Security in the boardroom. Cyberattack on USS McCain? (Maybe, but probably not.) Ukraine braces for wave of cyberattacks. New malicious apps in Google Play. US state cyber regs.

Cyber Attacks, Threats, and Vulnerabilities

Ukraine cybersecurity firm detects possible new malware attacks ahead of independence day (The Japan Times) Ukrainian cybersecurity firm ISSP said on Tuesday it may have detected a new computer virus distribution campaign, after security services said Ukraine cou

U.S. Navy considers possibility of cyber attack after ship collision (CSO Online) U.S. Navy officials have gone on record to say hacking will be looked at as a possibility as the cause of the USS John S McCain collision.

US Navy investigating whether its crashed ship was hacked (Updated) (HackRead) It's no surprise that ships can be hacked but did someone hack USS John S. McCain on Monday when it collided with an oil tanker near Singapore? Adm. John R

At-sea disasters came during ‘the most basic of operations,’ Pacific Fleet CO says (Navy Times) Recent at-sea disasters that led to sailor deaths occurred while conducting basic duties like anchoring, navigation, surface ship contact management and carrier qualifications, Pacific Fleet commander Adm. Scott Swift said Tuesday, according to an internal message obtained by the Navy Times.

US Navy collisions ‘pose growing threat’ to Chinese ships (South China Morning Post) Concerns grow after the second deadly incident involving a US warship in three months

Are Cyber Weapons Too Dangerous to Use? (War on the Rocks) The novelist Kurt Vonnegut once imagined a fictional substance called “ice-nine” that could turn any liquid into ice.

Malware on Google Play abusing Accessibility Service (Cloud Security Solutions | Zscaler) Each day as we track mobile malware payloads, we can see our signatures triggered by various banking Trojans apps. But on August 21, one sample triggered a special alert, because it was shown to be available on Google Play.

Does your resume contain malware? LinkedIn bug could have allowed hackers to spread malicious code (International Business Times UK) A flaw in LinkedIn Messenger could have let hackers upload malware-laced files and infect users.

Dumping Data from Deep-Insert Skimmers (KrebsOnSecurity) I ecently heard from a police detective who was seeking help identifying some strange devices found on two Romanian men caught maxing out stolen credit cards at local retailers.

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency (New York Times) So-called phone porting attacks are exposing a vulnerability that could be exploited against anybody with valuable emails or other digital files.

Hackers stole over $500,000 from Enigma cryptocurrency investors (Help Net Security) Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.

‘Smart’ solar power inverters raise risk of energy grid attacks (Naked Security) Researcher identifies a weakness in the software layer – and reminds us that we’re placing a lot of trust in vendors to implement decent security in formerly passive devices

Foxit backtracks after declining to fix zero-days exposed by ZDI (Naked Security) If you use Foxit’s PDF reader, make sure you update – and stick with Safe Reading mode until you do

Malicious script dropping an executable signed by Avast? (SANS Internet Storm Center) Yesterday, I found an interesting sample that I started to analyze… It reached my spam trap attached to an email in Portuguese with the subject: "Venho por meio desta solicitar orçamento dos produtos” ("I hereby request the products budget”).

Ropemaker Email Exploit Exposes Desktop Clients to Security Risks (eWEEK) The email security vendor releases a report on a new type of email exploit that neither Apple nor Microsoft sees as a risk.

Online Extortion Campaigns Target Users, Companies, Security Researchers (BleepingComputer) During the past week, there has been a sudden surge in online extortion campaigns, against regular users and security researchers alike.

Adversaries’ New Strategy: Cyber Attacks Designed for Destruction, Not Just Disruption? (Cisco Blogs) As defenders, one of our key objectives is to help organizations and individual users understand the threat landscape so they can reduce their exposure to cyber threats.

Destruction of service: How ransomware attacks have changed (SearchSecurity) New ransomware variants like WannaCry and NotPetya have introduced destruction of service attacks. Here's what you need to know about them.

Microsoft warns that hackers are increasingly targeting cloud accounts (Inquirer) Firm says that number of attacks tripled in the first quarter

Cyberwarfare: An Outage of a Major Cloud Service Provider Due to Cyberattacks Could be as Damaging as Hurricane Katrina (Formtek) Hacking and cyberattacks are growing in their frequency and intensity. They have also become increasingly more sophisticated in how they target their victims.

Threat Intelligence News: August 22, 2017 (LookingGlass Cyber Solutions Inc.) Threat intelligence news on cybersecurity, phishing, & threats to various industries from LookingGlass Cyber Solutions, August 8, 2017.

Leaked: Private photos of Tiger Woods, Miley Cyrus, Kristen Stewart and others (HackRead) It's another day another privacy breach. Hackers have leaked personal and private photos of top celebrities in what is being labeled as 3.0 leak. This time

Cyber Trends

72% of Government Entities Worldwide had their Security Compromised in 2016 (Netwrix) The government sector is lagging behind in implementing modern security that goes beyond perimeter defense, finds 2017 Netwrix IT Risks Survey.

Independent Research Quantifies Growing Security Management Gap and Business Impact of External Web, Social, and Mobile Threats; Digital Transformation Emboldens Cyber Adversaries (GlobeNewswire News Room) 68% of IT organizations have no to modest confidence to manage digital threats, despite a majority significantly increasing their near-term digital defense investments

Here we go again: DDoS attacks on the rise! (Help Net Security) Unfortunately DDoS attacks rise again! The number of DDoS attacks in Q2 of 2017 increased by 28 percent quarter over quarter.

From Chasing Risk Lists to ASN Policies: Large-Scale Analysis of Risky Internet Activity (Recorded Future) Our research reveals that using large-scale historical threat data can alert researchers to geographies and ASNs that are likely to contain risky IPs.

90 per cent of hacked firms fess up to running unpatched systems (Inquirer) That's like kicking yourself in the nads

Spohn: Using Artificial Intelligence to Counter Cyber Threats (PRWeb) In a constantly evolving digital threat landscape where firewalls and antivirus programs are considered tools of antiquity, companies are looking to utilize more technologically advanced means of protecting crucial data.

Marketplace

Versive Raises $12.7 Million Behind Significant Market Advantage and Demand for AI-Powered Cybersecurity Solutions (BusinessWire) Versive, the leader in mission-focused adversary detection, announced it has raised an additional $12.7 million in funding.

EY acquires Australian cybersecurity firm Open Windows IDENTITY (null) Big Four firm EY has bolstered its Asia-Pacific cybersecurity services offering with the acquisition of Melbourne-based Open Windows IDENTITY.

Northrop Grumman Wins Contract Extension to Provide UK’s Forensic and Biometric Capability (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) has been awarded an extension to its existing contract with the Home Office to continue providing services, systems operations and maintenance for the Forensic and Biometric Interim...

Cisco: On The Way Down (Seeking Alpha) Seventh consecutive quarterly fall in revenue, most market sectors slide, with forward guidance down. Past years of layoffs, cost cutting, loss of market share,

Symantec's reinvention is merely a repeat of a failed strategy (Verdict) Symantec, the world's largest cyber security firm, has a plan to shore up its most profitable business, but history suggests it won’t be successful.

vArmour Exponentially Grows Patent Portfolio, Focusing on Application Policy and Automation (Marketwired) Recently awarded patents support security teams with intent-based and automated policy

Why Qualcomm Acquired A Machine Learning Startup (Forbes) Last week, Qualcomm announced that it had acquired Netherlands-based machine learning startup Scyfer for an undisclosed amount.

Meltwater acquires Cosmify to strengthen its data intelligence services (ITP Net) Meltwater cements its commitment to data science and machine learning with latest acquisition

Eccalon and CyberPoint Announce Strategic Partnership (CyberPoint) Today, Eccalon announced a strategic partnership with the Maryland-based global cybersecurity technology company, CyberPoint. The partnership aims to develop next generation cyber tools for advanced manufacturing and to increase the cybersecurity industry's overall capability.

Maryland cyber group aims to decrease number of unfilled industry jobs (Baltimore Business Journal) The Cybersecurity Association of Maryland Inc. is launching a new online jobs platform in partnership with Germantown job-seeking firm SkillSmart.

Cybersecurity Innovator Farsight Security Adds Two Domain Industry Leaders to Their Growing Team (DN Journal) It seems a day rarely passes without another company being victimized by a cyber attack of one kind or another.

Products, Services, and Solutions

Webroot and NinjaRMM Expand Partnership (Webroot) Expanded Security Service Offering includes DNS Protection and Integrated Console, Allows NinjaRMM Clients to

Illumio Launches the Next Wave of its Micro-Segmentation Technology Through New Breakthroughs in Visualization and Policy (Illumio) Illumio news release: Illumio Launches the Next Wave of its Micro-Segmentation Technology Through New Breakthroughs in Visualization and Policy

BDI Global Launches Dedicated Cyber Risk Insurance Program For Small Health And Telehealth Providers (PRNewswire) Health and telehealth providers face complex and rapidly evolving cyber risks....

Netscape’s Jim Clark launches CommandScape, a building management system for commercial and premium properties (VentureBeat) As a creator of some of the internet's biggest brands, Jim Clark should require little introduction. But the 73-year-old Texan billionaire doesn't garner the same kinds of headlines as Bill Gates, Steve Jobs, or Mark Zuckerberg.

Lastline to Power IBM's Advanced Malware Protection Offering (BusinessWire) Lastline Inc., the leader in advanced network-based malware protection, today announced IBM® Security has selected the company’s award-winni

The Power of the ThreatQ Open Exchange API – Part 1 (ThreatQuotient) In this blog series, we will cover many use cases for working with the ThreatQ Open Exchange API.

Technologies, Techniques, and Standards

What's needed for the first NYS DFS cybersecurity transitional phase? (Help Net Security) The NYS DFS cybersecurity transitional phase is upon us. Organizations will have the opportunity create a phased approach.

Air Force developing geospatial intel system (C4ISRNET) BlackSky Geospatial Solutions has been awarded a $16.4 million Air Force contract to develop a geospatial intelligence system.

When identity data eclipses digital identity (CSO Online) Digital identity needs to be redefined as verified identity data. Identity data, using the right tools, can be used to carry out online jobs on behalf of the real me. But the right technology, aka personal data stores, need to be in place. Technology that brings consent, privacy, security, and accessibility in place.

Trends in Threat Hunting and Security Analytics (Bricata) Threat hunting has splashed on the scene out of necessity. There are no guarantees in cybersecurity and best practice has evolved from a focus on prevention to an exercise in risk management.

Avoiding the most common DevOps security vulnerabilities in the cloud (TheServerSide) Easily configured public cloud resources can be just as easily misconfigured, which is why organizations are prioritizing DevOps security and DevSecOps.

In Higher Education, Security at Work Starts at Home (EdTech) No matter where they are, users should practice smart security habits to help keep networks safe.

Design and Innovation

Fake news: Mozilla joins the fight to stop it polluting the web (Naked Security) How much responsibility do we bear for our own media literacy, and how much effort should firms like Mozilla, Google, Snopes, Facebook and others put into tackling fake news?

Op Ed: A Cryptographic Design Perspective of Blockchains: From Bitcoin to Ouroboros (NASDAQ.com) How does one design a blockchain protocol?

Pentagon Struggling to Take Advantage of Artificial Intelligence (National Defense) The Pentagon sees artificial intelligence and related technologies as key enablers of future military operations. But the Defense Department faces challenges as it seeks to acquire them.

Research and Development

Genome cryptography is the new way to secure your DNA data (New Atlas) DNA security is a looming problem that scientists and researchers are only just starting to grapple with. A team at Stanford has now developed a way to "cloak" irrelevant genomic information, allowing scientists to access key data without revealing an individual's broader genome sequence.

Cryptographers and Geneticists Unite to Analyze Genomes They Can't See (Scientific American) Computer-security methods could help scientists identify disease-causing genes—while preserving patient privacy

Academia

Academic work gives national security an intelligent edge (The Australian) The government recently announced what Malcolm Turnbull described as the most “significant reform of Australia’s national intelligence and domestic security arrangements” in more than 40 years.

UGA receives recognition for cyber defense research (The Red and Black) According to a press release issued on Aug. 15, the University of Georgia is now one of 71 institutions in the United States to be named a National Center of

UA awarded Cyberdefense Research designation (KVOA) UA awarded Cyberdefense Research designation

U.S. Space & Rocket Center gets $10M grant for cyber camp (WAFF) Alabama Gov. Kay Ivey announced a $10 million economic development grant to expand the campus at the U.S. Space & Rocket Center and establish a U.S. Cyber Camp.

Northrop Grumman Awards Engineering Scholarships to Students from Western New York (Northrop Grumman Newsroom) Northrop Grumman Corporation (NYSE: NOC) recently announced the winners of its ninth annual Engineering Scholars program in the Western New York community. The program will provide college scholarships this fall to two...

Legislation, Policy, and Regulation

White House advisory group warns of '9/11-level cyber attack' (FCW) A private-sector cybersecurity advisory committee wants the U.S. to pivot to a higher state of readiness when it comes to preventing catastrophic cyberattacks.

Nation's largest grid operator suffers 4,000 attempted cyberattacks per month, former chief says (Washington Examiner) The former head of PJM Interconnection wants Energy Department personnel with security clearances to be trained to work alongside employees...

Trump takes hard line on Pakistan for supporting terrorist groups (FDD's Long War Journal) With words unprecedented for a US president, Trump called out Pakistan for harboring and supporting terrorist groups that target and kill US citizens and said there would be a radical change in policy toward the South Asian nation. Trump indicated the US would work to increase ties with India, Pakistan's neighbor and greatest enemy, a move sure to both enrage as well as frighten Pakistani elites.

U.S. may sanction Pakistani officials with ties to terrorists, Trump official says (POLITICO) “How do we get the Pakistan to behave better?" official asks.

Analysts say Trump's warning to Pakistan could backfire (Military Times) President Donald Trump’s warning to Pakistan to put an “immediate” end to harboring militants operating in Afghanistan didn’t spell out the consequences of defiance or suggest a new strategy to get it to yield to longstanding U.S. demands, analysts said Tuesday.

Taliban vows to continue its "Jihad" against US (FDD's Long War Journal) Taliban spokesman Zahibullah Mujahid denounced Trump's decision to remain engaged in Afghanistan and said that Taliban fighters will "sustain our Jihad." Additionally he repeated the canard that the Taliban does not pose a threat to foreign countries.

Revamp the broken security-clearance process [Commentary] (Defense News) The clearance system must be revamped, not just reformed.

House Bill 180 149th General Assembly (Present) (Legis Delaware) This Act amends Chapter 12B of Title 6 to update Delaware's law regarding computer security breaches by doing the following: 1. Creating a requirement that any person who conducts business in Delaware and maintains personal information must safeguard that information.

ID cards are being introduced by stealth, campaigners claim (Times) A data protection and privacy rights group has accused the Department of Social Protection and other state bodies of introducing a national ID card by stealth. Digital Rights Ireland says the...

Litigation, Investigation, and Law Enforcement

ISIS in Indonesia trying to recruit Malaysians (The Straits Times) The recruitment of new militants in Malaysia has slowed down following the death of ISIS top recruiter Muhammad Wanndy Mohamed Jedi, who was killed in Syria four months ago, Malaysia's top counter-terrorism official said.

()

Spain terror cell was planning Sagrada Família attack, suspect tells court (the Guardian) Two men remanded in custody, one kept for questioning and one freed after Madrid court is told of plan for larger-scale attacks

Germany's rapid deportations of Salafist suspects ruled lawful (Deutsche Welle) The deportations of an Algerian and a Nigerian, both born in Germany and classed as dangerous, have been backed by Germany’s top administrative court. The evictions stem from a little-used clause in German residency law.

Don’t waste police time on the online bigots (Times) Not long after starting work as a speechwriter in Downing Street I succumbed to the urge to self-Google. Up came a neo-Nazi forum where I was named as one of “David Cameron’s Jews”, indeed a Jew...

US appeals court curbs police power to seize cellphones (Naked Security) A ruling from an appeals court judge has raised questions about privacy, device security, and how law enforcement conducts investigations

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

DSEI 2017 (London, England, UK, Sep 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply chain on an unrivalled scale.

Upcoming Events

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, Aug 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, Aug 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, Aug 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, Aug 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

SANS Network Security 2017 (Las Vegas, Nevada, USA, Sep 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, Sep 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, Sep 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, Sep 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, Sep 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, Sep 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, Sep 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, Sep 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, Sep 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

10th Cyber Defence Summit (Dubai, UAE, Sep 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, Sep 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, Sep 25 2017 - Sep 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, Sep 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, Sep 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, Sep 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

O'Reilly Velocity Conference (New York, New York, USA, Oct 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, Oct 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, Oct 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, Oct 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.