The CyberWire Daily Briefing 8.4.17

Summary

By The CyberWire Staff

"MalwareTech," nom de hack of Marcus Hutchins, was a hero when his registration of a domain name inadvertently flipped WannaCry's kill switch back in May. He's now experiencing an unwelcome extension of his fifteen-minutes' fame: the FBI arrested him Wednesday, alleging that the security researcher is also the author of the Kronos banking Trojan. Hutchins was picked up in Las Vegas, where he'd been attending DEFCON.

The hoods behind Carbanak are circulating another crimeware tool, "Bateleur," which is being used against targets in the hospitality industry.

Kaspersky Lab reports that the biggest DDoS attack so far this year, in terms of duration, was experienced by Chinese telecom operators. The attack lasted two-hundred-seventy-seven hours, or more than eleven days.

The HBO hack is under FBI investigation. Despite corporate assurance to the contrary, many still fear email doxing.

German federal elections are scheduled for next month, and "of course" Russian intelligence services are expected to attempt to influence or otherwise undermine them. Observers think such attempts unlikely to succeed—for one thing, the element of surprise is gone, with influence operations already factored into public opinion.

In the US, the Department of Homeland Security reports that thirty-three states and thirty-six local governments sought cybersecurity assistance for 2016 elections. Longstanding, well-known roadblocks—classification and security clearances—continue to impede such assistance.

Investigations into Russian influence operations (special prosecutor Mueller has moved to establish a grand jury), leaks (from within the Administration) and misuse of intelligence (with Congressional concern) also proceed in the US.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Ireland, Mexico, Nigeria, Russia, South Africa, Thailand, United Kingdom, United States

Get Smart on the Politics of Cyberspace

The future of an open, secure, and resilient internet is anything but certain. CFR’s Digital and Cyberspace Policy program cuts through the rhetoric to help you understand the politics of cyberspace. Through their “Net Politics” blog, reports, briefings, and interactive tools, the program’s leading cyber experts analyze the emerging global rules of cyberspace. Subscribe to their bimonthly newsletter to get their insights in your inbox.

On the Podcast

In today's podcast our partners at Terbium Labs are represented by dark web expert Emily Wilson, who talks about the gun sales and other nastiness she's observing there. Our guest, William Saito, Special Advisor at Cabinet Office (Government of Japan) discusses Japan’s long-prepared cyber security precautions being put in place for the 2020 Tokyo Olympics.

Sponsored Events

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russian Hackers Can’t Beat German Democracy (Foreign Policy) Of course the Kremlin is going to try to hack Germany’s upcoming election. But it’s not going to succeed.

Chinese Telecom DDoS Attack Breaks Record (Dark Reading) A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.

Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak (Graham Cluley) Malware served up to take screenshots and steal passwords.

Game of Thrones unseen episode spoilers leaked (BBC News) A summary of an unseen episode of the hit show and other HBO programmes have been put online by hackers.

HBO Hack: Insiders Fear Leaked Emails as FBI Joins Investigation (The Hollywood Reporter) The company is reeling from a sophisticated cyberattack that potentially compromised seven times the amount of data stolen in the Sony hack as the FBI investigates potential culprits.

As Game of Thrones spoilers leak online, Panda Security issues a stark warning (BetaNews) This week's hack of HBO led to the release of stolen episodes of Ballers and Room 104, and the threat of Game of Thrones leaks. Now the hackers have made good on their threat and uploaded scripts and episode summaries for yet-to-be-aired episodes, and speculation is rife that it is just a matter of time before episodes hit torrent sites such as The Pirate Bay.

This is How CIA Disables Security Cameras During Hollywood-Style Operations (The Hacker News) CIA Agents Use Dumbo USB-based Hacking Tool to Disable Security Cameras And Microphones During Hollywood style Covert Operations

Researchers display “CAN do” skill in vehicle DoS (Naked Security) In the case of vehicles it’s more of a “denial of control” attack

Is mobile phishing the biggest mobile security risk? (Wandera) This report details the extent of mobile phishing and presents data on how and where it's happening with recommendations for keeping your organization safe.

Scam watch: Cyber fraudsters target property buyers and investors (Moneywise) A record number of cyber thefts from law firms – including over half relating to moving home – have been reported from January to March 2017, according to the Solicitors Regulation Authority (SRA).The regulator of law firms in England and Wales has found that the number of reports of cyber theft has tripled in the first quarter of this year compared to the same period last year, with £3.2 million stolen.

7 Everyday Objects Hackers Can Target (Mental Floss) Smart phones, home automation systems, and virtual personal assistants can make life more convenient, but all that connectivity comes at a price.

Security Patches, Mitigations, and Software Updates

Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug (Threatpost) Cisco fixed two high severity vulnerabilities in two products this week that could have let an attacker trigger a denial of service condition or bypass local authentication.

Chrome’s built-in adblocker arrives for early adopters (Naked Security) Google wants to filter the pop-ups, prestitials and sticky ads out of your face

Cyber Trends

Government and Financial Services Most Vulnerable Industries, Warn Developers (Netsparker) Developers think governments & finance industry are the most vulnerable to cyber attacks & IoT devices will be targeted more often

Data Breach Trends (ASIS Security Management) Ransomware and cyber espionage were responsible for many of 2016’s data breaches. These experts say companies can do more to prevent these attacks.

Aussies world's worst ransomware suckers (Financial Review) Australian businesses are nearly twice as likely to pay a ransom demanded by cybercriminals as their counterparts offshore

John McAfee ranks the 10 biggest hacks ever (CSO Online) Tech pioneer John McAfee explains the most damaging and noteworthy cyber attacks of all time.

Marketplace

In defending China demands, Apple loses privacy high ground (ZDNet) Deep dive analysis: Apple says it will 'follow the law' wherever it does business. But questions remain over what happens -- and how the company will react -- when the laws fall foul of the company's privacy promises.

Cyber Security Market Is Growing, And FireEye Is Strong! (Seeking Alpha) What makes us feel that FireEye is an investment worth making. After two years of losses, FireEye posted a 40 percent gain in first quarter of 2017. Growing thr

No End in Sight to FireEye Inc (NASDAQ:FEYE) Growth Problem (Library for Smart Investors (LFSI)) FireEye Inc (NASDAQ:FEYE) surged after the company reported strong second quarter results, as Kevin Mandia’s turnaround strategy continue to work. But ther...

Symantec offloads its certs and web security biz to DigiCert (Register) Reports solid Q1 and makes spats with Google and Mozilla someone else's problem

Splunk: A Great Stock to Defend Against Ransomware (madison.com) Splunk Inc. (NASDAQ: SPLK) recently announced a new product focused on smaller organizations. Splunk Insights for Ransomware, aimed at fighting a global problem that has organizations throughout the world on

McAfee hit by layoffs just months after acquisition by TPG Capital: source (CRN Australia) Sources say cuts hit channel team.

ESET, NITDA Collaborate on Cyberspace Security (THISDAYLIVE) Emma Okonji Determined to put an end to cyber attacks and reduce online insecurity across organisations and tertiary institutions, ESET, a technology security company, has partnered the National In…

As U.S.-Russia Tensions Mount, Should IT Pros be Concerned About Kaspersky? (ITPro Windows) Why one security expert thinks the controversy is overblown

Fort Gordon to announce partnership launch for cyber district Thursday (Augusta Chronicle) The Fort Gordon Cyber District is finally official. The Alliance for Fort Gordon is announcing today the launch of a partnership among military, business and civic leaders to position the Augusta area to best distribute economic benefits expected with the area’s growing boom in cybersecurity jobs and businesses.

What leads women to cybersecurity, and what makes them stay? (Help Net Security) Caroline Wong asked over 300 women employed in the cybersecurity sector about their background, everyday work, and plans and wishes for the future

Women in Cybersecurity: Less than Half Have IT Background (Infosecurity Magazine) Women in Cybersecurity: Less than Half Have IT Background. New report aims to encourage more into the industry

Products, Services, and Solutions

New infosec products of the week: August 4, 2017 (Help Net Security) New infosec products of the week come from the following vendors: AppViewX, BeyondTrust, Forcepoint, Morphisec, XOR Data Exchange, Cato Networks and Lexumo.

Cylance Revolutionizes Consumer Security Market with First AI-Driven Next Generation Antivirus - CylancePROTECT Home Edition (BusinessWire) Cylance® Inc., the company that revolutionized traditional antivirus with AI-powered prevention that blocks everyday malware along with today&rsqu

SyferLock Announces Integration and Sales Partnership to Provide Multi-Factor Authentication for Avatier's Password Station Solution (Benzinga) SyferLock Technology Corporation ... today announced collaboration with Avatier Corporation and provides interoperability of SyferLock's GridGuard™ two-factor and multi-factor authentication solutions with Avatier's Password Station.

Vault One Leverages Ethereum Blockchain Technology To Secure Data (ETHNews.com) Vault One revealed a security solution which utilizes a private Ethereum blockchain to secure corporate data.

Kaspersky (partly) launches its 2018 security products (BetaNews) Every year, with a rather confusing release schedule, Kaspersky’s global office will launch and announce their current range, but only in a select number of territories.

ViewQwest launches suite of managed security services for SMEs (Enterprise Innovation) ViewQwest has a suite of managed services focused on four key areas - cloud access security broker (CASB), managed detection and remediation (MDR), distributed denial of service (DDoS) protection, and managed network security.

SSH Communications Security Partners with Avancer Corporation (Digital Journal) Partnership will strengthen the posture of SSH Security Key Protocol by bringing Identity and Access Management dynamics into play to help manage and control...

IBM expands security cover with IoT, automobile testing services (Business Standard) IBM Security reaches over 100 Indian customers like DHFL and BSE to mitigate cyber threat, by aiding clients in either setting up their own on-premise Security Operations Center (SOCs) or availing services and facilities from the IBM Security

The Rise And Fall Of Faster Payments Fraud (PYMNTS.com) Fraudsters are good at what they do. Payments got faster, but so did criminals. Banks built more defenses, and bad guys jumped over them with glee. But Uri Rivner, BioCatch co-founder, head of cyber strategy and vice president, said in a recent webinar with PYMNTS’ Karen Webster that things are getting better — and the U.S. […]

Morphisec Releases Endpoint Threat Prevention Version 2.0 (PRNewswire) Morphisec, leading developer of Moving Target Defense...

BitSight Provides ProcessUnity Customers Access to Data-Driven Third-Party Security Ratings (GlobeNewswire News Room) Partnership affords continuous visibility into the security of key business partners

WWPass releases free PassHub password manager to protect user credentials (Business Insider) WWPass, a global cybersecurity company that provides identity, authentication and access management (IAM) technology, today announced the immediate availability of PassHub, a free password manager.

Mozilla sets up private, encrypted file sharing service for large files (Help Net Security) Mozilla has launched an online service for private sharing of encrypted files between two users, which ensures shared files do not remain online forever.

Technologies, Techniques, and Standards

Federal cyber assistance sought by dozens of states, local election offices during 2016 race: DHS (The Washington Times) A total of 33 states and 36 local governments asked the U.S. Department of Homeland Security to assess their election systems for vulnerabilities during last year’s White House race, and a handful of others have requested federal assistance in the months since President Trump entered office, according to a newly released document.

Election Officials Still Haven’t Got Clearance to View Russian Hacking Info (Motherboard) It’s August, 2017, and chief election officers across the US still haven’t obtained security clearances.

The 10 Windows group policy settings you need to get right (CSO Online) Configure these 10 group policy settings carefully, and enjoy better Windows security across the office

How do you predict cyber attacks? Listen to your Cassandras (CSO Online) Author R.P. Eddy says it is possible to anticipate and prepare for security threats. It requires listening to your data experts and empowering them with the right tools.

Don't Let a Cyber Attack Stand Between Your Company and a Successful Exit (Entrepreneur) Here are three best practices for enhancing security measures so that cyber attacks don't impede a desirable merger or acquisition.

How to select a suitable incident response program for your organization (Help Net Security) All organizations, regardless of how well they think their walls are fortified, will at some point fall victim to an attack. How they respond to the attack

Identity-in-depth and the evolution of defense (Help Net Security) Rather than be complacent, we need to realize that our approach to security simply is not working. What we need is a revolution, we need identity-in-depth.

How Financial Services Network Security Strategies Have Recently Evolved (Fortinet Blog) Network security has become increasingly complicated for financial services providers due to the popularity of the Internet...

10 tips for effective threat hunting (CSO) Attackers don’t think of their success as optional, hence the effectiveness and success of a threat hunting program is critical.

Password dos and don’ts from Keeper Security (KitGuru) In days where stories of a new hack are a dime a dozen, online security has never been more importan

Design and Innovation

Coinbase says it will support Bitcoin Cash after all — but it isn’t committed to trading yet (TechCrunch) Coinbase, one of the world's largest (if not the) largest cryptocurrency exchanges, has reversed its stance on Bitcoin Cash and said it will introduce support..

From barter to blockchain: A history of money (TechCrunch) The Big Bang brought the universe into existence 13.7 billion years ago. Life first appeared on our planet 3.8 billion years ago. Earth witnessed a hominid...

Facebook's New Security Feature Made Me Think Too Hard About Who My Real Friends Are (Motherboard) Bad opsec is other people.

Academia

Mahanakorn University of Technology and Synacor Launch Zimbra Innovation Center (Multichannel) Mahanakorn University of Technology (MUT) and Synacor (Nasdaq:SYNC) today announced a partnership to launch a Zimbra Innovation Center.

Penn State adds cyber security program (TribLIVE.com) College curriculums across the country are changing in the scramble to meet emerging workforce needs and student demands. In the category of 'what's new on ...

Kaspersky promotes cyber security awareness in schools (IT Web) Around 55% of South African children of schoolgoing age can't live without their smartphones and 30.5% admitted to having received sexual messages online.

Legislation, Policy and Regulation

A home affaires super ministry: Australia’s new national security framework (Global Risk Insights) Australia’s security apparatus is getting a makeover but when it comes to tackling the threat of terrorism is the UK’s Home Office really the best model?

UK home secretary: ‘real people’ don’t want unbreakable encryption (Naked Security) “Real people” just want cheap & easy; they don’t care about stopping crooks and governments from reading their messages, says Amber Rudd.

Trump: we’re at dangerous low with Russia (Times (London)) US relations with Russia have hit a “very dangerous low”, President Trump said yesterday as he accused fellow Republicans on Capitol Hill of risking a new Cold War by limiting his power to make...

Senate Panels Advance Bills to Improve Cybersecurity Skills (Morning Consult) Two Senate committees on Wednesday advanced bipartisan bills designed to incentivize students and encourage small businesses to boost their cyber skills, part of an effort to combat the growing threat from cyberattacks.

Fearing hackers, US senators propose 'internet of things' security standards (RT International) A bipartisan bill proposed in the US Senate seeks to set federal security standards on internet-enabled devices and exempt researchers from federal hacking laws. Its authors and sponsors are leading voices blaming Russia for ‘hacking’ the 2016 US election.

Can US senators secure the Internet of Things? (Naked Security) The US Congress is proposing “The Internet of Things (IoT) Cybersecurity Improvement Act”. Seems like we could do with some of that.

The Security Community, Not Government, Must Fix IoT (On the Wire) The Senate is considering a bill that would force some serious changes in the way that vendors handle the security of the IoT devices they sell, but while the proposed law has strong bones, it shou…

FCC fills vacant seats as Jessica Rosenworcel and Brendan Carr are confirmed by Senate (TechCrunch) You might not think it from the amount of controversy the agency has generated recently, but the FCC has been operating on a skeleton crew of three..

Litigation, Investigation, and Enforcement

Slain activist's lawyers latest known targets of spyware sold to Mexican government (CBC News) The text messages looked innocuous enough — but they actually contained links to a specially crafted webpage designed to silently infect smartphones with powerful surveillance software.

Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con (Motherboard) Marcus Hutchins, AKA MalwareTech, previously registered a specific domain included in the ransomware’s code, which stopped the malware from spreading.

WannaCry Researcher Indicted for Allegedly Creating Banking Malware (Motherboard) On Wednesday, US authorities detained Marcus Hutchins, aka MalwareTech, for his alleged role in creating and distributing the Kronos banking trojan.

British computer expert Marcus Hutchins who helped stop the cyber attack that hit the NHS is arrested by FBI (The Independent) A British computer expert who helped shut down the WannaCry cyber attack that crippled the NHS has been arrested in the US for his alleged role in an unrelated malware attack. Marcus Hutchins, also known as MalwareTech on social media, found a hidden “kill switch” in the WannaCry ransomware virus that hit more than 300,000 computers in 150 countries.

The WannaCry hacker hero was spending big in Vegas before his arrest (The Outline) Marcus Hutchins, credited with stopping a global malware attack, has been arrested by the FBI.

Kronos Indictment R (United States District Court for the Eastern District of Wisconsin) United States of America, Plaintiff, v. [redacted] and Marcus Hutchins, aka "MalwareTech," Defendants

FireEye Assisting National Police of Ukraine with EternalPetya Investigation (BW CIOWORLD) Indian News - , Security-Security firm is assisting law enforcement with forensic investigation of physical machines and data affected by the cyber attack

Reports: Mueller impanels grand jury in Russia probe (UPI) Special Counsel Robert Mueller has impaneled a grand jury to investigate whether Russia interfered in the U.S. presidential election, unnamed sources said.

New Calls for Criminal Investigation of Obama Aides in ‘Unmasking’ Scandal (The Daily Signal) “There was a gigantic uptick in unmasking after the election," says former U.S. attorney Joseph diGenova.

White House fires top security adviser said to have leaked intel (The Times of Israel) Jewish NSC aide Ezra Cohen-Watnick was allegedly involved in helping House intel committee head view classified info pertaining to Trump’s allegations on Obama wiretapping

Trump transcripts released on the eve of coming leak crackdown (Washington Examiner) The White House declined to respond to the latest leak, but President Trump has forcefully condemned previous disclosures.

The Leaks That Hurt Us All (War on the Rocks) Like most news junkies in the United States, I was mesmerized yesterday by the leaked transcripts of President Donald Trump phone conversations with Mexica

Lieff Cabraser and Carney Bates & Pulliam Announce Class Action Lawsuit Against The Walt Disney Company Alleging Violations of Child Online Privacy Protection Laws (BusinessWire) -On behalf of parents in California, the law firms of Lieff Cabraser and Carney Bates & Pulliam have filed a federal class action child privacy protection lawsuit alleging that the Walt Disney Company violates privacy protection laws by exporting children’s personal information from mobile games aimed at children to advertising networks without the parental consent required by federal and state law.

Fired employee caught by keylogger wins case (Naked Security) Spyware isn’t the preserve of foreign militaries and script kiddies

Judge gives former Air Force member 4 years for identity theft (Air Force Times) A former U.S. Air Force member from North Carolina has been sentenced by a Chicago federal judge to four years in prison in an identity theft case.

Russian Botnet Creator Receives 46-Month Prison Sentence (Dark Reading) Federal court sentences the Ebury botnet creator and operator to prison for infecting tens of thousands of servers worldwide.

Family of cyber-bullied NJ girl who killed herself to sue school district for negligence (ABC News) The family of a New Jersey girl who killed herself in June after what they said was "months of relentless" cyberbullying announced plans to sue their school district for negligence, alleging it failed to prevent the abuse, according to their attorneys.

Defendant who texted teen to commit suicide sentenced to 15 months in jail (Ars Technica) Punishment stayed to allow appeals in a novel prosecution testing 1st Amendment.

Local Woman Saved After 911 Dispatcher Tipped Off By Facebook Security (Post-Journal) It’s not every day that Chautauqua County’s 911 center in Mayville gets a call from Ireland.

FCC Imposes $82M Fine for Spoofed Pernicious Robocalls (Infosecurity Magazine) Calls targeted the elderly, the infirm and low-income families, “the dumber and more broke the better.”

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

upcoming Events

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.