The CyberWire Daily Briefing 9.7.17

Summary

By The CyberWire Staff

The warnings about Dragonfly sounded this week by Symantec continue to reverberate. It amounts, observers say, to a sabotage warning, since the threat actor is believed to have established access to operational networks controlling the power grid. The US, Switzerland, and Turkey are said to be particularly heavily infested. A nation-state is said to be behind Dragonfly; which nation-state hasn't yet been publicly identified.

Votiro, Fortinet, and FireEye re-emphasize findings that groups associated with Chinese intelligence services are working actively against countries with whom China is disputing territorial claims in the South China Sea: Indonesia, the Philippines, and Vietnam (especially Vietnam).

Facebook says that over the last two years between $100,000 and $150,000 in some 3000 Facebook ads were placed by the Internet Research Agency, a St. Petersburg outfit known to operate on behalf of the Russian organs. The topics the ads addressed were characterized as "divisive," concentrating on race, immigration, and equal rights. $150,000 is not much in terms of advertising dollars. If it was a Russian buy aimed at disruption, that's a spectacular return-on-investment. (Some, like Virginia Senator Warner, are calling this "the tip of the iceberg.") The ads were fairly well distributed across the political spectrum.

The US continues its minor stumbles over information operations. Anti-Taliban leaflets dropped in Afghanistan alienated their target audience by carelessly juxtaposing the Taliban flag (with a Koranic verse) and a dog (a ritually unclean animal).

Google's September Android Security Bulletin addressed eighty-one bugs, thirteen of them critical remote code execution vulnerabilities.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Canada, China, European Union, France, Indonesia, Japan, Philippines, Russia, Switzerland, Turkey, Ukraine, United Kingdom, United States and Vietnam

A note to our readers: You may have experienced delays in receiving the CyberWire Daily News Briefing. Our email provider is experiencing difficulty delivering to Office 365 accounts. They're working on the problem, but have no ETA for a fix. We regret the delays. You can, however, always find the Daily on our site.

Are you good at identifying and eliminating hidden threats?

E8 Security has an exciting opportunity for a Senior Solutions Architect. We are a fast-growing technology startup led by experienced management team and visionary entrepreneurs. Our big data security analytics helps enterprises defend themselves against continual growth of sophisticated cyber criminals. We are building a breakthrough platform that can ingest, model and analyze massive flow of machine generated security data using cutting edge machine learning algorithms and massively scalable big data platforms. Learn more.

On the Podcast

In today's podcast we talk with our partners at the University of Maryland, as Jonathan Katz discusses encryption bit depth. Our guest, Kyle Wilhoit from Domain Tools, presents the results of a Black Hat security survey.

Sponsored Events

Cyber Security Summit: New York and Boston (New York, New York, USA, September 15, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, Arbor Networks, CenturyLink and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

EAGB Breakfast Series: Leading the Cyber Transformation (Baltimore, Maryland, USA, September 19, 2017) Join us to discuss how the Baltimore-Washington region’s ‘tech hub’ reputation has helped build a solid foundation in cyber activities. Our panelists will discuss the transformation that is underway on the commercial side of cyber.

Maryland Cyber Day Marketplace: Information. Connections. Solutions. (Baltimore, Maryland, USA, October 10, 2017) Register today to participate. Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for CYBERSECURITY BUYERS (commercial businesses, government agencies, academic institutions and non-profit organizations of any size in any industry) to connect with, get to know and purchase cybersecurity solutions from Maryland's CYBERSECURITY PROVIDERS. The day will be a combination of face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking and a wrap-up luncheon with a keynote speaker. Presented with our program partner the Better Business Bureau of Greater Maryland.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Selected Reading

Dateline

Real-World Punch More Effective Than Cyber Punch (SIGNAL Magazine) A cyber strike may not be the most effective deterrent against adversaries, White House adviser Tom Bossert said at INSS.

Trump Administration Looking to 'Real World' Measures Against Cyber Enemies (VOA) Trump homeland security adviser notes 'little reason to believe' an offensive cyberattack is going to deter adversaries

Homeland security adviser: Focus on mission function (C4ISRNET) Speaking Wednesday at the INSA Intelligence and National Security Summit in Washington, Tom Bossert suggested an approach to intel that takes into consideration changes in the way threats proliferate and information is shared.

Trump Homeland Security Advisor: Do We Really Need a Russia Desk? (Foreign Policy) Tom Bossert wants spies to team up to focus on cybersecurity and other functional topics.

NBIB confirms 700,000 security clearance backlog (FCW) The National Background Investigations Bureau is trying to whittle down its massive security clearance backlog, while streamlining and updating its background investigation process.

Individual Growth Key to Military Might (SIGNAL Magazine) The military services offer warfighters extensive professional development; unfortunately, many fail to explore all options.

Cyber Attacks, Threats, and Vulnerabilities

Sabotage Warning Issued on Hackers Hiding Deep Inside Energy Sector (BleepingComputer) US cyber-security firm Symantec has issued a warning today against a group of nation-state hackers that have managed to infiltrate several US and European energy firms, and are now in the dangerous position of sabotaging critical infrastructure if they wished to.

Critical Infrastructure Compromised: New Cyber Attacks Hit Energy Companies in U.S., Turkey, Switzerland (eSecurity Planet) The Dragonfly group now appears to be focused on compromising operational networks.

Someone has been hacking into US power stations (The Verge) An unknown nation state targeted more than 20 utilities since 2015

Hackers infiltrate systems of energy companies (Financial Times) Dragonfly has ability to sabotage computer networks in US and Turkey, warns Symantec.

Dragonfly hackers gained operational access to European, US power companies (Help Net Security) The Dragonfly hacking group is back and is still interested in penetrating the networks of European and US companies in the energy sector.

Security firms pour on evidence of Chinese hacking against Vietnam (Cyberscoop) A hacking group with suspected ties to the Chinese government is engaged in an ongoing and expansive cyber-espionage operation against Vietnamese organizations, according to three different cybersecurity firms.

Facebook uncovers 'Russian-funded' misinformation campaign (BBC News) It said the adverts spread divisive messages about race, immigration and equal rights.

Thousands of Political Ads on Facebook Tied to Bogus Russian Accounts (WIRED) Social network says it found $150,000 in political ads from 'inauthentic accounts' and Pages from Russia between 2015 and May 2017

US officials in Afghanistan apologize for 'highly offensive' leaflets (Military Times) U.S. officials in Afghanistan have issued an apology after dropping leaflets that are deemed to be offensive to Muslims.

Multiple Vulnerabilities Found in NVIDIA, Qualcomm and Huawei’s Bootloaders (Threatpost) Researchers find six previously-unknown memory corruption and unlock-bypass vulnerabilities in major chipset vendors' firmware code.

Apache Struts “serialisation” vulnerability – what you need to know (Naked Security) A bug in Apache Struts, a popular software toolkit for building web services, could let crooks take control of your server.

Fake Chrome & Firefox Font Update Drops RAT and Locky Ransomware (HackRead) Google Chrome with 2 billion active users is the most used web browser in the world. At the same time, Firefox has over 1 billion active users making these

CodeFork Group Uses Fileless Malware to Deploy Monero Miners (BleepingComputer) A group of experienced hackers — tracked under the name of CodeFork — have launched a new malware distribution campaign that uses advanced tools and new techniques to go undetected by security solutions.

IDN Homograph Attack Spreading Betabot Backdoor (Threatpost) An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor

DolphinAttack: Voice Assistant Apps Siri and Alexa Can Be Hacked (HackRead) Mainstream Voice Assistants Including Siri and Alexa Plagued with Serious Vulnerability. Voice assistant apps are not as reliable as we deemed them to be.

How hackers could send secret commands to speech recognition systems with ultrasound (The State of Security) Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems using ultrasound.

Phishing Alert: Police Warn UK Students of Loans Company Scam (Infosecurity Magazine) Phishing Alert: Police Warn UK Students of Loans Company Scam. Identity theft campaign designed to coincide with start of academic year

Why some gift cards are still a gift to hackers (Naked Security) Even when warned about how easy their cards were to beat, some vendors failed to take any steps to prevent it

DDoS explained: How denial of service attacks are evolving (CSO Online) A distributed denial of service (DDoS) attack is when attackers attempt to make it impossible for a service to be delivered, typically by drowning a system with requests for data. They have been part of the criminal toolbox for twenty years, and are only growing more prevalent and stronger.

The hidden history of cyber-crime forums (BBC News) Why modern cyber-crime forums were inspired by a site started by Ukrainian credit card thieves.

Security Patches, Mitigations, and Software Updates

13 Critical Remote Code Execution Bugs Fixed in September Android Update (Threatpost) Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September edition of its Android Security Bulletin on Tuesday.

Tor Project Brings Security Slider Feature to Android App Orfox (Threatpost) Tor Project developers recently bolstered Orfox, a Tor Browser for Android devices, to help privacy-conscious mobile browsers better customize their security.

Cyber Trends

Sensitive Data at Risk: The SANS 2017 Data Protection Survey (SANS Institute) Ransomware, insider threat and denial of service are considered the top threats to sensitive data by respondents to the 2017 SANS Data Protection Survey. While the majority of respondents indicate they escaped actual compromise of sensitive data, enough respondents did lose sensitive data to provide valuable lessons from these events.

Are you protecting payment card data well enough? (Verizon 2017 Payment Security Report) Your payment security might be compliant for the assessment, but how long will it stay that way?

Emerging threats fuel public threat intelligence sharing (Help Net Security) This changing threat landscape has fueled a significant increase in the public sharing of threat intelligence over the past two years.

Ransomware & Threat Intel in Las Vegas (AlienVault) It was somewhere near Mandalay Bay that the keynote began. Alex Stamos, Chief Security Officer at Facebook, walked onto the stage for the opening of the 20th annual Black Hat security conference in Las Vegas.

Latest Phishing Trends Report Reveals 90% of IT Executives Worry Most About Email-Related Threats (PhishMe) Findings show that despite having layers of security technologies in place, phishing remains top concern for IT executives.

Survey: 81% of Infosec Pros Say Required Job Skills Have Changed amid Skills Gap (Tripwire: the State of Security) The digital security skills gap poses a challenge to organizations and their defense strategies in every economic sector.

Former FBI Cyber Agent Jason Truppi Talks Government, Private Sector Security (International Business Times) Jason Truppi, a former FBI agent turned tech entrepreneur, talks about the impact the government and private sector have on one another when it comes to security.

Marketplace

New America Chair Says Google Didn't Prompt Critic's Ouster (WIRED) In letter to staff, co-chair Jonathan Soros says attack on foundation was 'result of a targeted communications campaign'

Hopkins tech startup acquired by Annapolis Junction cyber firm (Baltimore Business Journal) Sunayu, a cyber firm based in Annapolis Junction, has acquired Johns Hopkins startup Fractal Technology and is bringing on founders J.R. Charles and Alex Sharata.

ForgeRock Raises $88 Million Ahead of Planned IPO (Fortune) ForgeRock, a San Francisco-based cybersecurity firm that manages people's digital identities, has raised $88 million in funding. The company plans to use the capital to scale its operation ahead of an initial public offering slated for early 2019, CEO Mike Ellis tells Fortune.

Hillhouse Capital Leads $18M Series B Round In Security Threat Intelligence Platform ThreatBook (China Money Network) Hong Kong-based Hillhouse Capital Group, a US$30 billion-under-management Chinese investment firm, has led a RMB120 million (US$18.4 million) series B round of financing in ThreatBook, a security data company that provides security threat intelligence solutions to enterprises in China.

VMware wants security industry to shrink so its ambitions fit into market (Register) Virtzilla's swagger is back as it plans to do to the security industry what it once did to storage industry

IBM Partnership With VMware to Be a Game Changer for Cloud Security (Security Intelligence) At last week’s 2017 VMworld event, IBM Security General Manager Marc van Zadelhoff joined VMware CEO Pat Gelsinger on the main stage to announce a partnership aimed at bridging the gap between IT operations and security teams to respond faster and more effectively to security breaches.

Two Cybersecurity Stocks Most at Risk (null) Palo Alto Networks and Fortinet could suffer as spending is distributed away from the corporate network.

Time to Get Greedy With Check Point Software Technologies Ltd. Stock (The Motley Fool) The Israeli cybersecurity pioneer remains a “best in breed” play on the volatile cybersecurity market.

Navy Taps BAE’s US Arm for $76M Comms, Electronics Devt Support Contract; Mark Keeler Comments (GovCon Wire) BAE Systems’ U.S. subsidiary has received a potential 22-month, $76 million contract from to help th

CACI wins Air Force cyber software contract (C4ISRNET) CACI will provide software development support to the 90th Cyberspace Operations Squadron, part of the 24th Air Force, which is the Air Force component of U.S. Cyber Command.

PKWARE Partners with Kite Distribution to Escalate UK Growth (Business Insider) PKWARE, a global leader in data security, today announces a partnership with Kite Distribution, a leader in technology distribution and channel services. This value-added partnership will serve to extend the scale and reach of PKWARE's enterprise data encryption solutions throughout the UK.

Bricata Sales to Beantown: Expanding Cybersecurity Startup Opens Boston Office (Bricata) Bricata, Inc., a developer of next-generation network intrusion detection and prevention solutions (IDS/IDP), today announced the opening of a sales office in Woburn, Ma., just outside of Boston. The company, which recently announced an $8 million growth round, aims to hire about a dozen new staff by year’s end, and could potentially double headcount to 25, in that new office, over the next 12-18 months.

The DNC’s Technology Chief is Phishing His Staff. Good. (WIRED) Uber's former head of self-driving cars is now driving the DNC's tech team, hoping to help the shattered organization recover from one of the worst tech fails in history.

Skadden Hires Top National Security Lawyer (Bloomberg Law) Michael Leiter, a top national counterterrorism lawyer under George W. Bush and Barack Obama, has joined Skadden, Arps, Slate, Meagher & Flom, the firm announced on Tuesday. Leiter, 48, joins Skadden as a partner in its 13-person Washington, D.C. national security practice, although he will work closely with the firm’s attorneys in its global investigations...

Kenna Security Adds Security Industry Marketing Veteran (Benzinga) Tamir Hardof joins Kenna Security's leadership team

Thycotic Appoints New Chief Financial Officer (Business Insider) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today announced Nick Margarites as its new chief financial officer. As CFO, Margarites will be responsible for implementing financial and strategic objectives that enable Thycotic to capitalize on organizations' global demand for PAM solutions.

RedLock Appoints New Executives, Announces Tremendous Company Growth (BusinessWire) Cloud Threat Defense company, RedLock, today appoints new VP of Products and VP of Engineering executives and announces tremendous company growth.

Products, Services, and Solutions

CylancePROTECT Called “Most Advanced of All Tested Solutions” in iT-CUBE Endpoint Protection Solutions Test of Eight Traditional and Next-Generation Products (Cylance) AI driven and AI augmented next-generation anti-malware solutions were dramatically more effective in two test series employing nearly 4,500 malware samples

Oxygen Forensics Industry Leading Ability to Decode Drone Data is now Available (Oxygen Forensics) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, can now parse and decode drone data from Inspire 1, and Phantom 3 drones manufactured by DJI.

iS5 Communications Inc. Releases First RAPTOR Beta Units to Key Customers. (PRNewswire) iS5 Communications Inc. releases RAPTOR™ - A Next-generation...

Blockchain technology is moving into the shipping industry — with Microsoft and Maersk on board (CNBC) EY said Wednesday that it plans to launch the first blockchain platform for marine insurance, alongside Microsoft, Maersk and others.

UPDATE - ManTech Launches Its Advanced Cyber Range Environment - NASDAQ.com (NASDAQ.com) ManTech International Corporation (Nasdaq:MANT) today announced full operational capability of the company's Advanced Cyber Range Environment, enabling customers to test and evaluate the cyber preparedness of their networks and to train users in the latest defensive cyber technologies for preventing cyberattacks.

HEROIC.com Launches EPIC, an Enterprise Cybersecurity Solution to Protect Organizations from Credential Stuffing Attacks (Business Insider) HEROIC.com, provider of enterprise credential stuffing protection, today announced the release of EPIC, an enterprise-focused solution that empowers security professionals to discover, remediate and prevent credential stuffing, the unauthorized use of stolen login credentials in targeted attacks.

Deep packet inspection to identify Bitcoin network activity (eeNews Europe) Rohde & Schwarz Cybersecurity's deep packet inspection (DPI) engine R&S PACE 2 has been enhanced with a new Bitcoin protocol classification functionality that enables enterprises to identify, control and block bitcoin transactions within a network.

GlobalPlatform Publishes On-Device NFC Service Management Specification (Payment Week) September 06 2017 – The GlobalPlatform Managing Entity Specification has been published, completing a ‘stack’ of complementary software standards from ETSI and the NFC Forum that ensures multiple mobile contactless services successfully coexist within a device and will operate as intended, regardless of the hosting environment selected by the service provider. The standardized approach provides much …

MobileIron adds Apple security along with support for iOS 11 (Computerworld) As macOS becomes more popular at work, MobileIron has joined a chorus of EMM vendors focused on the platform as part of their unified endpoint management software offerings.

Next Generation of Kaspersky Private Security Network: Extensive Threat Intelligence Within the Network Walls (BusinessWire) Today, Kaspersky Lab is introducing its next generation of Kaspersky Private Security Network, a private version of Kaspersky Security Network (KSN).

HoneyTek Systems Partners with Behavioral Biometrics Leader BioCatch to Deliver Game-Changing Fraud Prevention Solutions (Benzinga) HoneyTek Systems, a boutique-oriented Systems Integrator, Network Security VAR and MSSP is proud to announce that it has signed a partnership agreement with behavioural biometrics...

Milton Security Announces Partnership With Carbon Black (PRNewswire) Milton Security Group Inc., a cybersecurity company that specializes...

Free Firewall Know The Best Security Vendors Of 2017 (ValueWalk) Free Firewall is a security application that when installed blocks suspicious and unauthorized network traffic from entering the users

The Cipher Brief Launches New Public-Private Cyber Advisory Board (PRNewswire) The Cipher Brief, a premiere source for global security news and analysis,...

Technologies, Techniques, and Standards

Critical Alert: EU Ministers Test Responses in Cyber War Game (US News and World Report) European Union defense ministers will hold a cyber war game for the first time on Thursday to test their ability to respond to a potential attack by computer hackers on one of the bloc's military missions abroad.

Key elements of a secure, sensitive information sharing strategy (Help Net Security) Jonathan Yaron, Chairman and CEO of Accellion shows you how to develop a sensitive information sharing strategy and keep your organization secure.

How to hurricane-proof a Web server for Harvey (Ars Technica) Millions relied on Space City Weather—here’s the configuration that weathered the storm.

Design and Innovation

Periodic Table of Cybercrime Attacks: Curing Cybersecurity’s Tunnel Vision (Computer Business Review) The periodic table like you've never seen before - CBR's Ellie Burns talks to Vanita Pandey from ThreatMetrix about a new way of categorising cyber attacks.

AI Will Soon Identify Protesters With Their Faces Partly Concealed (Motherboard) A new paper has troubling implications.

Research and Development

There Are Now 8,000 Fake Science ‘Journals’ Worldwide, Researchers Say (Motherboard) Researchers from high-profile institutions are falling for these scams.

Academia

University receives $4.7 million cybersecurity grant (Plainsman) The University received a $4.7 million grant from the National Science Foundation that will go towards undergraduate and graduate students pursuing computer science, software, computing, wireless and electrical engineering degrees.

Symantec to Hold Cybersecurity Challenge for Higher Ed Sector on Oct. 19 (GovCon Wire) Symantec (Nasdaq: SYMC) will kick off a cyber competition for...

Legislation, Policy and Regulation

US cautiously welcomes Russia's call for UN force in Ukraine (Military Times) The United States cautiously welcomed a Russian proposal to send U.N. peacekeepers into eastern Ukraine, but insisted Wednesday the force should be deployed throughout embattled eastern Ukraine and not just on the line of conflict.

When do Canadian spies disclose the software flaws they find? There's a policy, but few details (CBC News) A similar process helps U.S. spies decide whether to report flaws to tech companies or keep them secret for future use.

FRANCE : Culture clash at DGSI (Intelligence Online) The word is that Laurent Nunez , the new head...

Trump nominates defense lawyer to lead DOJ cyber crime division (Inside Cybersecurity) President Trump has nominated John Demers, a lawyer for defense contractor Boeing Company, to head the Justice Department's National Security Division, which is responsible for prosecuting cyber crimes.

Reengineering Surveillance Oversight (Lawfare) This piece is part of a series on Tim Edgar's new book, "Beyond Snowden." One of the most important revelations following the disclosures by former National Security Agency contractor Edward Snowden was the inadequate oversight of highly invasive U.S. surveillance programs.

US Coast Guard's unique cyber position (Defense News) U.S. Coast Guard Vice Commandant Adm. Charles Michel explains why its position in relation to the military, federal agencies and the intelligence community gives it unique insight into the governments cybersecurity posture.

House passes law to accelerate adoption of self-driving technology (Ars Technica) The House bill preempts state laws, creates a fast track for self-driving cars.

NY DFS Cybersecurity Requirements: Who Should Be Listening - SecurityScorecard Insights & News (SecurityScorecard Insights & News) For those companies who have been following the New York Department of Financial Services Cybersecurity Requirements and have educated themselves on everything about the regulation, it was easy to jump right into the substance of the requirements. But for those of you who are just catching up and beginning to evaluate this state cybersecurity...

Litigation, Investigation, and Enforcement

Key Figure Behind ‘Trump Dossier’ Stonewalled Senate Investigators (Foreign Policy) Glenn Simpson invoked his First Amendment rights to protect sources for salacious claims of collusion.

A Security Clearance Nightmare (Just Security) As President, Donald Trump obviously has the right to hire and fire his top advisors as he sees fit. However, when the President indicates he may

Two history-making Israelis suing New York-based Verint Systems in patent case (Haaretz) Elad Barkan and Eli Biham were the first to show that calls made on secured GSM cellphone networks could be eavesdropped on.

Lenovo settles lawsuits with 32 states over Superfish (Naked Security) Lenovo agrees to pay $3.5m for breaking users’ security by installing Superfish

How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced (Dark Reading) Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.

13-year-old Japanese Kid Caught Selling Malware (HackRead) It is no surprise that malware attacks are increasing and cyber criminals are becoming sophisticated in their campaigns but who could imagine that kids wil

Judge dismisses Shiva “I Invented EMAIL” Ayyadurai’s libel lawsuit against Techdirt (Ars Technica) Judge: Techdirt articles were opinionated and hyperbolic, but not libel.

1st Amendment wins in self-proclaimed e-mail inventor’s Techdirt libel suit (Ars Technica) The truth, whatever that may be, is the best defense to defamation.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

DSEI 2017 (London, England, UK, September 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply chain on an unrivalled scale.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their organizations would be successful this year. Top causes for this exposure relates to a lack of skilled people, budget, and awareness. New techniques for mobility, using personal devices, and applications represent a more than 60% risk. Only 11% of organizations rate their defenses very effective (Schulze, 2017).

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, September 25 2017 - September 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity Europe, Infosecurity North America will focus on bringing together the information security community and end users to discuss how to overcome the most pressing cybersecurity challenges today. The topics include malware, cloud security, governance, regulation and compliance, threats, professional development, application security and digital forensics.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.