The CyberWire Daily Briefing 9.5.17

Summary

By The CyberWire Staff

German authorities have long been concerned about the security of the Federal elections, scheduled for September 24th, and have sought to increase cyber readiness appropriately. Election-related cyber operations appear to have begun, as a CDU/CSU party colleague of Chancellor Merkel says her website has sustained attacks (type unspecified) mounted from a large number of Russian IP addresses.

Citing irregularities in electronic balloting, late last week Kenya's supreme court nullified the results of that country's presidential election. Voting will be reprised within the next two months.

Bitdefender researchers have connected the Pacifier APT to the Turla Group (in turn connected to Russian intelligence services).

Palo Alto Networks' Unit 42 reports that a wave of KHRAT Trojan infections across Cambodia appears politically motivated, evidently designed to surveil or disrupt domestic political activity. No attribution, but the attacks coincide with the Prime Minister's suspension of the country's leading opposition daily.

Sometimes rival, sometimes cooperating jihadist groups continue online recruiting and inspiration efforts. US Cyber Command is said to be conducting cyber operations that mirror US kinetic action against ISIS. The intention is to deny the caliphate physical and virtual safe havens.

More misconfigured AWS S3 buckets expose information that ought to have remained private. UpGuard found resumes submitted to security firm TigerSwan exposed by recruiting vendor TalentPen. Kromtech researchers found user information belonging to Time Warner Cable customers exposed by Broadsoft, which developed Time Warner Cable's MyTWC app.

A largescale ransomware campaign has hit MongoDB databases.

Evolved Locky ransomware continues its recent rampage.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Australia, Cambodia, China, Germany, India, Ireland, Democratic Peoples Republic of Korea, Malaysia, Pakistan, Russia, United Kingdom, and United States.

A note to our readers: the CyberWire will be covering the annual INSA/AFCEA Intelligence Summit in Washington this week. Watch for coverage as the conference develops.

Are you good at identifying and eliminating hidden threats?

E8 Security has an exciting opportunity for a Senior Solutions Architect. We are a fast-growing technology startup led by experienced management team and visionary entrepreneurs. Our big data security analytics helps enterprises defend themselves against continual growth of sophisticated cyber criminals. We are building a breakthrough platform that can ingest, model and analyze massive flow of machine generated security data using cutting edge machine learning algorithms and massively scalable big data platforms. Learn more.

On the Podcast

In today's podcast, we hear from Johannes Ullrich, from the ISC Stormcast and our partners at the SANS Technology Institute. He shares his insights into DDoS extortion emails.

Sponsored Events

Cyber Security Summit: New York and Boston (New York, New York, USA, September 15, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, Arbor Networks, CenturyLink and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

EAGB Breakfast Series: Leading the Cyber Transformation (Baltimore, Maryland, USA, September 19, 2017) Join us to discuss how the Baltimore-Washington region’s ‘tech hub’ reputation has helped build a solid foundation in cyber activities. Our panelists will discuss the transformation that is underway on the commercial side of cyber.

Maryland Cyber Day Marketplace: Information. Connections. Solutions. (Baltimore, Maryland, USA, October 10, 2017) Register today to participate. Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for CYBERSECURITY BUYERS (commercial businesses, government agencies, academic institutions and non-profit organizations of any size in any industry) to connect with, get to know and purchase cybersecurity solutions from Maryland's CYBERSECURITY PROVIDERS. The day will be a combination of face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking and a wrap-up luncheon with a keynote speaker. Presented with our program partner the Better Business Bureau of Greater Maryland.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Merkel ally cites thousands of cyber attacks from Russian IP addresses (Reuters) A top leader of German Chancellor Angela Merkel's conservative party said her website had been hit by thousands of cyber attacks -- many from Russian IP addresses -- before Sunday's televised election debate.

Bitdefender links Pacifier APT to Turla Group (Enterprise Times) Bitdefender's latest analysis of Pacifier APT links it to the Turla Group of cybercriminals who have connections to Russia

KHRAT Trojan sweeps across Cambodia (ZDNet) The RAT has ramped up its technology and techniques to compromise victim PCs, but campaigns appear to have a political purpose.

Isis agent using message app told BBC reporter to attack London (Times) Islamic State recruiters used encrypted message services to encourage terrorist attacks on London Bridge and at Westminster, it has been revealed. Agents for the group gave instructions to...

Taliban mimic American commandos in latest propaganda video (Military Times) A recent Taliban propaganda video uploaded to the group’s official media site appears to show Taliban fighters mimicking the style and tactics of American commandos.

Al Qaeda-linked jihadist in Kashmir criticizes Pakistani Army (FDD's Long War Journal) On Aug. 31, Ansar Ghazwat-ul-Hind's leader, Zakir Musa, released an audio message in which he criticized the Pakistani government for supposedly betraying the jihad in Kashmir.

U.S. Takes Fight to ISIS on Cyber Battlefield (The Cipher Brief) No terrorist group has capitalized on networked technology more than ISIS, both for recruitment messaging and commanding their fighters on the ground.

Massive attack: Vulnerable MongoDB databases targeted in new wave of ransom attacks (Computing) Security shortcomings return to haunt MongoDB as it prepares for $1.6bn IPO

Princess ransomware targets hacked websites via RIG exploit kit (TechRepublic) A new cybercrime campaign uses the RIG exploit kit to infect computers with PrincessLocker ransomware, and demands at least $367 from victims.

Massive Locky ransomware campaign sends 23M messages in 24 hours (TechRepublic) Locky ransomware is making a comeback, with one of the largest attacks this year. Here's how to protect your business.

Free Cobian RAT Offered on Underground Hacking Forums Comes With a Backdoor (BleepingComputer) A remote access trojan (RAT) offered as a free download on underground hacking forums comes with a secret backdoor that grants the original author access to all the victim data.

DDoS Booter Service Suffers Security Breach (BleepingComputer) A dissatisfied customer has breached the server of TrueStresser, a DDoS-for-hire service, pilfered its database, and leaked some of the content online.

Petya-like infection attempts still active in Australia: Symantec (ZDNet) Both Petya and WannaCry highlighted that Australia is not immune to cyber threats, and the best mode of defence is educating staff and reporting malicious activity, Symantec's APJ CEO has said.

Poor security hygiene results in worm-like attacks; report (ITP) Cybercriminals are exploiting known vulnerabilities resulting in maximum impact

Banking Trojan Now Targets Coinbase Users, Not Just Banking Portals (BleepingComputer) The TrickBot banking trojan has added support for stealing funds stored in Coinbase.com accounts, according to a recent version spotted in a distribution campaign last week.

Twitter struggles to deal with the sock-puppet and bot armies (Naked Security) The latest twist sees the bot armies busily retweeting legitimate accounts in an attempt to get them banned for abuse – and it’s working. So why can’t Twitter do better?

Data Breach Exposes Thousands of Job Seekers Citing Top Secret Government Work [Updated] (Gizmodo) Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year.

Statement on Information Breach of TalentPen, LLC’s Cloud File Hosted by Amazon Web Services (TigerSwan) On Thursday, August 31st, a press inquiry alerted TigerSwan that resume files, accessed by a cyber resilience company (Upguard Inc.) on a site hosted by Amazon Web Services and controlled by a former recruiting vendor, TalentPen, LLC, were publicly accessible.

Insecure: How A Private Military Contractor's Hiring Files Leaked (UpGuard) Thousands of resumes belonging to individuals applying to security firm TigerSwan were found publicly exposed in an AWS S3 bucket.

Instagram warns millions of users may have been affected by hack (The Independent) A group of hackers targeting A-list celebrities' Instagram accounts may have accessed millions of users' private data, the social media site has warned. Singer Selena Gomez appeared to be one of the stars whose accounts were compromised during a cyber attack on the picture-sharing app last week.

Instagram hack victims identified, details now for sale on darkweb (SC Magazine) The 500 A-list celebrities whose Instagram accounts have been hacked, and whose contact details are for sale on the dark web, have now been identified.

Data breach hits four million Time Warner app users (BBC News) Account and other details were exposed when the data was accidentally left unprotected online.

BroadSoft at Heart of TWC Customer Data Blunder (Light Reading) Details related to more than 4 million Time Warner Cable customer contracts were exposed online and the culprit appears to be unified comms app partner BroadSoft.

University secrets are stolen by cybergangs (Times) Criminals are launching hundreds of successful cyberattacks on British universities each year, targeting scientific, engineering and medical advances including research into missiles. Cybersecurity...

Pirate Bay and other torrent sites hit by cyber attack and temporarily taken offline, Isohunt disappears altogether (Thai Tech) Some of the world’s leading torrent sites have suffered major outages this week, while others, such as Isohunt, have mysteriously disappeared.

Hillary Clinton endorsed a startup — and then it fell victim to a cyber attack (Recode) Introducing Verrit, a new effort to organize Clinton supporters and arm them in social media fights

Copeland Borough Council falls victim to cyber attack (Mail) Copeland Borough Council fell victim to the attack, with significant internal disruption caused.

Radio Hacker Interrupts Police Chase in Australia (BleepingComputer) A pirate broadcaster posing as a police officer interfered in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers.

GPS Jammer - Exploitations used by several attackers with various motives (Spirent) Today, car thieves around the world are using GPS jammers to aid their getaways, and experts say it's only a matter of time until more ominous parties catch on.

Security Patches, Mitigations, and Software Updates

WINDOWS 10 ALERT - PC users urged to upgrade NOW or face security crisis (Express.co.uk) WINDOWS 10 doubters who are fans of Microsoft’s flagship OS series but are yet to upgrade have been warned to do so now - or they risk facing a security crisis.

Cyber Trends

Malware vulnerability high in Kingdom, report notes (Phnom Penh Post) Cambodia is among the most vulnerable countries in Asia when it comes to viruses, spam, spyware and other cyberthreats, according to a recent report from Microsoft.

Warning: Digital Malaysia growth is attracting more cyberattacks (MIS Asia) CyberSecurity Malaysia and Trend Micro reveal new data, which also suggests the type of organisations that are now most vulnerable.

How ‘Doxxing’ Became a Mainstream Tool in the Culture Wars (New York Times) Identifying extremist activists and revealing their personal information has become a bit of a sport on the internet. Some worry about mistakes and the permanent stigma of online shaming.

Marketplace

The world's top 10 largest cybersecurity | security consulting firms (Consultancy) The Big Four – Deloitte, EY, PwC and KPMG – are the globe’s largest security consulting firms, according to new data.

Beware the ever-growing reach of Google (Times) A small kerfuffle in Washington this week said a lot about power in the modern world. Barry Lynn, head of the open markets initiative at the New America Foundation, a Washington think tank partly...

A Serf on Google's Farm (Talking Points Memo) An unintended effect of Google’s heavy-handed attempt to silence Barry Lynn and his Open Markets program at New America has...

Opinion | The Russian Company That Is a Danger to Our Security (New York Times) Kaspersky Lab, the cybersecurity company, is close to Putin’s government. So why is the U.S. government using its software?

Why the US Government Shouldn't Ban Kaspersky Security Software (WIRED) Opinion: The US government's decision to ban promising security technology could impair free trade.

Companies should treat cybersecurity as a matter of ethics (San Francisco Chronicle) A couple of years ago, a reader took issue with a column on cybersecurity.

Hewlett Packard Enterprise to complete software spin-off (Reuters) Hewlett Packard Enterprise Co (HPE.N) completed the spin-off of much of its software business early on Friday, closing the door on the disastrous 2011 acquisition of British firm Autonomy and narrowing the company's focus to data center hardware and software.

4 Important Things about Hewlett Packard Enterprise's Multibillion Dollar Spinoff (Fortune) The company has shed its software business.

4 Risks Cisco Systems Bulls Need to Know (The Motley Fool) Generic competition, market share losses, a slowing security business, and an unclear future for its offshore cash could all spell trouble for Cisco.

You'll Be Surprised at the Size of Cisco's War Chest (The Motley Fool) The networking giant can throw a lot of cash at its problems -- but only if U.S. taxes are lowered.

Palo Alto Networks' Shares Soar 7% on Strong Customer Growth (Fortune) A good quarter for the cybersecurity firm.

How a "no a-hole" hiring policy helps Duo Security keep customers happy (Built In Austin) Duo Security has a 98 percent approval rating among customers. A big part of that comes down to culture.

Leidos wins Army intel contract (C4ISRNET) Under the contract, Leidos will provide control, communications, computers and information management services.

Lockheed Martin promotes local leader Stephanie Hill (Baltimore Sun) Defense contractor Lockheed Martin promoted Baltimore native Stephanie Hill to senior vice president for corporate strategy and development.

Products, Services, and Solutions

Rohde & Schwarz Cybersecurity’s Deep Packet Inspection Software Now Detects Bitcoin Transactions in Network Traffic (Rohde & Schwarz) The new Bitcoin protocol classification functionality enhances network analytics and security solutions to identify Bitcoin network activity. This enables enterprises to identify, control and block bitcoin transactions within a network.

PrivatizeMe Makes Effortless Privacy Protection Possible (PRNewswire) PrivatizeMe (www.privatizeme.com), has released the PrivatizeMe...

SafeNet Assured Technologies Launches New Tactical Cryptographic Key Management Platform (PRWeb) KeySecure G160 for High Assurance supports the protection of sensitive data-at-rest across traditional or virtualized data centers in mobile and disconnected tactical environments

On the Radar: Cylance Adds an Endpoint Detection and Response Capability - Research and Markets (BusinessWire) The "On the Radar: Cylance Adds an Endpoint Detection and Response Capability" company profile has been added to Research and Markets' offer

Upstream and Bitdefender Launch Security Kit for Emerging Markets (BusinessWire) Upstream, the leading mobile commerce platform in high-growth markets, today announces the launch of Security Kit, in partnership with Bitdefender.

County to improve cyber security software (Emporia Gazette) Lyon County commissioners decided a change was needed in their anti-virus software Thursday during their action session in the Lyon County Courthouse.

VMware Builds Out Its Security Story Through Cloud Services (eWEEK) VMware's cloud security product, AppDefense, is built around the concept of "least privilege"—the idea that nothing in a network is fully trusted.

Technologies, Techniques, and Standards

Find Opportunities to Introduce Network Segmentation (Palo Alto Networks Blog) Lawrence Chin examines the benefits of network segmentation for financial institutions.

Cylance CPO Rahul Kashyap Explains How AI, Algorithms Are Improving Cybersecurity (International Business Times) Cylance Chief Product Officer Rahul Kashyap talks to International Business Times about the role of AI in cybersecurity.

Open source or proprietary: how should we secure voting systems? (Naked Security) While Russian hackers were ‘probably unsuccessful’ at hacking the votes in last year’s presidential election, it doesn’t mean they won’t try again – which makes …

Hurricane Harvey: Kroll Ontrack Provides Tips to Prepare for and Deal with Data Loss (Kroll Ontrack) Kroll Ontrack gives data recovery tips to flood victims during hurricane season

Design and Innovation

Security-focused phone launches crowdfunding drive (Naked Security) Would you pay $599 for a phone with an open-source OS that puts you in control of its security?

Microsoft Joins Top Universities, Finance and Technology Leaders to Advance Blockchain-Based Solutions and Infrastructure (Newswise) Microsoft & IC3 are joining the Initiative for Cryptocurrencies and Contracts (IC3), which includes faculty members at Cornell University, Cornell Tech, UC Berkeley, University of Illinois at Urbana–Champaign, and the Technion, along with leading finance and technology companies.

Alibaba, EY, IBM And Microsoft Use The Blockchain To Create A Transparent Supply Chain (Forbes) Global companies are looking to deploy blockchain technologies in their supply chains to give them greater transparency. Crucially, blockchain solutions have the potential to solve visibility issues that have dogged the supply chain for decades.

Tempted to join the games in the crytpcurrency playground? (Naked Security) It’s swings and roundabouts when it comes to cryptocurrencies: they have much to offer for those seeking privacy, but there are risks to bear in mind, too

How Blockchain Technology is Taking Gambling Industry to New Level (Cointelegraph) Why using cryptocurrency has become a widely popular solution for gambling industry

Burger King launches WhopperCoin crypto-cash in Russia (BBC News) The virtual cash will be given out when people buy food in Burger King restaurants.

Платформа Waves поможет “Бургер Кинг Россия” запустить программу лояльности на блокчейне (Burgerking.ru) В рамках программы лояльности “Бургер Кинг Россия” выпустила 1 млрд Whoppercoin. Посетители ресторанов сети в России будут иметь возможность получить “вопперкоины” исходя из суммы чека: 1 рубль = 1 Whoppercoin. За 1700 “вопперкоинов” посетитель сможет получить один воппер.

Research and Development

Data61 and ANU establish research institute to tackle AI (ZDNet) The 3A Institute will bring together researchers from around the world to address the various challenges around the application of artificial intelligence.

Stanford University Researchers Create Cryptographic Technique to Protect Patient Privacy During Genome Analysis (The University Network) Researchers at Stanford University in Palo Alto, California have recently engineered a breakthrough in their work with genome analysis.

Air Force 3-star: “algorithmic warfare” needed for future ISR, combat ops (Defense Systems) Artificial intelligence and human-machine warfare will increasingly be vital for Air Force ISR operations as a way to keep pace with the speed and scale of information technology.

Academia

Software company to simulate cyberattacks for college and university IT competition (EdScoop) Symantec is debuting a higher ed cybersecurity competition to train IT staff using real-life scenarios.

MS in Cybersecurity Offered at Irvine Location (Webster University) Classes for Webster University’s acclaimed Master’s in Cybersecurity program will be offered in Irvine later this fall, it was announced this week. It will be the first classroom-based Master’s in Cybersecurity program offered in Orange County.

New grant will educate high school students on cyber security (PNW Pioneer) PNW received a $482,926 grant for a three-year project to develop course curriculum modules that will educate high school students about cyber security.

BH Consulting launches scholarship programme to address infosec skills gap (Help Net Security) BH Consulting, an information security specialist company, has launched a Masters Scholarship programme to encourage talented people to enter the cybersecu

Legislation, Policy and Regulation

Modi calls for coordinated action on counter terrorism, cyber security (The Hindu Business Line) Suggest 10 noble commitments to be taken up by BRICS leadership for global transformation

‘Dictator’ Hun Sen forces Cambodia Daily paper to close (Times) The Cambodia Daily, a scourge of Hun Sen, the country’s authoritarian prime minister, closed yesterday in a crackdown that has prompted claims that the country is sliding into a dictatorship. The...

Germany Strengthens Its Cyber Defense (Foreign Affairs) Recent cyberattacks against Germany match the pattern of earlier attacks elsewhere in the West. In response, Germany has taken a number of steps in response, including opening a cyber command in Bonn.

Lawyer suggests tying access to encryption to verified ID (Naked Security) The lawyer leading a government review into terrorism law has suggested that we be forced to prove who we are before we’re allowed access to encrypted accounts – but it’s an idea …

Chinese Agency Linked to Cyber-Espionage Operations Will Review Source Code of Foreign Firms (BleepingComputer) According to a new law voted in 2016 and which came into effect starting June 1, 2017, foreign companies activating in China could be forced to provide access to their source code to a state agency that has been recently linked to China's nation-state cyber-espionage campaigns.

Australia reviews defence export controls, perhaps easing cryptography research (Register) Hacker, white hat or crypto boffin? This is important

Taking Stock of Trump's Cybersecurity Executive Order So Far (WIRED) After several missed deadlines, Trump's cybersecurity executive order has gotten off to a slow start.

Getting to Ground Truth on the Elevation of U.S. Cyber Command (War on the Rocks) One of my biggest frustrations during my time in the Office of the Secretary of Defense’s cyber policy office was the way elevating U.S. Cyber Command beca

Kate Charlet: Implications of changes to CYBERCOM status (FederalNewsRadio.com) Putting CYBERCOM on an even playing field with the rest of the Defense Department's combatant commands has serious implications.

How much does federal government spend on cybersecurity? (Fifth Domain) New database of agency cyber spending shows a 270 percent increase over nine years.

Litigation, Investigation, and Enforcement

In Unprecedented Reversal, Kenya’s Top Court Throws Out Election Result (Foreign Policy) International observers were quick to endorse the results of last month's presidential election. Now they're facing uncomfortable questions.

Russia probes kick into high gear (POLITICO) Three congressional committees are pursuing investigations, and high-ranking Trump associates are expected to testify soon.

Opinion | The Nation issues editor’s note on story questioning whether the DNC was hacked (Washington Post) Review followed internal concerns about the magazine's coverage of Russia and its role in the election of President Trump

Proof that investigating Trump is starting to backfire for Democrats (New York Post) There’s a lot going on in the Hillary Clinton/Donald Trump/Russia investigation that all the highfalutin’ newspapers that cover politics are still trying to ignore. Well, investors had better…

Trump’s Cabinet members have blown a deadline for key cybersecurity reports by two months (Newsweek) The reports are meant to respond to Russian hacking that interfered in the 2016 U.S. election.

Byron York: FBI fights public release of Trump dossier info (Washington Examiner) Just what did the FBI do? Why? And did the FBI ever use the 'salacious and unverified' information in the dossier as a basis for applying fo...

Judge Orders FBI To Make Details Of Clinton Email Probe Public (The Daily Caller) A federal judge ordered the FBI Thursday to publicly release previously unseen documents related to the investigation into former Secretary of State Hillary Clinton's use of a private email server.

In Election Interference, It’s What Reporters Didn’t Find That Matters (New York Times) When Nicole Perlroth, Michael Wines and Matthew Rosenberg set out to understand Russian hacking in the last election, the absence of good data was conspicuous.

US Justice Department: No evidence Obama wiretapped Trump Tower (i24NEWS) The Justice Department said there are 'no records related to wiretaps as described by the March 4 tweets.'

Ex-cop who won’t decrypt hard drives still in jail indefinitely (Naked Security) It’s not about the Fifth; it’s about a search warrant in a child abuse case, and there’s no maximum prison sentence for those in contempt

Yahoo hack victims can sue new owner Verizon, court rules (Inquirer) Ruling couldn't happen to a nicer cable company

Imperva Cuts $19M Deal To End Investors' Stock-Drop Row (Law360) Shareholders of data security company Imperva Inc. asked a California federal judge on Thursday to preliminarily approve a $19 million settlement that would resolve putative class claims that the company misled investors and cost them nearly half the value of their investment while letting executives sell off their shares for millions.

Police Seize Domain of Online Store That Stole User's Card Data (BleepingComputer) Canadian police have seized the domain of Fazny.ca, an online electronics store that stole users' payment card data and used it to make fraudulent purchases.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

cybergamut Tech Tuesday: The Scary Truth About Online Anonymity (Elkridge, Maryland, USA, September 5, 2017) In this presentation, Zuly Gonzalez of Light Point Security explores the various tools used for anonymous web browsing, the type of information that can be leaked during your online research to reveal your identity (even when using these tools), and give you guidance on eliminating these vulnerabilities.

Intelligence & National Security Summit (Washington, DC, September 6 - 7, 2017) The fourth annual Intelligence & National Security Summit will be held this week in Washington, D.C. Hosted by the two leading professional associations – AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) – this is the premier gathering of senior decision makers from government, military, industry and academia. In its first three years the summit drew more than 3,000 attendees, exhibitors and journalists.

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

DSEI 2017 (London, England, UK, September 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply chain on an unrivalled scale.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their organizations would be successful this year. Top causes for this exposure relates to a lack of skilled people, budget, and awareness. New techniques for mobility, using personal devices, and applications represent a more than 60% risk. Only 11% of organizations rate their defenses very effective (Schulze, 2017).

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, September 25 2017 - September 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Election hacking begins in Germany. Kenya's supreme court tosses election results. Pacifier APT looks like Turla. KHRAT in Cambodia seems politically motivated. Online jihad updates. More AWS S3 misconfigurations. MongoDB ransomware. Evolved Locky in the wild.