The CyberWire Daily Briefing 11.10.16

Summary

By The CyberWire Staff

The US elections passed without apparent cyber perturbation from Russia or others. If you're nostalgic for vote-hacking worries, no fear—there's an election coming in Germany next year, and Chancellor Merkel is warning people to expect disruptive Russian cyber campaigns. And back in the US there's no shortage of cyber policy advice, news, and speculation swirling around President-elect Trump.

Fancy Bear is showing unusual activity mid-week, seeking to take advantage of the recently patched Microsoft zero-days before users get around to applying the fixes.

Tesco continues to mop up the fraud campaign that hit the bank's customers over the past week. No clear word yet on how the fraud was accomplished, but speculation about an inside job continues.

OPM-themed and spoofed emails to US Government workers and contractors are serving up Locky ransomware—don't open suspicious attachments.

Yahoo! says some of its personnel may have known as long ago as 2014 that foreign state-sponsored hackers had compromised the company's networks. Yahoo! tells investors that its deal with Verizon may be in jeopardy.

RiskIQ receives $30.5 million in a Series C funding round led by Georgian Partners.

Different approaches to the increasingly tight cyber labor market are mooted, from marketing the field to students, to educational initiatives, to moving toward a gig economy in vulnerability testing and research. The EU's General Data Protection Regulation (GDPR), which goes into full effect in 2018, will require some 75,000 Data Protection Officers, and not just in the EU: the US will need around 9000.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Austria, Bangladesh, Estonia, European Union, Germany, Greece, Ireland, Liechtenstein, Philippines, Romania, Russia, Spain, Switzerland, United Kingdom, United States

A note to our readers: tomorrow, November 11, we'll be observing Veterans Day, and so won't be either publishing or podcasting. Spare a thought for your veterans, and remember that the observance has its origin in the First World War, now receding a hundred years into the past. This is a day of recollection in many parts of the world; we'll take this opportunity to direct your attention to one American commemoration, the United States World War One Centennial Commission.

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Markus Rauschecker talks us through new FCC privacy rules. Our guest is Chuck Ames, Director of Maryland Cybersecurity, on nurturing an environment of growth and innovation in the state, and on the Chesapeake Regional Tech Council's upcoming symposium on insider threats.. If you enjoy the podcast, please consider giving it an iTunes review.)

Selected Reading

Cyber Trends

Opinion: Who’s going to get clobbered in the next cyber attack? (MarketWatch) Four reasons why more attacks are inevitable

DTCC Survey: Cyber Threat Ranked #1 Risk To Global Financial System (Dark Reading) Despite geopolitical uncertainties, cyber threats are the financial industry's biggest worry, new data shows

Number of vulnerable enterprises at five year record high (Help Net Security) Enterprises across the globe are refreshing their network equipment earlier in its lifecycle in a move to embrace workplace mobility, Internet of Things, and software-defined networking strategies. In addition, their equipment refresh is more strategic, with architectural vision in mind. But despite the higher refresh rate, networks are getting less secure, largely due to neglected patching

GDPR privacy, preparations and understanding (Help Net Security) A new GDPR privacy benchmarking study by IAPP and TRUSTe provides insight into how companies are preparing for the sweeping changes to privacy laws under the EU General Data Protection Regulation (GDPR)

Small Businesses' Sensitive Data Is At Risk In Free Cloud Storage, Experts Warn (The Street) Some SMBs jeopardize medical and banking information by using cloud services that lack proper security, finds new survey from Clutch

Visibility, security top concerns for cloud computing adoption (CSO) Enterprises are concerned about where their data is located and how it's protected

Internet of Everything will change our lives but cyber gangs can't wait to pounce (Independent) Ahead of a major cyber security conference next week, speaker Rik Ferguson tells how appliances, cars, payment services and everything else we rely on are now vulnerable

Cybercrime: one expert says Ireland may be a soft target (Irish Times) Cyber security ‘needs to be addressed almost as a public health issue’, conference hears

DHS Under Secretary: Vibrancy Makes Us Attractive Target for Hackers (Cybersecurity Business) “Minnesota is adding tech jobs at the greatest rate of anywhere in the country,” declared Suzanne Spaulding, Under Secretary for the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security, a keynote speaker at Cyber Security Summit 2016 in Minneapolis

Legislation, Policy and Regulation

Trump’s Win Signals Open Season for Russia’s Political Hackers (Wired) Yesterday, America elected as president the apparently preferred candidate of Russia’s intelligence agencies. After a campaign season marred by the influence of hackers, including some widely believed to be on Vladimir Putin’s payroll, that outcome means more than a mandate for Trump and his coalition. For Russia, it will also be taken as a win for the chaos-injecting tactics of political hacks and leaks that the country’s operatives used to meddle in America’s election—and an incentive to try them elsewhere

Our Security Wish List for President-elect Trump (Nuix) It’s finally over! A long, contentious, and tumultuous Presidential election is finally behind us. While both candidates have, at some point, touched upon the concept of cybersecurity—Mrs. Clinton and the widely publicized email server on one hand, Mr. Trump and his calls for Russian hackers on the other—neither candidate laid out a comprehensive plan for cybersecurity under their administration

What Trump's victory means for cybersecurity (Christian Science Monitor Passcode) During the campaign, Donald Trump split with intelligence officials over Russia's involvement in hacking US political organizations and offered few details about cybersecurity policies

Trump's plan: Tariffs on electronics, ban on skilled tech migrants, cyber-weapons (Register) Apple, media, 400-pound hackers, look to be in trouble

Trump's Vague Cybersecurity Platform Needs A Combover (Forbes) The campaign is over, the votes have been cast, and Donald Trump will officially take over the Oval Office on January 20th. When he does, we’ll finally find out what changes he has in mind to make America great again — and how he plans to address the nation’s cybersecurity needs. His campaign’s policies page offers some insight, but there are still a lot of blanks to fill in

Trump administration promises more aggressive, less political cyber stance (Federal Times) In an election that rarely dipped into policy specifics, cybersecurity was front and center as both a political weapon and a major platform for both parties

Worries and uncertainty cloud outlook for digital privacy under President Trump (CSO) Some legal experts are worried Trump could abuse the NSA's surveillance powers, but we just don't know

Could President Trump Really Turn the NSA Into a Personal Spy Machine? (Motherboard) It's the nightmare scenario that many worried about: the US elects a president who uses the country's nearly omnipotent surveillance powers for his or her own gain. Edward Snowden has described the NSA's spying capabilities as the “architecture of oppression,” with the fear being that it could be deployed by a malicious commander in chief

In case of cyberattack, don't count on Donald Trump knowing what to do (ZDNet) Usually, ignorance is bliss, but not when you're the leader of the free world

Will Top Cyber Talent Joint the Trump Team? Jury's Out (Nextgov) Will cybersecurity experts who shunned President-elect Donald Trump’s campaign sign on to secure government and private sector networks during the Trump presidency? The answer’s far from clear

Trump Election Ignites Fears Over U.S. Encryption, Surveillance Policy (Fortune) Technology companies and civil libertarians are alarmed

Scared About Trump Wielding FBI And NSA Cyber Power? You Should Be (Forbes) Americans are understandably anxious about the idea of Donald Trump wantonly wielding “The Cyber” to quiet his enemies, following his election to president today. The fear is manifesting and metastasizing fast on social media

Trump’s Presidency Raises Encryption and Surveillance Fears (Infosecurity Magazine) The Trump presidency could lead to a stand-off with China over cyber espionage, increasing pressure on Silicon Valley companies to break encryption, and a restoration of the Patriot Act, according to a leading think tank's summary of his election campaign

Palantir ruling could tweak Army's innovation track (FCW) As the Department of Defense focuses on the political transition, two top Army officials say that innovation, personnel management and partnership with industry will be key challenges for the Trump administration

U.S. Air Force to "Cyber-Secure" Nuclear Arsenal (National Interest) The Air Force is seeking more interactions with private sector firms to build better networks for securing nuclear weapons computer systems, service officials said

Dr Tobias Feakin appointed as Australia's ambassador for cyber affairs (ZDNet) The federal government has announced the appointment of Dr Tobias Feakin as Australia's inaugural ambassador for cyber affairs

Products, Services, and Solutions

Bugcrowd Partners With InVision To Fortify Design Platform Through Crowdsourced Security Program (Bugcrowd) InVision ensures the safety of its customers data with the launch of a public bug bounty program with Bugcrowd

Trend Micro ups it AI game to pre-empt ‘silver bullet’ startups (Channel Life) Trend Micro unveiled its enterprise security portfolio updated with new machine learning capabilities and fresh threat intelligence at the Trend Micro Insight 2016 event

SoftBank to launch mobile security app with Zimperium (Telecompaper) Japanese operator SoftBank has signed a partnership agreement with US-based security and technology specialist Zimperium

Symantec introduces Endpoint Protection 14 solution with multi-layered security (BGR) Symantec Endpoint Protection 14 provides multi-layered protection including advanced machine learning and response capabilities to protect and respond to cyber threats at the endpoint

Nutanix Extends HCI Reach into Networking and Security (IT Business Edge) At a .NEXT Europe conference today, Nutanix took the next logical step in hyperconverged infrastructure (HCI) by embedding network virtualization and security technologies into its core platform

Technologies, Techniques, and Standards

Would your password withstand 100 guesses from a hacker? (Naked Security) How many tries would a hacker need to guess your password?

APT Ransomware Description and Removal Instructions (SpywareTechs) APT Ransomware is the latest version of Crypto-Ransomware virus. APT Ransomware targets PCs running Windows OS. Every file that has been encrypted will have its extension changed to: .dll. Unfortunately, still, there is no way of decrypting the files encrypted by APT Ransomware

How to craft an effective DevSecOps process with your team (TechTarget) Switching to a DevSecOps model in software development offers many benefits, but combining security and DevOps takes knowledge, forethought and planning

Evaluating cybersecurity risk (GCN) With the specter of a cybersecurity incident hovering over enterprise systems, government leaders can be more confident in their risk management programs by assessing their effectiveness with the Baldridge Cybersecurity Excellence Builder

Baldrige Cybersecurity Excellence Builder (NIST) Key questions for improving your organization’s cybersecurity performance

A checklist for people who understand cyber security (Help Net Security) By now, it’s pretty much an accepted reality that it’s only a matter of time until an organization – any organization – gets breached by cyber attackers

Marketplace

Yahoo Employees Knew in 2014 About State-Sponsored Hacker Attack (New York Times) Yahoo employees knew in 2014 that a hacker backed by a foreign government had broken into its network, the company said in a securities filing on Wednesday

Yahoo investigating if insiders knew of hack (CSO) Yahoo said in a filing it was possible that its acquisition by Verizon could be terminated or renegotiated

Yahoo warns investors Verizon might back out of its $4.8 billion deal over data breach (Business Insider) Yahoo has for the first time formally raised the possibility of Verizon backing out of the $4.8 billion acquisition deal, because of the massive email hack the company announced in September

Digital Risk Management Leader RiskIQ Attracts $30.5 Million in Series C Funding (BusinessWire) New capital infusion to expand platform ecosystem, sales and digital risk applications

Akamai’s long-term bet lies in security solutions, added services, analysts say (FierceCable) The best thing Akamai has going for it right now is its continuing drive to add more diversity to its services portfolio: that’s the consensus of analysts at Pacific Crest Securities, who noted that the CDN provider’s media traffic was down 23.4 percent year-over-year in the third quarter

Sophos priced for cyber growth (Investors Chronicle) Concerns about hacks and cyber attacks fuelled constant-currency sales growth of a tenth at Sophos (SOPH) in the reported period. But exclude $22.9m (£18.4m) in deferred billings and the cyber security group's adjusted cash profit shrank by more than a quarter to $28m

Sophos CEO Slams Competition, Says Company Changes At Symantec, McAfee, SonicWall Cause 'Confusion (CRN) Sophos CEO Kris Hagerman said he expects the recent disruptions in the security competitive landscape, including major spin-outs and blockbuster acquisitions, to have an overall positive effect on the U.K.-based security vendor

Better Buy: Palo Alto Networks Inc. vs. FireEye Inc. (Madison) Palo Alto Networks (NYSE: PANW) and FireEye (NASDAQ: FEYE) are frequently mentioned in discussions about high-growth cybersecurity companies. Back in May, I compared the two companies and concluded that Palo Alto's stronger sales growth made it a better pick than FireEye

PC Back from the Dead: Jeff Clarke, Dell Technologies & the Zombie PC Apocalypse (TechZone360) I’m at DellEMC World this week in Austin and there have been a number of executives speaking to us to start off the event

Fatigue fears over bug bounty programs (Register) People have day jobs, so only grab low-hanging fruit

7 Bug Bounty Myths, Busted (BugCrowd) Attackers only need to exploit one security flaw to compromise an organization, while organizations must be able to defend against all potential flaws. Security teams are resource constrained; hackers aren’t

Security Vulnerability Disclosure Is Still A Minefield (LifeHacker) There's no such thing as perfect security in the digital world. There are a swathe of hardware and software bugs floating around that compromise the security of these products

There’s a war on for cybersecurity talent (CSO) The just right, Goldilocks candidate doesn’t exist

75,000 Data Protection Officers Needed By 2018 To Handle EU Law (Dark Reading) US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings

Cybersecurity Should Send Smart Investors Back To School (Forbes) Hundreds of fledgling security companies have sprung up in recent years, promising “next-generation” technologies to fight cyber criminals, government spies and hacker activists. Last year alone, investors poured a record $3.3 billion in capital into 229 cybersecurity deals

Finjan Holdings Appoints Eyal Harari to Lead Advisory Services Firm, CybeRisk, as Chief Executive Officer (Yahoo! Finance) Finjan Holdings, Inc. ( NASDAQ : FNJN ), a cybersecurity company, announced that Eyal Harari has been appointed as Chief Executive Officer of its wholly owned subsidiary, CybeRisk™

John Hannon to Resign as Member of KeyW’s Board of Directors; Shephard Hill Elected to Succeed Hannon (Yahoo! Finance) The KeyW Holding Corporation (KEYW), today announced that John Hannon will resign as a member of its board of directors, effective with the company’s quarterly board meeting on Nov. 9, 2016. Shephard (Shep) Hill will succeed him

Security Patches, Mitigations, and Software Updates

Patch Tuesday, 2016 U.S. Election Edition (KrebsOnSecurity) Let’s get this out of the way up front: Having “2016 election” in the headline above is probably the only reason anyone might read this story today. It remains unclear whether Republicans and Democrats can patch things up after a bruising and divisive election, but thanks to a special Election Day Patch Tuesday hundreds of millions of Adobe and Microsoft users have some more immediate patching to do

November Patch Tuesday fixes controversial Windows 0-day hole (Naked Security) Microsoft’s latest Patch Tuesday is out, even if Redmond’s monthly updates haven’t officially been called “patches” for more than two years now

WoT pulls browser extension after privacy failure (Naked Security) Are you one of the 140 million people who have downloaded Web of Trust (WoT)? If you are, you might want to uninstall it – for the time being at least

Cyber Attacks, Threats, and Vulnerabilities

Merkel fears Russian meddling in German election (The Hill) German Chancellor Angela Merkel told reporters Tuesday that she feared Russia might launch hacking campaigns to interfere with the 2017 German elections, something U.S. intelligence agencies say it did this year in America

Fancy Bear goes all out to beat Adobe, MSFT zero-day patches (Ars Technica) The group behind DNC hack seeks maximum pwnage before patches become widespread

Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched (TrendLabs Security Intelligence Blog) The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors

Pawn Storm raced to pop many targets before Windows zero-day patch release (Help Net Security) As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking group

Tesco Bank cyber attack: Everything we know so far (The Week) Bank repays £2.5m to 9,000 current-account holders after fraudsters raid their accounts

Tesco Bank Hack May Have Been An Inside Job (Information Security Buzz) Experts have suggested that the cyber attack on Tesco Bank could be an inside job. Cyber criminals managed to steal money from more than 20,000 accounts at nearly the same time in automated fashion. IT security experts from Lieberman Software and Institution of Engineering and Technology’s (IET) commented below

Tesco Bank hack shows that attackers continue to follow easy money (Help Net Security) What happens when nearly 9,000 accounts at a financial institution experience fraudulent activity and clients have nearly £2.5 million stolen?

Cyber attacks 'more sophisticated, more targeted', warns Central Bank (Independent) Cyber attacks are getting "more sophisticated, more targeted and progressively more difficult to detect," top bankers have been warned by the Central Bank

LinkedIn users getting phished to steal IDs (SC Magazine) A new social engineering campaign is sending out emails purporting to come from LinkedIn in an attempt to dupe recipients into giving up personal information

OPM-themed ransomware targets U.S. government workers (CyberScoop) A ransomware campaign designed to target U.S. government workers and employees of federal contractors flooded thousands of email inboxes

Locky Targets OPM Breach Victims (Threatpost) A phishing campaign pushing Locky ransomware is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015

Top 5 Rootkit Threats and How to Root Them out (eSecurity Planet) Rootkits are tough to detect and tough to eradicate, making them an especially tricky security threat

A lightbulb worm could take over every smart light in a city in minutes (Boing Boing) Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected

The Big Lesson We Must Learn From The Dyn DDoS Attack (Dark Reading) The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds

iOS WebView Problem Allows Attackers to Initiate Phone Calls (Threatpost) iOS developers who have embedded Apple’s WebView into mobile apps need to be aware of an exploitable issue that could allow phone calls to a number of the attacker’s choosing

Down the H-W0rm Hole with Houdini's RAT (ThreatGeek) Commodity Remote Access Trojans (RATs) -- which are designed, productized and sold to the casual and experienced hacker alike -- put powerful remote access capabilities into the hands of criminals

BlackNurse Denial of Service Attack (Netresec) The 90's called and wanted their ICMP flood attack back

D-Link DIR Routers HNAP Login Stack Buffer Overflow Vulnerability (Iranian Exploit Database) A stack bof in several Dlink routers, which can be exploited by an unauthenticated attacker in the LAN. There is no patch as Dlink did not respond to CERT's requests. As usual, a Metasploit module is in the queue (see [9] below) and should hopefully be integrated soon

Telecrypt ransomware uses Telegram for command and control (Help Net Security) Telecrypt, a newly spotted piece of crypto ransomware that uses Telegram’s communication protocol to deliver the decryption key to the crooks, is targeting Russian-speaking users

It’s Beginning to Look a Lot Like Cyber-Attack Season (Radware Blog) This year’s door buster deal might just be a DDoS attack

Auditor general report finds Melbourne trains vulnerable to cyber attack (Herald Sun) Victoria’s train network is exposed to cyber-attacks with “significant weaknesses” in security, a damning auditor general report has found

Academia

SIA and the University of Phoenix to Award Scholarships (Benzinga) 10 full-tuition scholarships available to employees of SIA member companies

Litigation, Investigation, and Enforcement

Bangladesh Bank Team In Manila To Recover $15 Million Lost In Hack (Dark Reading) Philippine court orders return of part of the stolen money retrieved from casino boss to Bangladesh bank

Facebook suspends plans to collect WhatsApp user data in the UK (Naked Security) Facebook has put the brakes on its plans to collect WhatsApp user data in the UK, after the Information Commissioner’s Office (ICO) told it to back off

Google responds in EU antitrust case: “Android hasn’t hurt competition” (Ars Technica) Search giant faces $7.4 billion fine if found to have blocked competitors in the market

Whistleblower Investigative Report on NSA Suite B Cryptography (Schneier on Security) The NSA has been abandoning secret and proprietary cryptographic algorithms in favor of commercial public algorithms, generally known as "Suite B." In 2010, an NSA employee filed some sort of whistleblower complaint, alleging that this move is both insecure and wasteful. The US DoD Inspector General investigated and wrote a report in 2011

Lawyers who sued Volkswagen over emissions want $175 million (Ars Technica) Lead attorney: Fees are "the lowest ever sought in a multi-billion dollar case"

ID Theft Ringleader Gets Prison Sentence Of 16+ Years (Dark Reading) Tampa resident and his gang had cheated more than 1,000 people and 35 financial institutions causing loss of $700,000

Design and Innovation

UK’s Finest Codebreakers Battle the Best in Europe (Infosecurity Magazine) The UK’s top tech enthusiasts are taking part this week in a Europe-wide challenge to find the region’s best codebreakers

Deloitte to open-source identity-storing blockchain (IBS Intelligence) Deloitte is expected to announce new plans to open-source its Ethereum-based Smart Identity platform, which uses the blockchain to prove citizen identity

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

upcoming Events

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional community and unrivaled education. It’s time to get to work: Start here.

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing viciousness and stealth, and it's essential you understand the tools and techniques and learn the skills needed to protect your organizations. Get the training you need from SANS - the most trusted and by far the largest source for information security training in the world

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter cyber espionage, address cyber warfare, and make your cyber efforts secure.

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate black-tie event will celebrate the minds of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used exclusively to help sustain and grow the Institute’s research, publications and educational activities for the communities it serves.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach, and emergency readiness.

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You'll have the opportunity to meet with leaders from top organizations and see what really works in securing healthcare. As we know, healthcare has been undergoing major changes. Patients are demanding more convenient and personalized care. Digital health is changing the way that doctors and patients interact. New technologies allow patients to track their own health and generate data that was previously not available to care providers. Additionally, health information exchanges are being created to enable access to electronic medical records across disparate organizations. The Healthcare CyberSecurity Summit will take aim at the major challenges organizations face as they balance the security, compliance, and innovation required to thrive in this quickly changing market

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face are increasing

Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, November 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists will travel to the global final event to Prague (all expenses covered by Kaspersky Lab) to present their projects & compete.

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it more than 30 years ago. At this critical one-day learning seminar, bio/pharmaceutical professionals (tech + business) will uncover the key areas where blockchain applications could have a significant impact in securing, managing and leveraging the deluge of data throughout the enterprise from R&D to clinical to commercialization. Key issues to be addressed: what exactly is blockchain and why is it considered a disruptive innovation; where and why in the enterprise is pharma ripe for blockchain applications; the hidden business rewards that would be exposed; the legal and regulatory considerations with implementation, and much more.

CyberCon 2016 (Washington, DC, USA, November 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the defining challenge for the foreseeable future and CyberCon 2016 will provide a roadmap for innovation and collaboration that lead to more transparent and secure networks.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing business in the digital age

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security is seen as a business enabler. Join The Chertoff Group for a premier post-election cyber conference that will convene thought leaders across government and industry to share their unique points of view and insights with regard to critical policy, technology, and risk management issues that will be shaping the security agenda.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public and private sector to provide an update on cyber security instances, share best practice strategies, and help India to combat cyber threats.

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial Institutions, Information Technology Vendors, high profile CIOs, CISOs, CTOs Risk and Compliance Officers and COOs to explore how they can utilize the newest technologies to further increase mobility, enhance security, support new products and services, and improve customers’ experience to secure their competitive edge.

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting support to small companies. The Internet of Things (IoT) is becoming more embedded in everyday life, often without people being aware. This talk centers on defining what IoT really is, discussing why it has exploded exponentially, and identifying challenges to future implementation of IoT, including security challenges.

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.