense Daily) CrowdStrike has appointed Jerry Dixon as chief information security officer (CISO) and Rod Murchison as vice president of product management, the company said Wednesday.The cybersecurity-focused company delivers cloud-based endpoint protection

Research and Development

Researchers Claim AI Can Identify Gang Members on Twitter (Motherboard) But the AI may only entrench existing prejudices

Security Patches, Mitigations, and Software Updates

Preventing Microsoft's Authenticode from spreading stealth malware (TechTarget) A Microsoft Authenticode vulnerability allowed malicious code to sneak through without invalidating a file's digital signature. Expert Nick Lewis explains how to address this flaw

Microsoft says you'll have to wait another week for Windows zero-day patch (Graham Cluley) Says Russian-linked Fancy Bear hacking group is exploiting flaw in targeted attacks

Cyber Attacks, Threats, and Vulnerabilities

How Anonymous and Other Hacktivists Fight ISIS Online (Motherboard) Anonymous and several offshoot hacktivists groups have been waging war on ISIS in cyberspace, but have they made any difference?

Felling ISIS and Facing Reality About Terrorism (National Interest) The so-called Islamic State or ISIS is on the decline, and its “caliphate” on the ground in Iraq and Syria is shrinking to extinction

ShadowBrokers dump Equation group hacked servers in publicity push (ZDNet) Anyone interested in buying the full NSA exploit dump? Anyone?

Russian Hacks Show Cybersecurity Limits (Wall Street Journal) The suspected attempts by the Kremlin to influence the U.S. election highlight the risks of mundane attacks and information warfare

Microsoft says Russia-linked hackers exploiting Windows flaw (Reuters) Microsoft Corp (MSFT.O) said on Tuesday that a hacking group previously linked to the Russian government is behind recent cyber attacks that exploit a newly discovered flaw in its Windows operating system

Windows zero-day exploited by same group behind DNC hack (Ars Technica) Microsoft threat teams tied use of bug to APT28, aka "Fancy Bear"

Google discloses Windows zero-day, Microsoft argues disclosure ethics (CSO) Disclosure, it's the fight that never ends

Microsoft hits roof as Google points out glaring Windows security flaw (Tech Radar) Software giant claims that Google didn’t give it nearly enough time to patch

Is Russia to blame for increasingly sophisticated cyberattacks? (Sky News) With MI5 pointing the finger at the Kremlin over the rise in cyber crime, Sky's John Sparks looks at the threat to the UK

MI5 chief not alone in voicing fears about Russian cyber-threat (Guardian) The Kremlin has dismissed Andrew Parker’s claim but others have raised concern about Russia’s online activities

New IoT Botnet Malware Borrows From Mirai (Threatpost) Researchers have thrown back the covers on more malware infecting IoT devices for the purposes of building a botnet that carries out DDoS attacks

Switching to IoT Botnets Took Businesses Offline, Reveals Nexusguard DDoS Research (BusinessWire) Analysts anticipate businesses will overhaul signature-based detection to spot and mitigate attacks

'Good' anti-Mirai worm is pulled from Github following backlash (Graham Cluley) Good virus? Not a good idea

Ransomware Disguised as Windows Update Causing Havoc among Users (HackRead) After Samba ransomware that encrypts victims’ hard drives and CryPy ransomware known for encrypting each file individually here comes Fantom, a ransomware that uses full-screen Windows updates progress UI to get users to wait while it encrypts their files

Critical vulnerabilities pose a serious threat to Joomla sites (Naked Security) Joomla, the world’s second most popular web content management system (CMS), has been under sustained attack for several days, thanks to a nasty pair of vulnerabilities disclosed last week

Google Adwords Malvertising Campaign Targets Apple Macs (Dark Reading) Cheeky attackers make their lure an ad for Google Chrome

Phony Android Flash Player Installs Banking Malware (Threatpost) Security researchers warn that a bogus Flash Player app aimed at Android mobile devices has surfaced and is luring victims to download and install banking malware that steals credit card information and can defeat two-factor identification schemes

Beware! This Android banking trojan intercepts SMS messages and bypasses 2SV (Graham Cluley) It may be targeting your bank already

Remove the Fake Hallmark eCard Tech Support Scam (Bleeping Computer) The Hallmark eCard Tech Support Scam is a Trojan from the Trojan.Tech-Support-Scam family that displays a fake Windows alert that states Windows has a system failure and then tries to scare you into calling a listed remote tech support number

The dark web isn’t quite the criminal haven you may think it is (CyberScoop) It turn out the dark web isn’t as scary, lewd or dangerous as you may have thought, according to a newly released research report from intelligence firm Terbium Labs

The Truth About the Dark Web (Terbium Labs) For most, the term dark web immediately conjures thoughts of illegal drug sales, pornography, weapons of mass destruction, fraud and other criminal acts

Data Revelations: Nominum Data Science Security Report (Nominium) October 21, 2016 was a day many security professionals will remember. Internet users around the world couldn’t access their favorite sites like Twitter, Paypal, The New York Times, Box, Netflix and Spotify, to name a few. The culprit: a massive DDoS attack against a managed Domain Name System (DNS) provider not well-known outside technology circles. We were quickly reminded how critical the DNS is to the internet as well as its vulnerability. Many theorize that this attack was merely a Proof of Concept, with far bigger attacks to come

2016 Cyber Threat Study (eSentire) A comprehensive analysis of two years of cybersecurity threat data detailing security threats to small and medium sized business

Academia

New White Paper On Role Of Cybersecurity Competitions In Workforce Development (PRNewswire) Groundbreaking discussion among thought leaders calls for increased collaboration and investment to expand reach and impact of cyber games

NKU hosts national cyber security symposium, encourages awareness of hackers (Soapbox Media) On Oct. 21, Northern Kentucky University hosted a Cyber Security Symposium. It was the ninth annual event, and featured national and local experts in the field of cyber security

Thomas Jefferson High School seniors headed to national cyber security contest (Trib Live) When Thomas Jefferson High School seniors Brett Barkley and Jonan Seeley compete in Capture the Flag, they prefer to use a computer and put their knowledge of binary and web exploitation to the test

Litigation, Investigation, and Enforcement

The Clinton emails – from humble iMac to data center (Naked Security) It seems astonishing that in 2016, it’s technology that’s nearly half a century old that is dominating the discourse around a presidential election. While presidential candidates use the latest social media platforms and analytics to judge which way the electoral wind is blowing, it’s the humble email that has been the subject of so much attention

Russia, Comey, and Hillary’s Praetorian Guard (American Thinker) The re-opening of the investigation into Hillary’s unsecured email server and associated corruption has produced some interesting counter-attacks from the Clinton camp

Hillary Clinton’s cyber-security credibility takes another hit (Pasadena Star News) For years, it has been clear that one damaging legacy of the Obama administration is its record on cybersecurity. Damaging leaks, hacks and simple carelessness have afflicted everyone from the National Security Agency to the General Services Administration to the Central Intelligence Agency

Cybersecurity firm fails to find links between Donald Trump and Russian bank (Guardian) Investigators hired by Alfa Bank say server logs show no sign of secretive contact after online report sparks debate between internet security experts

Dark web departure: fake train tickets go on sale alongside AK-47s (Guardian) Forged rail tickets are now being sold as well as drugs and passports, in an explosion of goods on offer from dark web retail services

Palantir wins court battle, gets second chance at six-figure government contract (Silicon Beat) Big-data startup Palantir will get a second chance at a coveted government contract thanks to a judge’s ruling that the company was illegally excluded from the bidding process

NullCrew member sentenced to 45 months in prison (Help Net Security) A Tennessee man has been sentenced to nearly four years in federal prison for launching cyber attacks on corporations, universities and governmental entities throughout the world

Dutch 'prince of spam' blames British teenager for worldwide 2013 cyber attack (Guardian) Defence for Sven Olaf Kamphuis says hacker called ‘Narco’ – already sentenced in UK – was behind attack

Design and Innovation

7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers (Dark Reading) The Internet of Things has alarming holes in security. The industry should look to video games for some answers

The New MacBook Pros Mark the End of Upgradeable Apple Computers (Motherboard) All Apple laptops are now un-upgradeable and are therefore disposable

Anonymous Speech Is More Important Than Ever. TED Proves It (Wired) TED is of course most famous for its TED Talks, which usually host accomplished speakers such as Bill Gates, Billy Graham, or Nobel Prize winners from various fields

Disruptive by Design: Cyber Should Take a Page From Infantry's Playbook (SIGNAL) The burgeoning cyber domain as a battlefront has done more than shift the front lines for warfighters—it has virtually erased them. At the same time, traditional armies continue to threaten U.S. national security both at home and abroad. Given the scope of cyber and conventional warfare, how does the U.S. military balance its competing needs?

Q&A: Why information security data analysis is so complex (TechTarget) Worried about bad statistics? Marcus Ranum asks the former lead analyst of the 'Verizon Data Breach Investigations Report' about storytelling with data

The NSA Chief Has A Phone For Top-Secret Messaging. Here’s How It Works (DefenseOne) The Boeing device is less a phone and more a locked-down portal to a faraway server

Autonomy out of necessity — not because it's cool (C4ISRNET) The military is moving toward greater autonomy — not because it's cool or trendy, but because it must, according to a roboticist with the Naval Research Laboratory

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, November 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.

upcoming Events

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience. Experts from government, the financial community, law enforcement and cyber security will give you the background history, current utilization and future thoughts about the fast growing misunderstood world of the Dark Web.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2016 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual conference, plus our new learning products, GTEC is your destination of choice for innovation and excellence in public sector IT. The conference program will feature a close focus on the cyber threat, particularly the threat of cybercrime, and the Canadian response to that threat.

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators present their technological solutions to representatives from the ecosystem of the entrepreneur: venture capital, investment banking, system integration, academia, science, legal, policy, private industry and executives from the Federal Government, including civilian, intelligence and military professionals. Showcase’s objective is to increase awareness of innovative solutions that may lead to an investment in, or the purchase of, advanced technologies that will help secure our nation’s critical infrastructure and command-and-control systems.

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues. The symposium is a day long event comprised of panels, Q&A sessions, tool demonstrations and networking opportunities. Focused and thorough, there are take-aways for all attendees.

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in November in San Diego to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping tomorrow’s global cyber threat landscape. The interactive, fresh and content driven format is specifically designed for leaders, visionaries and decision makers across all geographies. Strengthen your global network and form lasting relationships with other forward-thinking and inspiring leaders.

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. All proceeds from the event go to help retrain Wounded Warriors to become cyber defenders at the Wounded Warrior Cyber Combat Academy.

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Has Anonymous had an effect on ISIS? Fancy Bear exploits Microsoft zero-day (and Microsoft chides Google for disclosure). Android banking malware circulates as bogus Flash app. NIST releases interactive cyber jobs map.