The CyberWire Daily Briefing 11.30.16

Summary

By The CyberWire Staff

Germany's rough week continues, as Deutsche Telekom recovers from the evolved Mirai botnet that disrupted service Sunday. Flashpoint researchers confirm the denial-of-service attack was Mirai-based, and that the botmasters appear to be trying to rope in more devices. Germany leads infections by a wide margin, but there are also significant infestations in the UK, Brazil, Iran, and Thailand.

One of the alleged botmasters, "BestBuy" (who's in cahoots with "Popopret"), has been chatting with Motherboard, to whom he (she? they?) boasts of the ease with which control of the bots was wrested from other criminals. BestBuy also says sorry to Deutsche Telekom customers—they didn't mean any trouble.

German Chancellor Merkel says it's not yet known who the attackers were, but she and other German politicians are clearly looking east, toward Russia. (We note, for what it's worth, that BestBuy communicates in the kind of scriptwriter's broken English favored by the Shadow Brokers.)

Germany's other bad news concerns the arrest of a BfV domestic intelligence officer alleged to be an ISIS mole feeding the Islamist group information and helping plan terror attacks. His thinly pseudonymous social media activity brought him under suspicion.

ISIS has, in its online propaganda, now officially claimed the Ohio State attacker as its soldier. In a separate case, a young man pleads guilty to US Federal terrorism charges; his allocution describes the effect of ISIS inspiration.

A new Android malware strain, "Gooligan," is out in the wild. A million Google accounts are thought to have been breached.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Brazil, Canada, Germany, Iran, Iraq, Israel, Ivory Coast, Morocco, Philippines, Russia, Syria, Thailand, United Kingdom, United States

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our newest research partners, as Lancaster University's Awais Rashid introduces his university's program and tells us what they're working on. We'll also have as our guest Omri Iluz from PerimeterX, who'll offer some perspective on protecting yourself against bots engaged in DDoS, content scraping, price scraping, scalping, and other bad things.

A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.

As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.

Sponsored Events

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville MD, USA, December 6, 2016) Your employees could be your biggest cybersecurity risk. Join us to learn more.

Selected Reading

Cyber Trends

2017 Cybersecurity Predictions: The Year We Get Serious About IoT Security (Palo Alto Networks) 2017 Cybersecurity Predictions: The Year We Get Serious About IoT Security By Zoltan Deak and Joerg Sieber November 29, 2016 at 5:00 AM Category: Cybersecurity, Predictions Tags: 2017 predictions 1,379 (0) This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017. Throughout 2016, cybersecurity moved more into the public eye than ever before. Hacks into the Democratic National Committee, BitFinex, Yahoo, Dropbox, LinkedIn, and Verizon were just a few of the high-profile security breaches that grabbed headlines this year

IoT will be replaced by the 'Internet of Threats' in 2017, Bitdefender warns (Inquirer) Crap passwords and ageing Windows XP systems are to blame

SMEs more prone, but still quite oblivious, to cyberattacks (Help Net Security) Despite governments, organizations and brands intensifying their cybersecurity awareness campaigns in recent years, as well as several recent high-profile attacks and security breaches, it seems that many small and medium business owners still fail to realize the extent of risk for their companies from hacking, phishing, denial-of-service, and other types of common attacks

Employees rely largely on personally owned mobile devices in the workplace (Help Net Security) Mobile device adoption in the workplace is not yet mature, found a recent survey from Gartner. Although 80 percent of workers surveyed received one or more corporate-issued devices, desktops are still the most popular corporate device among businesses, with more than half of workers receiving corporate-issued desktop PCs

Legislation, Policy and Regulation

UK's internet surveillance law receives royal approval (CSO) The so-called Snoopers' Charter is now law

Dismay as ‘snooper’s charter’ finally becomes law (Naked Security) After a year of debate, the British government’s Investigatory Powers Act – derided by critics as a ‘snooper’s charter’– has been given the royal assent that makes it law

Snoopers' Charter is a 'security nightmare' that rides roughshod over privacy, warns Sir Tim Berners-Lee (Computing) Berners-Lee blasts coach-and-horses driven through security and privacy by government

Study warns of human rights risks from censoring online terror content (CSO) Global Network Initiative said that internet companies should not be required to monitor third-party terror content

Russia aims to centralise cyber-protection of state defence enterprises (SC Magazine) Russia's largest state defense enterprises have received additional protection from cyber-attacks this year, thanks to a recent initiative from Rostec, the Russian state corporation which controls up to 70 percent of defence enterprises in Russia

House votes to strengthen cyber ties with Israel (Washington Examiner) House lawmakers voted overwhelmingly on Tuesday in favor of deepening collaboration with the Israeli government to strengthen the cybersecurity defenses of both countries on Tuesday

Senators plan last-ditch push to curb US law-enforcement hacking power (CSO) A rule change allowing law enforcement agencies to hack remote computers goes into effect Thursday unless Congress acts

Annual defense bill elevates Cyber Command to combatant unit (The Hill) House and Senate conferees have agreed to a final defense bill that will elevate the U.S. military cyber unit to a full combatant command, senior House and Senate Armed Services Committee staffers told reporters Tuesday

War Game Confirms Major Gaps in U.S. Army’s Cyber Capabilities (Bloomberg) Exercise documented vulnerabilities for new office to correct. ‘We need this’ to pursue solutions, operations director says

Products, Services, and Solutions

Sixgill Launches To Detect And Defuse Dark Web Based Attacks Before They Happen (PR Blonde) Utilizing advanced security algorithms, Sixgill’s cyber intelligence platform automatically monitors the Dark Web for malicious attacks, offering organizations actionable intelligence and comprehensive solutions to pre-empt and mitigate cyber-attacks and damage

Virtru Adds Unprecedented Level of Data Privacy for Organizations Moving to the Cloud with New Customer Key Server (Marketwired) Companies maintain exclusive ownership of encryption keys to ensure total protection and control of sensitive data

SecureAuth Launches New Capability Reducing Exploits for Mobile Multi-Factor Authentication (Yahoo!) SecureAuth Corporation, the leader in adaptive access control, today announced the launch of Symbol-to-Accept, a patent-pending mobile multi-factor authentication approach that improves security without compromising the convenience of the popular push-to-accept method

CENTRI Joins Industrial Internet Consortium to Advance IoT Security Evolution (PRNewswire) IoT security provider to contribute expertise on security and software development with IIC activities

New mobile workforce Solution launched by Promisec (Satellite Press Releases) Promisec, a pioneer in Endpoint Detection and Response (EDR), today announced Promisec Integrity to address challenges of securing today’s increasingly mobile workforce

Exostar Partners with Taulia to Deliver Supply Chain Finance Solution to Aerospace and Defense Industry (BusinessWire) Offering aligns buyer and supplier organization interests to better manage working capital and cash flow

Cryptography Enables Turnkey Security for Connected Devices (IoT Evolution) Developers of Industrial IoT (IIoT) and connected embedded systems can now design in an added level of trust while also bringing their products to market faster, according to a recent release from Maxim Integrated products

Infoblox Offers a Compelling Threat Intelligence Alternative to Soltra Edge (EconoTimes) Infoblox Inc., the network control company that provides Actionable Network Intelligence, is offering an alternative for customers affected by the recent uncertainty associated with Soltra Edge

Tufin Orchestration Suite Now Available on AWS Marketplace (Yahoo! Finance) Tufin®, a market-leading provider of Network Security Policy Orchestration solutions, has joined the Amazon Web Services (AWS) Partner Network (APN) and made Tufin Orchestration Suite available on AWS Marketplace to increase visibility with AWS customers

BAE launches free cyber risk assessment tool (ITWire) BAE Systems has launched its free cyber risk assessment tool specifically aimed at Australian small business to help them prepare for “when, not if, they are breached"

Ooma introduces internet security with Zscaler (Telecompaper) Ooma introduced Ooma Internet Security powered by Zscaler, a US-based cloud-based internet security service that is designed to protect all devices connected to the home network. Ooma Internet Security provides security and threat detection by blocking viruses, malware and phishing attempts triggered by browsing the internet. It also provides users the choice to block many categories of potentially objectionable web content

ESET Introduces ESET Threat Intelligence, Early Warning Service For Enterprise Customers (Information Security Buzz) Starting today, ESET® will offer ESET Threat Intelligence, a service that predicts and proactively notifies customers of real-time threats targeting their businesses so they can be more flexible when adapting to a rapidly changing threat landscape

DDoS-Attacken frühzeitig erkennen (Presse Box) Mit G DATA Network Monitoring haben Unternehmen ihre IT-Infrastruktur immer im Blick

WISeKey’s Security and Feitian Technologies to Protect IoT Devices (BusinessWire) Swiss and Chinese cybersecurity leaders combine their complementary technologies to help fight massive DDoS attacks

Worried about US surveillance, Internet Archive announces mirror in Canada (Ars Technica) Near-future "means preparing for a Web that may face greater restrictions," founder says

Technologies, Techniques, and Standards

Vindows Decryption Tools (Malwarebytes) [Free tool for decryption of Vindows ransomware]

Tips for businesses to avoid being the next big headline (Help Net Security) Data integrity breaches are set to send shockwaves throughout the world in 2017, with at least one almighty breach disclosure of this type expected next year, according to Jason Hart, CTO Data Protection, Gemalto

How can we secure IoT devices? (eGov Innovation) As IoT proliferates and goes mainstream, we are beginning to see the hacking of smart devices to launch targeted attacks. Beyond network security, how can we secure the IoT device itself? eGov Innovation speaks with Duke Sexton, Head of Advanced Solutions Group at Thales e-Security, on security by design, IoT security frameworks and establishing international standards

How Harvard University secures its cloud network with Amazon (Tech Republic) Recently, at the AWS re:Invent conference, Harvard's manager of cloud architecture detailed the main investments that the university made in order to secure its cloud

Who's on your IT security dream team? (CSO) Getting the gang together

Marketplace

New Forms of Cyber-Attacks - Steps Businesses Must Take to Prepare For, and Mitigate Risks From, Growing Security Threats (PRNewswire) Arthur J. Gallagher & Co. report examines emerging cyber security exposures, how organizations can protect themselves, and practical steps to take before and after a breach occurs

Cybersecurity Snapshot: What’s Ahead in 2017 (Investopedia) The digital revolution has brought cloud, the Internet of Things (IoT) and mobile technologies to the forefront of the global business world. While the new digital landscape offers increased flexibility, efficiency and capabilities to organizations worldwide, many are learning the hard way about a concurrent cyber risk

How Has Symantec’s Enterprise Security Segment Been Performing? (Market Realist) Symantec’s Enterprise Security segment continues to grow

How Symantec Will Use LifeLock (LOCK, SYMC) (Investopedia) Symantec Corp. (SYMC) announced plans to acquire identity theft and fraud protection platform LifeLock Inc. (LOCK) earlier in November. The deal, worth $2.3 billion, is set to close by the end of the first quarter of 2017, and follows consolidation in the emerging next-generation cybersecurity space evolving to meet the demands of the Internet of Things (IoT), cloud and mobile revolutions

Cybersecurity startup reports strong growth (Wouth Florida Business Journal) Aventura-based startup Zenedge is charging forward in the cybersecurity space, reporting robust growth metrics following a $6.2 million Series C round earlier this year

CensorNet selected to boost security on Amey’s Government Contract (Ervik) CensorNet, the complete cloud security company, has been selected by one of the UK’s leading public and support services providers, to secure the remote working environment for one of its government contracts

root9B Technologies Names William L. Hoke Chief Financial Officer (PRNewswire) root9B Technologies (OTCQB: RTNB), a leading provider of cybersecurity and regulatory risk mitigation, announced today that William L. Hoke, CPA has been appointed Chief Financial Officer, effective November 22, 2016

Hexadite Expands Board of Directors with Cylance CTO Glenn Chisholm (BusinessWire) Security industry leader signs on to guide company through growing demand for security automation and orchestration

Cyber Attacks, Threats, and Vulnerabilities

Huge cyber-attack takes nearly one million Germans offline (Engineering & Technology) Nearly a million customers with German cable network Deutsche Telekom were hit by network outages on Sunday following a large scale cyber-attack

Was beim Router-Angriff passierte und hätte passieren können (Zeitungsverlag Waiblingen) Rund 900 000 Router der Deutschen Telekom sind durch eine Cyber-Attacke lahmgelegt worden. Der Angriff ist vergleichsweise glimpflich verlaufen. Doch was hätte alles geschehen können - und wie sicher ist der Datenverkehr?

TR-069 NewNTPServer Exploits: What we know so far (SANS Internet Storm Center) TR-069 (or its earlier version TR-064) is a standard published by the Broadband Forum. The Broadband Forum is an industry organization defining standards used to manage broadband networks. It focuses heavily on DSL type modems and more recently included fiber optic connections. "TR" stands for "Technical Report". TR-069 is considered the Broadband Forum's "Flagship Standard". [1] Many ISPs and device manufacturers are members of the broadband forum

New Mirai Variant Leaves 5 Million Devices Worldwide Vulnerable — High Concentration in Germany, UK and Brazil (Flashpoint) Flashpoint confirms the existence of a new Mirai variant and its involvement in the recent Deutsche Telekom outage. Flashpoint has linked at least one distributed denial-of-service (DDoS) attack to this variant. Flashpoint assesses with high confidence that the new Mirai variant is likely an attempt by one of the existing Mirai botmasters to expand the number of infected devices in their botnet

The new Mirai strain has gone far beyond Deutsche Telekom (CSO) Hackers attacked routers in the U.K., Brazil, Iran, Thailand and other countries, too

New Mirai Variant Targets Routers, Knocks 900,000 Offline (Threatpost) Attackers are targeting DSL routers this week with what’s being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month

Two Hackers Appear To Have Created a New Massive Internet of Things Botnet (Motherboard) The massive cyberattacks that in the last few weeks have crippled several popular services like Twitter and Spotify, the website of a noted security journalist, and many more, may be about to get worse

Deutsche Telekom Attacks Suggest Mirai Threat Poised To Become Much Larger (Dark Reading) With attack, Mirai has added an exploit targeting Web service vulnerability

Deutsche Telekom outage: Mirai botnet goes double-rogue (Naked Security) We’ve written about the Mirai DDoS botnet before

Merkel says no details on origin of cyber attack on Deutsche Telekom (Reuters) German Chancellor Angela Merkel said on Tuesday she had no information on where a cyber attack on Deutsche Telekom, which hit its network on Sunday and Monday, came from

German leaders angry at cyberattack, hint at Russian involvement (Deutsche Welle) German politicians say action must follow a hack that paralyzed some 900,000 internet connections. Berlin stopped short of blaming Russia, but fears are growing Moscow could try to influence the 2017 German election

FBI, Homeland Security aid Muni on cyber attack (SF Bay) The Department of Homeland Security and the FBI are now working with San Francisco Municipal Transportation Agency after the transit agency was hit by a cyber attack sometime Friday, transit officials said

San Francisco transport system ransomware attacker also extorted other US-based businesses (Help Net Security) The ransomware attack that hit the San Francisco Municipal Transportation Agency last Friday is just one of many mounted by the same attacker

SF Muni hacker gets hacked... twice (Thrillist) There is no justice more poetic than that of a hacker who -- in the sweaty-palmed throes of hacking -- gets hacked. Unless he gets hacked a second time, that is

Why the Ransomware Attack on San Francisco Is Such a Big Deal (Veracode) The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for vulnerable systems using widely available tools

New Cerber Variant Leverages Tor2Web Proxies, Google Redirects (Threatpost) Criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection

Cerber Spam: Tor All the Things! (Talos Intel) Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almost constant basis. Recently we noticed some novel ways that adversaries are leveraging Google and Tor2Web proxies to spread a ransomware variant, Cerber 5.0.1

Spam campaign tiptoes via Tor to deliver Cerber ransomware (Graham Cluley) Ugh… again with the malicious macros?!

Armada Collective DDoS Extortion Group Now Threatens Ransomware Infections (Extreme Hacking) A group going by the name of Armada Collective is still sending extortion emails to website owners around the globe, one year after this type of attack became widely known

Semi-competent gang found pushing new VindowsLocker ransomware (SC Magazine) A cybercriminal gang is putting a new, and somewhat confusing, spin on the classic tech support scam using a new strain of ransomware to lock up a victim's computer and then asking the person to call a Microsoft customer support number for help

Tech support scammers up their game with ransomware (Malwarebytes) For those of us tracking tech support scams and seeing the evolution from cold calls, to fake alerts and eventually screen lockers, we knew what the next phase was going to be. And yet when it did happen, it still shocked us to see a ransom note with the photo of a technical support agent waiting for victims to phone in

Tech support scammers have started using ransomware (Help Net Security) Tech support scammers have begun using ransomware to force users to pay for the “cleaning” of their infected computer

What Is Ransomware and How Has It Evolved over the Years? (Colocation America) Ransomware is a type of malware (malicious software) that cyber criminals use to block people and businesses from accessing certain files on their computers or networks. The victims of such an attack either need to pay a ransom to unlock their files, or risk losing those files forever. The money is usually sent via an untraceable online currency, so the criminals never risk getting caught

NetWire RAT Back, Stealing Payment Card Data (Threatpost) The remote access Trojan NetWire is back and this time making the rounds pilfering payment card data. The move is a shift for attackers behind notorious NetWire, that was once thought to be the first multi-platform RAT

Gooligan Android malware used to breach a million Google accounts (Help Net Security) Check Point security researchers have revealed a new variant of Android malware, breaching the security of more than one million Google accounts

1 million Android accounts compromised by Android malware called Gooligan (Ars Technica) 86 apps available in third-party marketplaces can root 74 percent of Android phone

158% increase in Android platform vulnerabilities (Help Net Security) A new Quick Heal report reveals an increase in vulnerabilities on the Android platform, as well as a 33 percent rise in mobile ransomware. Researchers also found a slight decrease in Potentially Unwanted Applications (PUA) and adware, dropping by three percent and 12 percent respectively

600,000 car-sharing users' details stolen in cyber attack (The Local (de)) Hundreds of thousands of users of a now defunct German car-sharing website have had their bank account details stolen by hackers, it was announced on Tuesday

Hackers access National Lottery accounts - do you have your fingers crossed? (Graham Cluley) Password reuse blamed, but why doesn’t Camelot offer two-factor authentication?

Report: Most cybercriminals earn $1,000 to $3,000 a month (Network World) In some cases it is a family affair

Academia

UNG student and professor receive top research award at Cyber Security conference (University of North Georgia) University of North Georgia (UNG) information systems student Andrew Miller and computer science professor Dr. Bryson Payne were presented with the Best Paper Award at the annual Conference on Cybersecurity Education, Research and Practice (CCERP) at Kennesaw State University

Litigation, Investigation, and Enforcement

German intelligence officer 'arrested over Islamist plot' raising fears the spy agency has been infilitrated (Telegraph) German intelligence officer has reportedly been arrested over a suspected Islamist plot to bomb the agency's headquarters in Cologne

Islamist schlich sich bei Verfassungsschutz ein (Spiegel) Wurden die Späher selbst ausgespäht? Nach SPIEGEL-Informationen ist im Bundesamt für Verfassungsschutz ein islamistischer Maulwurf aufgeflogen

Islamic State: OSU attacker was 'soldier' of group (USA Today) The media arm of the Islamic State claimed Tuesday that the Ohio State student who crashed a car into campus crowd and then lashed out with a butcher knife was a "soldier'' of the terror group who heeded appeals to strike the U.S., and its allies

20-year-old says he planned ISIS terror attacks in Virginia, North Carolina (Washington Post) Justin Sullivan plotted to kill hundreds of people in North Carolina and Virginia on behalf of the Islamic State and wanted a silencer for a gun. So he had one built from a flashlight and delivered to the Morganton, N.C., house he shared with his parents. When his parents asked what he planned to do with it, he tried to have them killed

Ex-Watergate investigators urge Obama to show leniency to Edward Snowden (TechCrunch) Members of a committee that investigated the CIA during the Watergate era have urged President Obama to show leniency on NSA whistleblower Edward Snowden and strike a deal to allow him to return home

Ross Ulbricht’s Lawyers Say They’ve Found Another Corrupt Agent in Silk Road Case (Wired) For two and a half years, the black market bazaar known as the Silk Road tempted thousands of drug dealers and customers with promises of anonymous commerce—as well as at least two corrupt law enforcement agents who tried to profit from the dark-web-based business they were meant to be investigating. Now the defense team of the site’s creator says it’s found signs of a third rogue cop tied to the Silk Road’s drug money. And this one, they say, remains at large

New Details Suggest Rogue Government Agent Deleted Evidence in Silk Road Case (Motherboard) The saga of the Silk Road online black market taken down by US law enforcement in 2013 continues to get nuttier: a still-unidentified rogue government agent may have sold information about the Silk Road investigation to the website’s operator and may have later deleted evidence of the arrangement

Organized sextortion led four British men to suicide (Help Net Security) Sextortion/webcam blackmail is a booming business for organised crime groups from the Philippines, Ivory Coast and Morocco, and young men across the UK are the most sought-after victims

Zynga sues 2 former employees over alleged massive data heist (Ars Technica) Before returning work laptop, employee searched: “How to erase my hard drive“

Design and Innovation

The Tor Phone prototype: a truly private smartphone? (Naked Security) The Tor Project has long offered high-security alternatives for folk who are especially concerned about their privacy. But as the world goes mobile, and is increasingly accessed through smartphones, users become vulnerable to a whole new set of compromises

When are you going to die? Ubisoft tool uses Facebook data to tell you (Naked Secuirty) What can a powerful, all-seeing algorithm predict about you, based on your online footprint, publicly available information and Facebook Likes?

Framework Security: Building Self-Protecting Applications (B2C) The problem with web security

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security experts from around the globe to discuss Cyber Intelligence, Digital forensics, Cyber Security and Cyber Investigations. This is the only event of its kind that will run 4 simultaneous streams over 2 days in addition to case studies, demonstrations from global business leaders and a 30+ Exhibition.

AlienVault USM Webcast (Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of host-based monitoring.

Cyber Threats Master Class (Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding of new security threats to states and citizens. The focus of the course is on cyber threats, internet governance and the role of media. Application deadline is October 2, 2016.

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators. Disrupt gathers the best and brightest entrepreneurs, investors, hackers, and tech fans for on-stage interviews, the Startup Battlefield competition, a 24-hour Hackathon, Startup Alley, Hardware Alley, and After Parties.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey is increasing resources in the public and private sectors to tackle these complex cyber threats. Apply now for this mission. Recruitment for the mission will begin immediately and conclude no later than September 16, 2016. The U.S. Department of Commerce will review applications and make selection decisions on a rolling basis beginning May 2, 2016 until the maximum of 20 participants is selected. Applications received after September 16, 2016 will be considered only if space and scheduling constraints permit.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half of all cyber attacks targeted companies with less than 1,000 employees. The majority of these breaches are caused accidentally by internal employees or contractors, which means that, whether their intent is malicious or not, people represent the greatest risk to a company's cyber security. Join us for the December 6th NCCoE Speaker Series and learn from the leading experts, including Mitre's Principal Behavioral Psychologist Dr. Deanna Caputo, how you can keep your business safe from these costly and preventable breaches.

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.

Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information, practical case studies and strategic and tactical insight

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly good sessions right now—we can’t wait to share them with you!

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative 2016 will feature courses in IT security, security management, IT audit, penetration testing, and computer forensics, including short courses that can be taken with a long course to enhance your training. Every course, evening talk, and special event is designed to equip you with cutting-edge knowledge and skills required to combat today's cyber criminals. SANS events offer you a unique opportunity to learn from the best cybersecurity teachers in the country. At SANS events you get the kind of hands-on, immersion training that you can put to work immediately

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how this research can be used to enable innovation. The main aims of the conference are: To highlight the innovative research happening globally with three main themes: Privacy, Security and Trust. Academics from across the globe will come together to discuss solutions related to PST risks and to showcase the research methods that are able to minimise future cybercrime issues. To foster new ideas and conversation in order to reduce the amount of PST issues globally and to create enduring change in the behaviour and attitudes towards PST. To draw together PST practitioners, researchers, and government to showcase the latest PST research outputs and initiatives. We envisage that industry participants will implement the PST initiatives that are discussed and showcased at the conference into their practice.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.