The CyberWire Daily Briefing 8.9.17

Summary

By The CyberWire Staff

Venezuela's ongoing political and economic crisis has prompted not only fighting, but now, according to reports, a hacktivist group associated with the rebels has conducted cyberattacks against sites in that country. Most, but not all, of the affected services belong to the Venezuelan state. The group claiming responsibility calls itself "the Binary Guardians."

Researchers at security firm Intezer describe anti-Israeli, pro-Palestinian wiper malware "Israbye" currently circulating in the wild. It's not cryptoransomware, since it offers no prospect of file recovery until such time as Israel “disepeare” [sic]—effectively, of course, no prospect of recovery at all. It also doesn't encrypt files. Rather, it replaces their content with anti-Israel messages.

The remote-access tool KONNI has been linked to the DarkHotel threat group by Cylance, which has observed KONNI activity against North Korean targets since that country's latest rounds of missile tests. Neither KONNI nor DarkHotel have been attributed, yet.

Such attribution is of course famously difficult. One attack, "OnionDog," thought by many to have been a targeted attack against South Korean targets, turns out, according to Trend Micro, to have been a Republic of Korea cyber drill.

Investigation into the HBO hack and extortion continues, with both Mandiant and the FBI involved.

Microsoft and Adobe issued a large number of critical patches yesterday.

Russia's President Putin, to Georgian and NATO chagrin, has visited the Russian-occupied province of Abkhazia, which may foreshadow a shift in hybrid war efforts to the Caucasus.

The FBI makes an arrest in an unusually repellent death-threat-and-cyber-extortion case.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Georgia, Israel, Democratic Peoples Republic of Korea, Republic of Korea, NATO/OTAN, Russia, United Kingdom, United States and Venezuela

What do AI and machine learning mean for cybersecurity?

We hear about them everywhere in cybersecurity. They sound cutting-edge, but what do they mean? And what value do they add? Find out exactly how significant AI and machine learning are, and how small nuances in their use can make a big difference.

On the Podcast

In today's podcast we hear from our partners at the SANS Institute and their Stormcast podcast, as Johannes Ullrich discusses weak two-factor authentications systems. Our guest is Tim Erlin from Tripwire, who talks us through the results of their Infosecurity Europe 2017 survey.

Sponsored Events

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Venezuela: Hackers backing rebel group launch cyber attack (One India) Hackers lending support to an armed rebel group launched a cyber attack on over a dozen website, mostly belonging to the state, in Venezuela.

Anti-Israeli wiper malware locks data that can't be restored (HackRead) Researchers of an Israeli cyber security firm Intezer have discovered a dangerous wiper malware targeting users and spreading anti-Israeli content over the

Malware targets North Korea following nuclear ICBM tests (Cyberscoop) Researchers have stitched together two malware campaigns targeting North Korea, raising suspicion over counteractions tied to the country's aggressive weapons testing.

OnionDog is not a Targeted Attack—It’s a Cyber Drill (TrendLabs Security Intelligence Blog) In this blog post, we will look into smaller scale attacks in which an actor group allegedly attacked high profile targets working in the energy and transportation sector of South Korea for more than three years in a row. These attacks, which are known as OnionDog, received some publicity in the media. A perfunctory look into these actors' activities might easily lead to hasty conclusions on attribution. We had a more thorough look, in which we reached an interesting conclusion: OnionDog is not a targeted attack. OnionDog is a cyber drill.

Flaws in ISP gateways let attackers remotely tap internet traffic (HackRead) Defcon is the most important event for the DIY hacking community and this year too, the conference was held in the same spirit. We got to learn about a var

HBO Hackers Dump Script for Game of Thrones Episode 5 (BleepingComputer) The group who announced they hacked HBO last week have leaked new files from the company's servers, via private emails to the press and a website for everyone else.

HBO 'Game of Thrones' cyber hack: Same scam, different players (Fox Business) Time Warner’s $85B merger may be tainted by the HBO breach.

Pentest firm calls Carbon Black "world’s largest pay-for-play data exfiltration botnet" (CSO Online) On Wednesday, DirectDefense, Inc. disclosed that they've discovered hundreds of thousands of files from Carbon Black customers. The discovery is said to pose a significant risk to Carbon Black's clients, because of the company's dependence on third-party multiscanners in the Cb Response product.

FireEye Says Network Secure After Analyst Accounts Compromised (Security Week) On July 31, 2017, a hacker claimed to have been deep inside Mandiant's infrastructure. FireEye, which bought Mandiant for $1 billion in January 2014, responded: "Our investigation continues, but thus far we have found no evidence FireEye or Mandiant systems were compromised."

FireEye's Post Mortem: Analyst Didn't Change Passwords (BankInfo Security) It’s a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst’s personal online accounts was enabled by the

Attacks on manufacturing industry continue to rise (Help Net Security) The manufacturing industry was the most heavily targeted industry across NTT Security clients during Q2 ’17, accounting for 34 percent of attack activity.

Bitcoins lost from wallets disappear into the unknown (Software Testing News) More than US$140,000 worth of bitcoins have been removed from online wallets, previously paid by WannaCry victims.

Three-quarters of firms upped cybersecurity after WannaCry (Irish Tech News) DataSolutions today announced the results of a survey, which found that 73% of companies have made changes to their IT security as a direct result of the WannaCry ransomware incident.

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity (Threatpost) Attackers behind APT campaigns have kept busy in Q2 2017, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.

More pseudo-ransomware attacks are probably on the way (TechCrunch) The last few months saw some major malware moments, most notably the WannaCry and NotPetya (a.k.a. ExPetr/Nyetya/Petya) attacks. Kaspersky Labs' quarterly..

Engineering Firm Leaks Data on Dell, SBC and Oracle (Threatpost) Power Quality Engineering publicly exposed sensitive electrical infrastructure data on the public internet tied to Dell Technologies, SBC, Freescale, Oracle, Texas Instruments and the City of Austin.

Aussie Blood Data Breach Stemmed from Third Party Error (Infosecurity Magazine) Aussie Blood Data Breach Stemmed from Third Party Error. Australian Information Commissioner passes judgement

Malicious code in the Node.js npm registry shakes open source trust model (CSO Online) Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?

iPhone users suffer twice as many mobile phishing attacks as Android users (Wandera) 25% of all web-based mobile phishing attacks come from games

Android vs iOS: Which is more secure? (Computerworld) While all mobile devices have inherent security risks, Android has more vulnerabilities because of its inherent open-source nature, the slow pace with which users update the OS and a lack of proper app vetting.

How are people fooled by this? Email to sign a contract provides malware instead. (SANS Internet Storm Center) Many security professionals often review malicious spam (malspam) as part of their daily work. If you fall in this category, every once in a while you run across an email so obviously malicious, you wonder how people could be fooled by it. I saw one such email on Tuesday 2017-08-08.

Chances are "You've Got Mail" Problems (SC Media US) You've Got Mail was on the big screen nearly 20 years ago. Thinking back to the excitement of the “ding!” and “you've got mail” each time a message appeare

Defense agencies top list of U.S. government with stolen data on darknet, Denver company finds (The Denver Post) U.S. defense agencies ranked higher than non-defense agencies for the amount of stolen data available in the online underworld where cyber criminals often hawk stolen credit cards, according to a n…

Overwatch DOWN as Blizzard servers facing technical problems (HackRead) The official Twitter account of Blizzard Customer Support has revealed that their servers are facing issues affecting Overwatch. Therefore, Summer Games 20

ESET changes torrents post after charges of spreading FUD (iTWire) Anti-virus firm ESET has made changes to one of its posts about torrent files and clients, after an op-ed published on iTWire gained an airing on...

Security Patches, Mitigations, and Software Updates

Critical Security Fixes from Adobe, Microsoft (KrebsOnSecurity) Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on.

Plenty to as Microsoft and Adobe Fix 115 Bugs (Infosecurity Magazine) Plenty to as Microsoft and Adobe Fix 115 Bugs. At least none are being actively exploited in the wild

Patch now: These "critical" security bugs affect all versions of Windows (ZDNet) Microsoft patched 48 separate vulnerabilities — the majority of which were the highest "critical" rating.

Microsoft's August Patch Tuesday Fixes 48 Security Issues (BleepingComputer) Microsoft released the August 2017 Patch Tuesday security bulletin, and this month the company fixed 48 security issues in six of its main product categories.

Microsoft issues out-of-band security updates for Outlook, Office (Naked Security) If you haven’t picked up these updates, now is a good time to do them

The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech? (Dark Reading) When researchers find vulnerabilities that leave older systems exposed, should the software giant create patches or encourage upgrades? Experts weigh in.

Cyber Trends

Get Ready for the 2038 'Epocholypse' (and Worse) (Dark Reading) A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.

Emerging ‘hyperwar’ signals ‘AI-fueled, machine-waged’ future of conflict (Fifth Domain) Imagine wars fought by swarms of unmanned, autonomous weapons across land, air, sea, space and cyber.

Security leaders: Prepare now for the convergence of IT, OT and IoT (CSO Online) Adi Dar, CEO of Cyberbit, talks about what happens when IT, OT and IoT combine and how security leaders need to prepare.

10 most influential figures of the cybersecurity world (IT Pro Portal) One of the best ways to stay updated with the most recent industry changes is to follow the top giants in the security industry.

Majority of Cybersecurity Experts Agree: Fake News Influenced US Elections; Only Education Can Prevent it from Happening Again (PRNewswire) DomainTools, the leader in domain name and DNS-based cyber threat intelligence,...

The Human Side of Cybersecurity (Sys-Con Media) As the waves of ransomware hitting the shores of companies around the world prove, today’s cybersecurity balance still tips toward the bad guys.

Marketplace

Symantec to Obtain Fireglass—the Israeli Cyber Security Company (Monotone) Symantec Corp. is purchasing Fireglass, the Israeli cyber security startup, the company claimed this week, in a small contract developed to drive its products that safe guards web browsing and corporate email from threats.

Cybersecurity Services Provider BlueteamGlobal Raises $125 Million (eSecurity Planet) The company will offer threat monitoring and cyber defense security services to enterprises and SMBs.

Five Hot Atlanta Startups (NewsCenter.io) Silicon Valley has long been hailed as the country’s largest and hottest startup hub, but other cities are quietly emerging as powerful regional centers of innovation and entrepreneurship. From Los Angeles’ Silicon Beach to Colorado’s Silicon Slope, up-and-coming tech hubs are challenging the notion that …

The Symantec-Google feud can't be swept under the rug (TechTarget) The feud between Symantec and the web browser community, most notably Google, appears to be over now that DigiCert has agreed to acquire Symantec Website Security for close to $1 billion.

How Peter Thiel's Secretive Data Company Pushed Into Policing | Backchannel (WIRED) A Backchannel investigation reveals the difficult issues police and communities face when they adopt the secretive firm’s data-scooping software.

NAO wins Navy cyber contract (C4ISRNET) If all options are exercised, the contract is scheduled to be completed by August 2023.

From the Battlefield to the Security Operations Center: A New Collar Approach to the Skills Gap (Security Intelligence) Many companies, including IBM, are taking a new collar approach and recruiting ex-military personnel to fill woefully understaffed cybersecurity positions.

Citing 'confidence gap' in American tech workforce, CompTIA creates professional association (Cyberscoop) CompTIA's new workforce play — the Association of Information Technology Professionals — will advocate and offer certifications for would-be IT employees.

Trusona Brings THE #NoPasswords Revolution to Asia Pacific Markets (NBC 12) Identity authentication trailblazer hires experienced managing director to lead the expansion

IBM sues CIO Jeff Smith to stop him moving to Amazon Web Services (CRN Australia) Telstra, Suncorp veteran accused of hiding secret communications.

McAfee promotes Adam Boreham to channel director (CRN Australia) Replaces outgoing director Luke Power.

Products, Services, and Solutions

School District Combats Ransomware and Saves over $60,000 with Netwrix Auditor (Netwrix) Complete visibility into activity across the environment enabled Whiteriver Unified School District to withstand a ransomware attack and secure vital information

Tripwire Launches Industry-First Advanced Docker Container Vulnerability Scanning, Reducing Security Blind Spots (BusinessWire) Tripwire's IP360 vulnerability management solution expanded to offer innovative scanning of non-running containers for better visibility into DevOps.

Comodo Launches Online Certification Academy to Help Users Maximize Impact of Powerful IT and Security Management Platform (Business Insider) Comodo, a global innovator and developer of cybersecurity solutions and the world's No. 1 certificate authority, today announced the launch of the Comodo Academy, an online educational portal, to grant certification to thousands of managed service provider (MSP) and IT department users of Comodo ONE, its comprehensive IT and security management (ITSM) platform.

How Windows to Go can keep data secure for business travelers (Computerworld) Worried about workers traveling internationally with sensitive company data on a laptop? A Windows to Go USB stick might be the answer for intrusive searches or bans on airplanes.

Schneider Electric and Claroty partner to address safety and cybersecurity challenges in global industrial infrastructure (WebWire) Claroty, an innovator in Operational Technology (OT) network protection, and Schneider Electric, the global specialist in energy management and automation, announced today that they are partnering to address safety and cybersecurity challenges for the worlds industrial infrastructure. Under the terms of the agreement, Claroty will market its real-time OT/ICS network monitoring and detection solution to Schneider Electrics customers through the companys Collaborative Automation Partner P...

NetWorks Group Joins “Carbon Black Connect” Partner Program as an MSSP Partner (IT Business Net) NetWorks Group, a leading provider of security monitoring and ethical hacking services, today announced it has joined the “Carbon Black Connect” Partner Program as a managed security services provider (MSSP) partner.

RedLock Announces a 100 Percent Commitment to the Channel (BusinessWire) RedLock announces its CloudView Channel Program to enable partners to grow their business by offering the most comprehensive cloud security solution.

Technologies, Techniques, and Standards

The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d! (Wall Street Journal) Bill Burr’s 2003 report recommended using numbers, obscure characters and capital letters and updating regularly. As his advice is overturned, he feels regretful.

Best practices for passwords updated after original author regrets his advice (The Verge) A vast majority of the trusted tips and tricks we employ when crafting a custom password actually make us more vulnerable to hackers, according to the expert who popularized the tips back in 2003.

Dashlane's 2017 Password Power Rankings Reveal How Consumer and Enterprise Websites Handle User Security (PRNewswire) Today, password manager Dashlane releases its 2017 Password Power Rankings,...

When it comes to mobile, are passwords too risky but smartcards too cumbersome? (WTOP) Today, advances in IT security make it more difficult for criminals to access business or government computer systems.

New Consortium Promotes Proper Data Sanitization Practices (Dark Reading) The International Data Sanitization Consortium (IDSC) will create guidelines and best practices for sanitizing data on hardware devices.

Automating Defenses Against Assembly-Line Attacks (Dark Reading) A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.

Social media exploitation key in Trump’s 'extreme vetting' program (CSO Online) Trump administration seeks help from tech firms to create an "extreme vetting" program for immigrants to the U.S. Documents indicate IBM is interested.

Don’t be a sitting duck as IoT threats mount (IT-Online) As the Internet of Things (IoT) continues to gain traction, organisations will have to reassess their security practices to accommodate the increase in security alerts.

Simplicity: The Most Overlooked Principle of Warfare (SIGNAL Magazine) “I need solutions that are simple and intuitive and do not require field service reps, to be very blunt.”-- Lt. Gen. Paul Funk II, USA, commander, III Corps

U.S. Army Cyber Doctrine Making a Difference (SIGNAL Magazine) The Army’s first doctrine for fighting in the cyberspace and electronic warfare domains already is changing the way the service operates.

Clearing Your Digital Advertising to Avoid Liability (Galkin Law) Digital advertising raises many unique legal issues. Perspectives from an Internet lawyer for avoiding liability.

Design and Innovation

High hopes for ‘more secure’ forked version of Bitcoin (Naked Security) Forking Bitcoin gives the cryptocurrency a new direction – but although there are high expectations for Bitcoin Cash, it faces threats

Yes, Bitcoin Has No Intrinsic Value. Neither Does a $1 Bill (WIRED) Fears about virtual currency bitcoin echo concerns about earlier financial innovations, like paper money.

Sony wants to digitize education records using the blockchain (TechCrunch) Sony said today that it has finished developing a digital system for storing and managing educational records on the blockchain. The Japanese firm is now..

Research and Development

AI Will Make Fake News Video — and Fight It As Well (Defense One) Just weeks after one research team appeared to put words in a leader’s mouth, here comes a new tool that can check questionable video for a pulse.

Legislation, Policy and Regulation

Putin Heads to Occupied Georgia Territory on War Anniversary (Foreign Policy) It’s a slap at Mike Pence and Georgia itself nine years after the Russian invasion.

NATO criticizes Putin visit to disputed Georgia territory (POLITICO) Russian president visits Abkhazia on anniversary of brief war over the territory.

Russland: Wirtschaftliches Kriegsrecht (Frankfurter Allgemeine) Der Kreml hat in der russischen Wirtschaft das Kriegsrecht verhängt, und er fühlt sich sehr wohl damit. Das musste auch Siemens feststellen. Ein Kommentar.

Russia and the US are jittery about spies. But facts are hard to come by (the Guardian) Amid the allegations swirling around Washington sits a private company called the Kaspersky Lab. But beyond that, nothing is clear

We can't rely on black swans: Three areas to improve cyber policy now (Help Net Security) What will it take for cybersecurity policy to finally catch up to the digital age? Learn more how you can improve cyber policy right now.

New UK data protection law to offer more control to users (Help Net Security) UK citizens will have more control over how their personal information is used by businesses, and the right to demand from social media companies and onlin

UK essential service operators with poor cyber security face massive fines (Help Net Security) Organisations who fail to implement effective cyber security measures could be fined as much as £17 million or 4 per cent of global turnover.

NotBeingPetya: UK critical infrastructure firms face huge fines for lax security (Register) Makes you WannaCr... we mean WannaPatch

NIS Directive plans show UK is serious about tackling cyber threats (ComputerWeekly) UK government plans to implement the EU’s network and information systems (NIS) directive have been welcomed for assuring its commitment to cyber defence post-Brexit

Security industry welcomes planned UK Data Protection Bill (ComputerWeekly) The cyber security industry has generally welcomed planned UK data protection legislation, but some say it is hypocritical in the light of the Investigatory Powers Act.

Army cyber general: ‘What a difference a year makes’ (Fifth Domain) Maj. Gen. John Morrison, commander of the Army Cyber Center of Excellence at Fort Gordon, Georgia, highlighted some of the flashpoints for progress within the last year during his opening keynote address at TechNet Augusta.

EFF files court brief urging warrants for digital device searches at borders (TechCrunch) The EFF has filed a court filing pressing for warrants be required for searches of mobile phones, laptops and other digital devices by federal agents at..

ACLU: Absent warrant standard, police could monitor anyone via location data (Ars Technica) Opening brief filed in Carpenter, an important privacy case pending at Supreme Court.

Former CIA operative Valerie Plame says privacy is precious — and she should know (TechCrunch) Back in 2003, Valerie Plame was working for the CIA overseas trying to protect the world from rogue nuclear proliferation -- nothing too important or..

New Law Requires State Employees To Undergo Cybersecurity Training (CBS Local) Every day there are attacks on state government computer systems.

Litigation, Investigation, and Enforcement

Arraignment postponed for UK expert who halted WannaCry (Fifth Domain) The arraignment planned for Tuesday of a British cybersecurity researcher, who was arrested last week in Las Vegas on federal charges that he created and distributed a malware program to obtain banking passwords from unsuspecting computer users, has been postponed until next week.

Police bust cyber attack ring accused of causing millions in damage (The Times of Israel) Pair of key suspects believed to have earned over $600,000 from website offering service that crashes internet servers on demand

The Trump Administration’s Leakers Deserve to Be Investigated (Foreign Policy) But Jeff Sessions might not be up for the job.

Backlash over RBS bank chief’s online fraud remarks (Scotsman) The head of the Royal Bank of Scotland has warned that victims of bank fraud should not expect automatic refunds.

California man charged in 2015 Plainfield cyber death threats (13 WTHR Indianapolis) Charges will be announced in the case that began with a Facebook profile under the name of "Brian Kil" making threats against Plainfield students and a mall.

FBI account of tracking and arresting an online ‘sextortionist’ is grimly satisfying (TechCrunch) Tales of internet trolls and worse things are common to hear about — that is, if you're not experiencing their effects yourself, as many are. But while..

Suspected sextortionist hiding behind Tor is outed by booby-trapped video (Ars Technica) "Brian Kil" terrorized minors for years. Last month, a hack gave agents a big break.

Hotspot Shield VPN accused of redirecting user traffic to advertisers (HackRead) A renowned privacy group Center for Democracy & Technology (CDT) has accused Hotspot Shield VPN developed by AnchorFree, Inc. of violating user privacy

Prison Time for Manager Who Hacked Ex-Employer's FTP Server, Email Account (BleepingComputer) Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues.

The Police Loves Naming Its Spying Tools 'Skynet' (Motherboard) Why would anyone name their project this?

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

upcoming Events

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

Embracing Innovation and Diversity in Cybersecurity (Washington, DC, USA, August 11, 2017) Drawing from the experience of a panel of experts in the field, this event will explore how diversity in thought perspective, background, and professional experience is instrumental to solving today’s cybersecurity challenges. The conversation will examine how each speaker found their career, what advice they would give to others following in their footsteps and recommendations on how to increase diversity in the cyber workforce through mentoring and education initiatives.

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.