The CyberWire Daily Briefing 8.10.17

Summary

By The CyberWire Staff

Reports continue that North Korean targets have been infected with Konni and Inexsmar espionage tools. The incidents are not attributed, but speculation inevitably centers on the likelihood that the cyberattacks have been prompted by Pyongyang's increasingly aggressive and threatening missile and nuclear weapons programs.

Ukrpshoshta, Ukraine's postal service, on Monday and Tuesday came under a sustained distributed denial-of-service attack. Package-tracking was particularly disrupted.

The extortionist "Mr. Smith" claiming responsibility for the HBO hack has escalated his (her? their?) game by releasing mobile phone numbers belonging to Game of Thrones stars. "Mr. Smith" threatens a bigger release today if his demands for a six-month "salary" thought to amount to about $6 million are not met.

SurfWatch publishes an analysis that concludes the big story in cybercrime so far this year has been the extent to which it's been fueled by leaked Government exploits.

The business fallout from Wannacry and NotPetya continues, but observers think that not only could enterprises have done more to fend off the attacks in the first place, but that as a whole the world is lagging in preparing to avoid any recurrence.

A property cyber scam alerts the real estate industry to threats.

SAP patches some nineteen flaws in its products this week. Siemens is at work on a fix for medical scanner vulnerabilities.

Here's a dog that didn't bark: EU observers say Kenya's elections appear to have been conducted without vote-tally manipulation. (But then most "election hacking" has involved influence operations, not directly finagling the count.)

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, France, Iran, Israel, Kenya, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, and United States.

What do AI and machine learning mean for cybersecurity?

We hear about them everywhere in cybersecurity. They sound cutting-edge, but what do they mean? And what value do they add? Find out exactly how significant AI and machine learning are, and how small nuances in their use can make a big difference.

On the Podcast

In today's podcast, we hear from our partners at the University of Maryland's Cybersecurity Center, as Jonathan Katz talks us through an RSA 2048 encryption hack. Our guest, Markus Jacobsson from Agari, weighs in on a proposed cyber threat classification system.

Sponsored Events

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

North Korea Hit By Konni and Inexsmar Malware After Missile Tests (HackRead) An unknown hacking group has been targeting organizations in North Korea with Konni Malware. It is a RAT/remote access Trojan having all those features tha

Malware targets North Korea following nuclear ICBM tests (Cyberscoop) Researchers have stitched together two malware campaigns targeting North Korea, raising suspicion over counteractions tied to the country's aggressive weapons testing.

Ukrainian postal service hit by 48-hour cyber-attack (BBC News) Hackers targeted the system that tracks customer parcels on Ukrposhta's website two days in a row.

FireEye: Some hacking claims exaggerated, others false (TheHill) Last week, a hacker or hackers adopting the nickname "31337" released 32 megabytes of files purportedly from FireEye and one of its analysts, Adi Peretz.

Flaw Or Feature? CarbonBlack Refutes DirectDefense Report Of Data Leak From Endpoint Detection And Response Product (CRN) CarbonBlack says the solution provider is 'incorrect' in saying that it has an architectural flaw that exfiltrates data, while DirectDefense says thousands of files and customer data have been exposed.

Carbon Black Data Leaks – A Good Reminder to Protect Keys (Secplicity - Security Simplified) A security firm published a blog post today explaining how they compromised an endpoint security system. The vendor, Carbon Black, responded in a blog post explaining that this feature is off by default and customers receive a warning when they turn it on. Setting aside the topic of responsible disclosure for the moment, take a look …

Hackers release mobile numbers of 'Game of Thrones' stars and demand millions to stop more leaks (ShortList Magazine) "Mr. Smith" is holding the entire show to ransom

How a port misconfiguration exposed critical infrastructure data (Help Net Security) Nn open port used for rsync server synchronization has left the network of a Texas-based electrical engineering operator wide open to malicious attackers.

Signed Mughthesec Adware Hijacking Macs for Profit (Threatpost | The first stop for security news) Mughthesec, a variant of the OperatorMac adware, has been turning hijacked Macs into revenue-generating machines for the authors.

Can Online Dating Apps be Used to Target Your Company? (TrendLabs Security Intelligence Blog) People are increasingly taking to online dating apps to find relationships—but can they be used to attack a business?

USB connections exposed as 'leaky' and vulnerable (The Lead South Australia) Tests in South Australia reveal USB security issues

When is a VPN not private? When you’re not paying for it (Naked Security) A complaint to the FTC alleges that the free Hotspot Shield VPN isn’t as private as you might think

Take down: Hackers looking to shut down factories for pay (Fifth Domain) AW North Carolina stood to lose $270,000 in revenue, plus wages for idled employees, for every hour the factory wasn't shipping.

How leaked exploits empower cyber criminals (IT Pro Portal) Access to leaked state-sponsored and cybercriminal hacking tools and exploits lead to the surge of cyber attacks during the first half of 2017.

Customers ‘furious’ with TNT after cyber-attack meltdown (FedCyber.com | Information Security Event & Community) “Businesses in Ukraine were hit hardest, and since many TNT operations and communications are based in the country, a significant proportion of its systems were infiltrated and data encrypted – locking employees out – as a result. ‘Manual processes’ are still being used to put packages through the system, and Via OODA Loop

Tech Wisdom: Beating Cyber Risks (Port Technology) Ongoing digitalization of ports is predicted to result in even more complex and networked IT systems, impacting on the ability to manage cyber threats, according to a recent paper.

Cyber experts missed opportunity to pre-empt WannaCry, NotPetya (CRN Australia) If only researchers had paid more attention to Shadow Brokers dump.

Biggest problem is knowing what devices are on the network (Infosecurity Magazine) Two-thirds of security pros not confident organizations have made necessary security improvements since WannaCry and Petya

Cyber Threats, Backdoors and More: 3 Lessons from NotPetya (News Factor) Cyber Threats, Backdoors and More: Three Lessons from NotPetya -- How can organizations protect their software from exploits and backdoors similar to the ones involved in the NotPetya ransomware attack?

PACER vulnerability allowed hackers to access legal docs while sticking others with the bill (Help Net Security) A CSRF vulnerability that allowed attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged.

No signs of manipulation of Kenya vote: EU observers (Reuters) The head of the European Union's election observer mission in Kenya said on Thursday it had seen no signs of "centralised or localised manipulation" of the voting process.

Data breach numbers ‘could be four times higher than reported’ (Jersey Evening Post) Reported data security breaches in the Channel Islands are just the ‘tip of the iceberg’ and the number of attempted hacks could be four times higher than official figures, an IT security expert has warned.

DC couple loses $1.5 million in home-buying cyber attack scam (WTTG) A couple in the District has lost $1.5 million after hackers appear to have directed the money to an account they owned instead of the account of the title company the couple worked with during closing.

Real Estate Is Not Above the (Cyber Attack) Risk (Commercial Observer) CRE folks have been slow to invest in cybersecurity and that needs to change, as technology and real estate become more complex each day.

How to Avoid a Cyberattack: Real Estate Checklist (Commercial Property Executive) Smart homes and advanced building management systems make the industry more relatable, suitable and attractive for young people, but those things that also make it riskier.

Synopsys Fuzzing Report Identifies IoT and Industrial Control Systems Software as Most Vulnerable to Exploits (Business Insider) Synopsys, Inc. (Nasdaq: SNPS), today released its fuzzing report, which provides deep analysis on potential zero-day exploits in the open source protocols and common file formats used across six key industries, including automotive, financial services, government, healthcare, industrial control systems, and Internet of Things (IoT).

DHS Issues Cybersecurity Alert Over Siemens' Medical Scanner Software (Investing News Network) According to the US Department of Homeland Security, a "low skill" attacker would be able to exploit the vulnerabilities of these products.

Sophos advises companies to tread carefully with IoT (Digital News Asia) Sophos researcher finds that many IoT devices pose security risks. Lack of regulation and use of outdated operating systems are root of problems

Amber Rudd tricked by email prankster who duped White House officials (Tripwire: The State of Security) Amber Rudd has been duped into sharing her personal email address with a prankster who has previously embarrassed White House officials.

Security Patches, Mitigations, and Software Updates

SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity (Threatpost) SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.

Scanners to be patched after government warns of vulnerabilities (Naked Security) Siemens says that there’s no evidence its scanners have been compromised – but the patches will be ready by the end of the month

Microsoft Removes Trust from Chinese CAs (Infosecurity Magazine) Microsoft Removes Trust from Chinese CAs. Move follows same decision by Apple, Google and Mozilla

Yahoo! Games' Demise Shows What the Death of Flash Could Feel Like (Motherboard) The parlor games hosted by Yahoo! once represented some of the internet’s best efforts at interactivity—at a time when that interactivity was new. But you can't find those games online anymore.

Cyber Trends

Taking Down the Internet Has Never Been Easier (Dark Reading) Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.

Emerging ‘hyperwar’ signals ‘AI-fueled, machine-waged’ future of conflict (Fifth Domain) Imagine wars fought by swarms of unmanned, autonomous weapons across land, air, sea, space and cyber.

Cyber Threats: key insights from the best reports (Cyber Rescue Ltd.) Threats - understanding Cyber Attacks

Immer mehr Malware im Umlauf (Channel Partner) In der ersten Jahreshälfte wurde jeder Rechner im Schnitt 47,4-mal angegriffen, so oft wie noch nie. Das haben IT-Security-Forscher von G Data beobachtet.

Who is better prepared for IoT-related attacks, SMEs or large organizations? (Help Net Security) When it comes to cybersecurity, it is usually assumed bigger organizations with larger IT budgets have better defenses. In reality, they don't.

Marketplace

Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities (Threatpost) An unnamed firm is paying up to $250,000 for vulnerabilities related to its virtualization platform.

Insurance Matters: Cyber liability – there’s insurance for that! (Napa Valley Register) The phrase “Cyber Liability” has a science fiction chill to it. And it should.

Salesforce fires red team staffers who gave Defcon talk (ZDNet) "As soon as they got off the stage, they were fired."

KeyLogic Systems acquires CrossResolve to expand biometrics services (BiometricUpdate) Engineering firm KeyLogic Systems, Inc. has acquired CrossResolve, a government advisory and strategy services organization focused on biometrics, forensics, and identity programs. The terms of the…

This Maryland firm helps cyber companies get acquired (Technical.ly Baltimore) SC&H Capital helps advise companies as they go through the acquisition process. Director Greg Hogan took us through the process on a recent deal, and provided some thoughts on the current market.

FireEye: Regaining Market Share (Seeking Alpha) Stagnancy in price action after the last earnings beat provides a buying opportunity as FireEye positions to capture gains in key growth niches.

Centrify hits US$100M milestone in annual sales (CSO) Centrify tops US$100M in sales during FY 2017 from strong customer demand for Identity and Access Management (IAM) security to stop data breaches

BlackRock Inc. Acquires 3,362,985 Shares of Qualys, Inc. (QLYS) (BNB Daily) BlackRock Inc. raised its stake in Qualys, Inc. (NASDAQ:QLYS) by 157,222.3% during the first quarter, according to its most recent disclosure with the Securities and Exchange Commission (SEC). The firm owned 3,365,124 shares of the software maker’s stock after buying an additional 3,362,985 shares during the period. BlackRock Inc. owned approximately 9.26% of Qualys worth […]

Air Force awards $24 million research contract to KeyW (Baltimore Sun) U.S. Air Force Research Lab awards $24 million research contract to KeyW

Cyber Command to Hold First Industry Day (Meritalk) The U.S. Cyber Command (CYBERCOM) will begin to exercise its newly granted acquisition authority by the end of 2017 with its first industry day on Oct. 27.

Scottsdale cybersecurity firm opens first international office (Phoenix Business Journal) Fresh off its $10 million Series B round, Trusona has opened its first international office in Tokyo and attracted new, large corporate customers for its secure identity authentication technology.

SparkCognition Adds Former U.S. Defense Department Chief of Staff, Wendy R. Anderson, as General Manager, Defense & National Security (Business Insider) SparkCognition has announced the addition of Wendy R. Anderson to its executive team.

Senior Information Security Leader Steve White Joins ForgeRock as Chief Security Officer (Benzinga) ForgeRock®, the leading open platform provider of digital identity management solutions, today announced that veteran information security expert Steve White has joined the company as Chief Security Officer.

Products, Services, and Solutions

Oxygen Forensic® Detective 9.5 Now Supports 40 Cloud Services w/Addition of Telegram Cloud (Oxygen Forensics) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that it now supports data extraction from 40 different cloud services with the addition of Telegram cloud for its flagship Oxygen Forensic® Detective 9.5 product.

InfoArmor: Actionable intelligence, comprehensive protection (Help Net Security) Protecting corporate assets against cyber attacks requires a combination of sophisticated technology, accurate threat intelligence data and expert strategy.

HashiCorp Vault 0.8 Expands Secrets Management and Security Across Multiple Clouds (Marketwired) HashiCorp, a leader in cloud infrastructure automation, today released HashiCorp Vault 0.8 which includes significant updates to both the open source and enterprise versions, including new secure plugins, disaster recovery, mount filtered replication capabilities, and multi-factor authentication (MFA).

Duo Security partners with VMware to improve cybersecurity for employees working remotely (Concentrate) Employees using their own laptops and tablets can be a big security headache for IT departments. Duo's partnership with VMware aims to change that.

Seattle’s Versive teams up with Cloudera in post-pivot AI security push (GeekWire) Three months after changing its name and deciding to focus exclusively on security, Versive is partnering with Cloudera to bring its artificial-intelligence powered security technology together with…

PhishMe offers free phishing training tool to SMBs (TechCrunch) There are lots of reasons scammers send a phishing email. They may want to get access to the company network or perhaps a quick payout with ransomware. Maybe..

MagTek and DishOut Partner to Deliver Mobility Toolkit for Easier Integration for Pay-at-the-Table, Pay-at-the-Door, Line-busting and Loyalty/Reward Programs (IT Business Net) MagTek, Inc., the world's leading supplier of secure payment technology and transaction web services, announces a partnership with DishOut, LLC, a payment technology company leading the way in mobile and stored-value programs, to offer a toolkit for faster mobile payment offerings.

Consumer Reports pulls recommendation for Microsoft Surface laptops (USA TODAY) Consumer Reports estimates that 25% of Microsoft laptops and tablets will break within two years of ownership.

Technologies, Techniques, and Standards

GDPR: full compliance is impossible - but here are the processes that can get you close (Computing) The GDPR is too much of a legal document to meet every requirement

Security ‘blind spots’ in corporate networks will affect GDPR readiness as race to the cloud speeds up - IBS Intelligence (IBS Intelligence) New research from Gigamon shows that blind spots are leaving organisations struggling to identify the data travelling across their networks.

To Manage Risk Understand Adversaries, Not Just Activity in Your Environment (Security Week) Six years ago the US National Institute of Standards and Technology (NIST) put forth a framework for information security continuous monitoring (ISCM), defined as maintaining ongoing awareness of information security, vulnerabilities and threats to support organizational risk management decisions.

Preparedness & Cyber Risk Reduction Part Five B: Discussion-Based Exercises (SurfWatch Labs, Inc.) Continuing our series on Preparedness, and this mini-series — exercises (see previous post for the intro to exercises) — this installment and the next build on our introduction, and in …

Army field manual provides cyber, electronic warfare template (Fifth Domain) “It’s not perfect, but we didn’t intend it to be perfect. We intended to make sure it could get out so our commanders could have an ability to leverage it,” Lt. Gen. Paul Nakasone, commander of Army Cyber Command, told C4ISRNET.

44% of sampled websites fail password protection assessment (SC Media US) An analysis of 48 popular websites determined that 46 percent of consumer services sites and 36 percent of business services sites had

Password Power Rankings: A look at the practices of 40+ popular websites (Help Net Security) Dashlane created the Password Power Rankings to make everyone aware that many sites do not have policies in place to enforce secure password measures.

Banks join forces to crack down on fraudsters (Financial Times) ‘Phone-printing’ software among tactics to tackle identity theft and cyber attacks

The untapped potential of machine learning for detecting fraud (Help Net Security) E-commerce fraud protection company Signifyd has recently signed up behavioral analytics expert Long-Ji Lin to fill the position of Chief Scientist.

Bug bounties: Crowdsourcing hackers to strengthen cybersecurity (Healthcare IT News) Inviting hackers to attack your network and then paying them for discovering weaknesses seems dangerous. But the U.S. Department of Defense is succeeding with the practice and some infosec firms are specializing in it.

Engaged Leadership Is Key to Effective Security (CIO Insight) Many companies have difficulty assessing the risks versus the rewards, but organizations must ensure that they have standard security measures in place.

Working Against the Tide [declassified] (NSA) Important as it is in peacetime, communications security becomes even more important in wartime. Ultimately, we must reckon wartime failure to secure communications against a background of u.s. casualties and of battles won and lost. As it did in World War II and the Korean War, the United States in Southeast Asia has failed to provide communications security of a sufficiently high degree to deny tactical advantages to the enemy. Once more the United States has lost men and materiel as a result.

Design and Innovation

Reuters: Tesla looking to start testing autonomous semi in “platoon” formation (Ars Technica) The company’s CEO has mentioned that a formal announcement will come in September.

Securing the cockpit: How the military is tackling avionics cybersecurity (Fifth Domain) The cyber threat to systems on individual platforms, particularly weapons, position, navigation and timing systems embedded in U.S. military aircraft, is garnering increased attention.

Sensor overload is overloading the network (C4ISRNET) This problem is expected to get worse in the next 10 years with the increase in boxes and sensors.

A Brief History of 'NSFW' (Motherboard) And how arguably the internet’s most influential acronym is changing.

Research and Development

Chinese quantum satellite sends 'unbreakable' code (Reuters) China has sent an "unbreakable" code from a satellite to the Earth, marking the first time space-to-ground quantum key distribution technology has been realized, state media said on Thursday.

China Has Its DARPA, But Does It Have the Right People? (The Diplomat) China has the institution to fuse civil-military R&D. Now can it attract the necessary talent?

Biohackers Encoded Malware in a Strand of DNA (WIRED) Researchers planted a working hacker "exploit" in a physical strand of DNA.

Legislation, Policy and Regulation

France names new chief of procurement office (Defense News) A burning issue for the incoming DGA chief will be how to implement the €850 million defense budget cut this year, as decisions will be needed on which programs will be delayed.

Internet of Things Cybersecurity Act – An ‘A’ for effort [Commentary] (Fifth Domain) We all know that the internet is rooted in one “A” (Availability) but not in another very important “A” (Authentication).

Can the U.S. stop malware and buy it at the same time? (FCW) The U.S. government walks a fine line of prosecuting alleged hackers and buying malware and other software vulnerabilities.

Litigation, Investigation, and Enforcement

Tracking terrorists online might invade your privacy (BBC) Criminals brew their plans online and in texts. Authorities want to stop this – but an act in the UK shows the complication between keeping the public safe and respecting its privacy.

Hero or villain? Questions cloud Milwaukee charges against British cyber security expert (Milwaukee Journal Sentinel) Marcus Hutchins, 23, was to appear in court in Wisconsin Tuesday but hearing was postponed

Israeli Teen Accused of Running Bomb Threat Service Against Jewish Community Centers On Dark Web (HackRead) The authorities believe he is part of a larger bomb-threat-for-hire scheme on the Dark Web Jewish centers received over a hundred bomb threats this year du

The JCC Bomb-Threat Suspect Had a Client (The Atlantic) Newly unsealed FBI documents suggest the Israeli arrested for sending the threats was selling his services for a fee.

Alleged vDOS Operators Arrested, Charged (KrebsOnSecurity) Two young Israeli men alleged by this author to have co-founded vDOS — until recently the largest and most profitable cyber attack-for-hire service online — were arrested and formally indicted this week in Israel on conspiracy and hacking charges.

Iranian nationals charged with hacking, extorting US merchant (Fifth Domain) An indictment filed in Columbia, South Carolina alleges the criminal acts and intentions of two Iranian nationals.

FBI unmasks Tor-using suspected sextortionist (Help Net Security) A California man that stands accused of sextortion has been identified by the FBI through the use of a so-called Network Investigative Technique (NIT).

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

upcoming Events

Embracing Innovation and Diversity in Cybersecurity (Washington, DC, USA, August 11, 2017) Drawing from the experience of a panel of experts in the field, this event will explore how diversity in thought perspective, background, and professional experience is instrumental to solving today’s cybersecurity challenges. The conversation will examine how each speaker found their career, what advice they would give to others following in their footsteps and recommendations on how to increase diversity in the cyber workforce through mentoring and education initiatives.

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.