The CyberWire Daily Briefing 11.09.16

Summary

By The CyberWire Staff

Yesterday Microsoft issued thirteen security bulletins, five of them rated "critical." Among the vulnerabilities patched is the one Google publicly disclosed last week, to Redmond's displeasure. That fix closes a privilege escalation hole in Windows that can be used to escape security sandboxes.

Adobe and Google also patched. Adobe addressed issues in Flash Player and Adobe Connect, fixing nine remote code execution vulnerabilities. Google addressed twelve critical vulnerabilities in Android, including the bit-flipping privilege-escalation risk known as Drammer, but Mountain View left a comprehensive fix for the Dirty Cow Linux kernel rooting vulnerability to a further round of patching. A supplemental patch did deal with Dirty Cow for Nexus and Pixel devices; other handsets will get their fix next month. Google also noted that Chrome's Safe Browsing will henceforth crack down on sites determined to be repeat offenders.

Banking malware is evolving this week. Svpeng, a mobile Trojan Kaspersky sees lurking in the AdSense network, is troubling bank customers, especially in India. IBM X-Force warns that TrickBot, a Dyre competitor, is using serverside injection and redirection against its targets.

Tesco resumes full operations, but says £2.5 million pounds were lost to debit card fraud. The money seems to have gone to crooks in Spain and Brazil.

FireEye reports a rise in Cerber ransomware attacks, largely driven by the Dridex botnet.

Oh—the US held elections yesterday, little disturbed by hacking, despite fears and a precautionary DHS all-hands-on-deck. WikiLeaks' Assange assumes the unlikely mantle of good-government advocacy—tell it to Vlad.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Albania, Bosnia and Herzegovina, Brazil, Bulgaria, Canada, China, Croatia, European Union, Finland, France, Germany, Greece, Ireland, Kosovo, Macedonia, Montenegro, NATO/OTAN, New Zealand, Nigeria, Romania, Russia, Serbia, Slovenia, Spain, United Kingdom, and United States.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the Johns Hopkins University, as Joe Carrigan discusses the privacy of medical information. Our guest is Gene Tsudik, of the University of California Irvine, who describes research into the risks of using a keyboard while Skyping. If you enjoy the podcast, please consider giving it an iTunes review.)

Selected Reading

Cyber Trends

Increasing number of financial institutions falling prey to cyber attacks (Help Net Security) 66.2 percent of financial organizations faced at least one cybersecurity attack in the last year, according to MetricStream Research

At the frontline: The cyber threat is becoming ever more subtle (City A.M.) On any given day, typing the words “cyber attack” into Google News will give you a fresh medley of hacking stories. Hollywood and Edward Snowden may have romanticised the perpetrators of these crimes, but behind most of the headlines sit one or more business owners who are the victims of these devastating breaches

Legislation, Policy and Regulation

French plan for biometric database of 60 million people sparks outcry (CSO) A government minister and the National Digital Council are among the opponents of the database

China formalises existing restraints with new cybersecurity law (ZDNet) China's top legislative body this week passed a cybersecurity law that elevates the formally 'low-level regulations' applied across the nation in areas such as security, online speech, and citizen rights

Experts Comment On New Chinese Cyber Security Legislation (Information Security Buzz) Following the news that the Chinese government has approved a broad new cybersecurity law aimed at tightening and centralizing state control over information flows and technology equipment. IT security experts from Prevoty and Lieberman Software commented below

Cloud Adoptions Practices and Priorities in the Chinese Financial Sector: Survey Report (Cloud Security Alliance) The Financial Services Institution (FSI) industry has never been an early adopter of technology. Furthermore, it is also one of the most heavily regulated industry internationally. However, with the improvement of Cloud security over the years, many FSIs have become more confident in embracing it. Having seen this trend, the Cloud Security Alliance (CSA) and Ernst & Young (China) Advisory Limited (”EY China”) have jointly conducted a survey, part of the result related with the FSI are have been used by the CSA for this report, to provide a clearer picture of Cloud adoption and to identify potential gaps that are holding back the adoption of Cloud within the FSI sector

We’re Winning The Crypto Wars (Motherboard) This year has been filled with bad news. The world of cybersecurity has been no different, with zombie armies of hacked internet-connected devices taking down the internet, seemingly endless data breaches hitting hundreds of millions of people, and Russian hackers allegedly trying to mess with the US election

US Army Races To Build New Cyber Corps (Breaking Defense) The US Army is rushing to stand up cyber forces but its progress shows both how far we’ve come, and how far we have to go

2016’s craziest “cybersex” political scandal comes from… Nebraska (Ars Technica) Skype sex scam caught one Nebraska politician and changed state policy

Products, Services, and Solutions

LockPath and Edgile Team Up to Deliver Complete Enterprise GRC Implementations (LockPath) LockPath, a leader in governance, risk management and compliance (GRC) software, today announced its partnership with Edgile, the leading security and risk consulting firm and provider of industry-specific regulatory content libraries. Edgile will support implementations of LockPath’s Keylight® Platform, allowing organizations to more efficiently manage both their compliance and cyber risk

Forcepoint integrates Stonesoft’s firewall with cloud security technologies (Economic Times) The new release improves Stonesoft’s security efficacy, provides extra operation efficiencies, and expands support for evolving infrastructures

Secucloud Chooses Qosmos As A Technology Partner To Fight Growing Cyber Threats (Host Review) Secucloud strengthens its Elastic Cloud Security System (ECS²) with a further technology partnership in the field of real-time classification of applications and protocols by integrating Qosmos ixEngine

Signal Protocol’s crypto core has no major flaws, researchers find (Help Net Security) A group of computer science and cryptography professors and doctoral students has effected a security analysis of the secure messaging Signal Protocol – specifically, of its Key Agreement and Double Ratchet multi-stage key exchange protocol (the effective cryptographic core)

Signal’s protocol gets glowing reviews in first security audit (CyberScoop) Signal is widely considered the gold standard of secure encrypted messaging apps but, until today, it hasn’t been subject to a fine-toothed audit. But the technology passed a major test Tuesday after an international team of security researchers gave the messaging platform’s security glowing reviews in its first ever formal security audit

Enhancements to Verint Enterprise Feedback Management Solution Help Make Customer Interactions More Relevant, Contextual and In-the-Moment (BusinessWire) Company expands customer personalization and interaction opportunities via mobile applications and IoT devices with geolocation targeting and more

Forrester Research Inc. (NASDAQ:FORR) and Verint Partner to Deliver Unprecedented Actionable Intelligence (Benchmark Monitor) Research and advisory firm Forrester Research Inc. (NASDAQ:FORR) and Verint® Systems Inc. announced a partnership designed to provide a holistic approach to customer experience (CX) measurement and management

Technologies, Techniques, and Standards

The 7 Types Of Security Jobs, According To NIST (Dark Reading) NIST's Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth

The Enemy Within: The Soft Underbelly of Cybersecurity (Metropolitan Corporate Counsel) “Cybersecurity” is a term that occupies virtually everyone these days. The list of U.S. government agencies that have been hacked seemingly grows with each passing day and includes the White House, the Pentagon, the State Department, the Office of Personnel Management, the National Oceanographic and Atmospheric Administration, and even the U.S. Postal Service

Ransomware Doesn’t Have To Mean Game Over (Dark Reading) 3 methods can help you recover from a ransomware attack relatively unscathed

Every Minute Of Security Planning Will Save You 10 Minutes In Execution (Dark Reading) Leveraging automation, orchestration, and interoperability in your cybersecurity plans now will save you significant time later

Prepare to manage the aftermath: reducing the impact of cyber crime (Deloitte) Organisations can take up to five years to recover from a serious cyber breach, and some never recover at all, says Deloitte Africa. Preparedness helps organisations manage the aftermath of an attack more effectively

Stay Vigilant To The Evolving Threat Of Social Engineering (Dark Reading) Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention

National Security: A Matter for Public Companies (Forbes) Several news outlets recently reported on the release of a suite of hacking tools apparently stolen from the NSA. Should we be concerned?

IT Departments ‘Should Report’ To Cybersecurity Teams To Combat Threats (TechWeek Europe) Malwarebytes CISO Justin Dollu has flipped the traditional IT hierarchy so tech adoption is done with cyber security in mind

Marketplace

VC-backed Thycotic acquires Cyber Algorithms (PE Hub) Thycotic, which is backed by Insight Venture Partners, has acquired Virginia-based Cyber Algorithms, a provider of network security analytics. No financial terms were disclosed

Synopsys Expands Software Security With Cigital, Codiscope Acquisitions (Dark Reading) Deal is expected to close by December 2016 and will be funded with combination of US cash and debt

Booz Allen, Techstars Name 6 Teams for Cyber Tech Development Program (ExecutiveBiz) Booz Allen Hamilton and Techstars have unveiled six teams comprised of startups and Booz Allen’s product teams that will work to develop cybersecurity technologies

Peter Thiel explains why his company’s defense contracts could lead to less war (Washington Post) When billionaire tech investor Peter Thiel explained his support for Republican nominee Donald Trump at length to a room of journalists last week, he based part of his rationale on the notion that Washington “insiders” currently leading the government have “squandered” money, time and human lives on international conflicts

RedSeal Reports Positive Cash Flow and Profitability in its Strongest Quarter to Date (RedSeal) Record revenue and gross margins propel cyber analytics company’s Q3 momentum

Dublin’s key role in the global cybersecurity challenge (Irish Central) You never have to look too far for a headline about the latest computer hack. The most recent one highlighted the dark side of all the IoT devices we surround ourselves with

NSS Labs Welcomes Gautam Aggarwal as Chief Marketing Officer (CMO) for Heading Marketing and Products (Marketwired) Seasoned cyber security and high tech-executive brings decades of experience for leading product development and driving NSS Lab's new go-to-market strategies

Vectra Networks appoints security industry executive Kevin Moore to lead worldwide sales (Marketwired) Vectra® Networks, the leader in automated threat management, today announced that Kevin Moore, a noted sales veteran in the security industry, was appointed senior vice president of worldwide sales. In this role, he is responsible for all direct and channel sales globally

Research and Development

Carnegie Mellon researchers visualize way to fend off DDoS attacks (Network World) CyLab tool puts emphasis on visualization, could add virtual reality application to fight DDoS attacks

Security Patches, Mitigations, and Software Updates

Microsoft patches Google-outed Windows security hole (Engadget) Attackers are using the exploit, so you'll want to update quickly

November 2016 Microsoft Patch Day (SANS Internet Storm Center) Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited

Microsoft Patch Tuesday 2016-11-08 (SANS Internet Storm Center) [SANS tabular summary of Microsoft patches]

Adobe fixes flaws in Flash Player and Adobe Connect (CSO) The Flash Player patches address nine critical vulnerabilities

Adobe Patches Nine Code Execution Flaws in Flash Player (Threatpost) Two weeks after rushing out an emergency patch for a zero-day vulnerability, Adobe today released another Flash Player security update

Android patches fix Drammer RAM attack, but not Dirty Cow exploit (CSO) The security patches address 12 critical vulnerabilities in various Android components and drivers

Google Releases Supplemental Patch for Dirty Cow Vulnerability (Threatpost) Google’s November Android Security Bulletin, released Monday, patched 15 critical vulnerabilities and addressed 85 CVEs overall. But conspicuously absent is a fix for the Linux race condition vulnerability known as Dirty Cow (Copy-on-Write) that also impacts Android

Update now! Bug means large PAC files can crash Android phones (Graham Cluley) Oh yeah, that’s right, maybe you can’t update

Google Safe Browsing goes after repeat offenders (Help Net Security) “Over time, we’ve observed that a small number of websites will cease harming users for long enough to have [Google Safe Browsing] warnings removed, and will then revert to harmful activity,” Brooke Heinichen, of the Safe Browsing Team, explained

Protecting users from repeatedly dangerous sites (Google Security Blog) Since 2005, Safe Browsing has been protecting users from harm on the Internet, and has evolved over the years to adapt to the changing nature of threats and user harm

Cyber Attacks, Threats, and Vulnerabilities

Fears of hacked election ebb in quiet, watchful night (USA Today) Despite concerns about possible attempts to hack or otherwise tamper with the U.S. election, voting appears to have gone smoothly, with no attacks or intrusions

This Is What It Looks Like When Russia Really Wants to Mess With Your Election (Foregin Policy) In the U.S., the Kremlin is hacking emails. In the Balkans, it’s staging coups

On Election Day, WikiLeaks’ Assange says U.S. voters benefited from email leaks (McClatchyDC via the Idaho Statesman) With the U.S. election campaign at an end, WikiLeaks founder Julian Assange denied Tuesday that his group has “a nefarious allegiance with Russia” and said he had come under “enormous pressure” to halt publication of a trove of emails pirated from Hillary Clinton’s presidential campaign

Hackers Target Pro-Clinton Phone Banks—But Hit Trump’s Too (Wired) After months of hacker meddling in the US presidential election, government officials and campaign-watchers have been bracing for the next attack to hit on Election Day. As it turns out, one arrived a day early and focused on a key get-out-the-vote tool—a phone bank service

Canada immigration website goes down as Donald Trump gains lead (HackRead) Maybe some Americans were serious when they threatened they would move to Canada if Republican presidential candidate Donald Trump became successful in his often polarizing campaign for the White House

SpamTorte Version 2: Discovery of an Advanced, Multilayered Spambot Campaign that is Back with a Vengeance (Verint) Verint’s research team has recently discovered a new and unknown version of the Torte botnet malware. Christened SpamTorte 2.0, it is a powerful, multi-layered Spambot (Spam Botnet) that is capable of running large scale, efficient spam campaigns while cleverly masking itself to avoid detection. It’s worth noting that the initial detection was exclusively detected by the Verint TPS C&C Detection engine

An Aggressive Launch: TrickBot Trojan Rises With Redirection Attacks in the UK (Security Intelligence) IBM X-Force researchers reported that new banking malware TrickBot is now fully operational and able to deploy two of the most advanced browser manipulation techniques: serverside injections and redirection attacks

TrickBot Banking Trojan Adds New Browser Manipulation Tools (Threatpost) The TrickBot banking Trojan, a close relative to Dyre, has a growing target list and new browser manipulation techniques, experts at IBM X-Force said

Why are Skype accounts getting hacked so easily? (Verge) Secure your Skype account immediately

Chrome exploit allows Svpeng trojan to bypass security measure; patch reportedly coming (SC Magazine) The mobile banking trojan Svpeng continues to infect Android devices through malvertising campaigns delivered via the Google AdSense network. But at least experts at Kaspersky Lab now understand how the malicious APK has been able to automatically download itself while bypassing Google Chrome browser permissions

Nearly 3,18,000 [sic] Android users hacked via Google’s AdSense vulnerability (Hindustan Times) Kaspersky Lab, an international cybersecurity and anti-virus provider headquartered in Moscow and operated by a holding company in the United Kingdom, on Tuesday said that it has discovered a modification of the mobile banking Trojan, Svpeng hiding in Google’s advertising network AdSense

DDoS Attacks on Apartments’ Heating System Left Residents Cold and Angry (HackRead) DDoS attacks are not meant for websites only — here is a case in which hackers conducted DDoS attacks on an apartment's heating system in Finland

Communications watchdog: Criminals behind home automation system cyber attack (Uutiset) The Finnish Communications Regulatory Authority Ficora says that a cyber attack that disrupted home automation systems in Lappeenranta, southeast Finland, was the work of criminals. The incident caused services such as heating to restart when web traffic overloaded the capacity of computers controlling the systems

Dyn, Liberia DDoS Attacks Were Just Test Runs (Infosecurity Magazine) The Mirai-fueled DDoS attacks that took the entire country of Liberia offline last week are waning—but researchers say the offensive was merely a test run for something much bigger

Floki Bot: The Rest of the Story (SC Magazine) Last week we took the 100,000 foot level view of the relatively new floki bot. This bot - allegedly modeled after Zeus 2.0.8.9 is selling in the underground marketplaces for around $1,000

Cerber Ransomware On The Rise, Fueled By Dridex Botnets (Threatpost) Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous

Tesco says $3 million stolen in cyber theft, resumes service (Reuters) Retailer Tesco Plc's banking arm said on Tuesday that 2.5 million pounds ($3 million) had been stolen from 9,000 customers over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank

Tesco Bank cyber raid 'unprecedented', says financial regulator (Guardian) FCA chief tells MPs that ‘serious’ theft from 20,000 accounts may be linked via debit card flaw as customers report money transfered to Brazil and Spain

Indiana county government shut down by ransomware to pay up (Ars Technica) Commissioner of Madison County says insurance company advised paying ransom

Cyber in Nigeria: Local Hub of Crime with Deep Roots (Wapack Labs) Nigeria continues to be known globally as the lead in Internet scams

Academia

18-year-old Wins Cyber Security Challenge UK (Infosecurity Magazine) Ben Jackson, an 18-year-old student from the Sussex town of Bexhill-on-sea, has won the Cyber Security Challenge UK’s Masterclass competition, making him the youngest ever champion

Litigation, Investigation, and Enforcement

Canadian police spied on reporters, raising questions of press freedom (Christian Science Monitor Passcode) Revelations that police in Quebec spied on at least 10 journalists has set off a nationwide debate over police surveillance and press freedom in the Digital Age

Inside the secret command center tracing Election Day cyber threats (CBS News) Federal officials are still looking for people who may have information about a potential terror threat linked to the presidential election

Let’s Cheer This Badass Nevada Judge Who Understands Twitter Harassment (Wired) A Nevada judge was none too pleased when Trump campaign lawyers asked for a list of poll workers’ names today

Army lieutenant colonel sentenced to 20 years for child pornography (Army Times) A lieutenant colonel formerly assigned to the Defense Intelligence Agency is set to spend two decades in prison for goading six underage girls into sending him illicit photos and videos while using his government laptop

Design and Innovation

Is Fingerprint Authentication Making The Password Problem Worse? (Dark Reading) Problems emerge when users switch to a new phone

How bitcoin protects against geopolitical risk (TechCrunch) Today’s election is anything but ordinary. People from every corner of the globe have been watching, not only for its theatrical elements but because the impact will be felt around the world in very real ways. And nowhere will the impact be more immediate and certain than on the economy

Darktrace: Machine Learning Will Filter Through The Noise Of Cyber Security (TechWeek Europe) Machine learning can help filter the increasing noise on complex IT networks to spot the emerging cyber threats that pressured tech teams might miss

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, Nov 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, Nov 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, Nov 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, Nov 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, Nov 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, Nov 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, Nov 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, Nov 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, Nov 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, Nov 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, Nov 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, Nov 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

CyberCon 2016 (Washington, DC, USA, Nov 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the defining challenge for the foreseeable future and CyberCon 2016 will provide a roadmap for innovation and collaboration that lead to more transparent and secure networks.

Versus 16 (San Francisco, California, USA, Nov 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, Nov 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, Jun 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, Nov 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, Nov 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Internet of Things (IoT) (Elkridge, Maryland, USA, Nov 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, Nov 30 - Dec 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Patch Tuesday rundown. Evolved banking Trojans. Where the Tesco money went. Notes on DDoS and ransomware. And there was this election that seems not to have been hacked after all.