The CyberWire Daily Briefing 9.21.17

Summary

By The CyberWire Staff

The US Securities and Exchange Commission late yesterday said that its EDGAR system, which companies use to file documents required by Federal law and regulation, had been compromised by a "threat actor." That in itself isn't new—the SEC had detected the intrusion last year. What is new is the discovery that the hackers accessed data they appear to have used in illicit trading. It's not yet know how large that trading was, but it could represent a very significant incident.

The SEC's disclosure was made in a long statement about the Commission's cyber risk assessment and its further implementation of the NIST Framework.

UpGuard discovered sensitive sensitive information belonging to Viacom (including keys that could have enabled exploitation of the company's infrastructure as a platform for other attacks). Viacom seems to have dodged a bullet, as observers say—the responsible disclosure enabled them to fix the cloud exposure before serious damage was done.

Equifax continues to struggle with incident response. The company for an uncomfortably long period was directing inquirers about the breach to a bogus phishing site. The one lesson all should learn from Equifax's travails is the importance of incident planning (and the exercise of those plans).

The supply chain problems that backdoored an Avast product increasingly look like the work of a state espionage agency.

The US Department of Homeland Security has clarified and qualified its ban on Kaspersky. Kaspersky software embedded in other vendors' products is not banned, nor are Kaspersky intelligence and training services.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Czech Republic, European Union, Germany, Iran, Israel, Japan, Republic of Korea, Russia, Saudi Arabia, United Kingdom, United States

Worried About Third Party Data Breaches?

We all know the consequences of a third party data breach; one vulnerability can cost your organization millions. But do you know what security measures to implement to successfully reduce your attack surface and prevent third party risk? Learn how in LookingGlass Cyber Solutions' webinar featuring VP of Intelligence Operations Eric Olson and Forrester Senior Analyst Nick Hayes on Wednesday, October 18, 1:30pm ET. Sign up now.

On the Podcast

In today's podcast we hear from our partners at Terbium Labs, as Emily Wilson cautions us against being so distracted by big shiny objects like "taking down the power grid" that we neglect such basics as enabling two-factor authentication. Our guest is Richard Henderson, global security strategist at Absolute, who offers comments on the Equifax breach and the challenges of keeping up with patching.

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, October 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Dateline

Equifax breach brings renewed attention to information security vulnerabilities (The Hub) Equifax breach brings renewed attention to severe information security vulnerabilities

Cyber Attacks, Threats, and Vulnerabilities

New Group of Iranian Hackers Linked to Destructive Malware (WIRED) A suspected Iranian government hacking team known as APT33 may be planting computer-killing code in networks around the world.

Meet APT33: A Gnarly Iranian Hacker Crew Threatening Destruction (Forbes) Iran is building up its cyber capabilities and the emergence of a group of hackers, dubbed APT33, has given rise to concerns the nation's cyberwarfare units are looking to launch destructive attacks on critical infrastructure, energy and military bodies.

Cyber Assaults on Democracy’s ‘Brain-Space’ are Here to Stay (The Cipher Brief) The United States has no peer competitors in conventional military power. But its adversaries are increasingly turning to asymmetric methods for engaging in conflict. Cyber-enabled information warfare (CEIW) is a form of conflict to which the United States – and liberal democracies more generally – are particularly vulnerable. Information warfare involves the deliberate use of information to...

The Brief Life, and Looming Death, of Europe’s ‘SWAT Team for Truth’ (Foreign Policy) The Czech Republic launched the continent’s first center to combat fake news in January. It might not survive the year.

Russia’s Digital Weapons Refined on Virtual Battlefield’ of Ukraine (VOA) Digital intrusions see data deleted, networks crippled with real life consequences

SEC says hackers may have traded using stolen insider information (Reuters) The top U.S. markets regulator said on Wednesday that hackers accessed its corporate disclosure database and may have illegally profited by trading on the insider information stolen.

SEC Says It Was Hacked in 2016 (Security Week) The United States Securities and Exchange Commission (SEC) said late Wednesday that it was the victim of a cyber-attack in 2016 that may have allowed hackers to profit through trading on non-public information in its EDGAR filing system.

SEC Chairman Clayton Issues Statement on Cybersecurity (US Securities and Exchange Commission) Discloses the Commission’s cyber risk profile, discusses intrusions at the Commission, and reviews the Commission’s approach to oversight and enforcement

Statement on Cybersecurity: Chairman Jay Clayton (US Securities and Exchange Commission) Data collection, storage, analysis, availability and protection (including security, validation and recovery) have become fundamental to the function and performance of our capital markets, the individuals and entities that participate in those markets, and the U.S. Securities and Exchange Commission...

Statement on Cybersecurity: Commissioner Michael S. Piwowar (US Securities and Exchange Commission) Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency.

Media giant Viacom dodges bullet over massive security breach (BGR) Viacom, the media conglomerate that owns Paramount, Comedy Central, MTV, and hundreds of other properties, has had a giant security flaw exposed by a security firm. The good news is that hackers do…

Cut Cord: How Viacom's Master Controls Were Left Exposed (UpGuard) An internet-exposed Puppet master and secret keys left the media empire's cloud assets vulnerable to exploitation.

Equifax directed consumers to fake phishing site for weeks (Help Net Security) Equifax phishing alert! You can add another blunder to the already long list of Equifax's missteps: they've been pointing customers to a fake phishing site.

Plenty of blame to go around for Equifax breach (Software Development Times) You can blame developers, you can blame open source, but until C-level executives start considering security a first-class problem, breaches will continue.

What cybercriminals do with Stolen Social Security numbers (WTVR) The Equifax breach included names, Social Security numbers and home addresses. Those are valuable details for criminals who want to drain bank accounts or commit tax fraud.

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (WIRED) The backdooring of security software CCleaner now appears to have been more of a targeted spying operation than a mere cybercrime scheme.

Researchers Link CCleaner Hack to Cyberespionage Group (Motherboard) Experts believe a state-sponsored hacker was behind the attack, which affected 2.2 million people.

Avast takes dig at Cisco, thanks Morphisec for uncovering CCleaner compromise (Inquirer) Firm also plays down the number of users affected

New RETADUP Variants Hit South America, Turn To Cryptocurrency Mining (TrendLabs Security Intelligence Blog) Several months ago, we discovered and exposed RETADUP malware in Israeli hospitals. We also learned that an Android malware known as “GhostCtrl” was stored in their infrastructure, which might be used for cyberespionage or cybercrime.

Underground Hacking Forum Admins Having Second Thoughts About Selling Ransomware (BleepingComputer) Administrators of various underground hacking forums hosted on both the public Internet and Dark Web are having serious discussions about the "good idea" of allowing the sale of ransomware via their platforms.

Using security cameras and infrared light to extract data from air-gapped networks (Help Net Security) Attackers can covertly exfiltrate data from and send data into an air-gapped network by using the infrared light capabilities of security cameras.

Cyber-attack cost TNT at least $300m (BBC News) Delivery company FedEx says a recent cyber-attack cost its TNT division about $300m (£221m).

People may lose money in fake competitions on Facebook (Slovak Spectator) The attackers often try to obtain information necessary for online transactions.

I Uncovered a Group of Scammers Posing as Apple Support Technicians (Motherboard) When I tried calling their number, a woman told me Apple has a second headquarters in Virginia. It doesn’t.

Cyber attack hits Butler Community College (KWCH) Butler Community College says it believes it's the latest institution to fall victim to a cyber attack.

Three-Quarters Of Local Government Departments 'Hit By Malware' (Silicon UK) Half of local government bodies said they've been affected by ransomware in the past year, with 76 percent hit by cyber attacks

Security Patches, Mitigations, and Software Updates

Microsoft Is Adding a Potent Security Feature to Windows 10 (Fortune) Automatic hack recovery

Cyber Trends

New Research from Intermedia Reveals a False Sense of Confidence Among Office Workers with Phishing Scams Still on the Rise (Intermedia) Part 1 of Intermedia’s new 2017 Data Vulnerability Report finds that, despite continued education and awareness, one in five office workers continue to be a victim of costly phishing emails

Survey: Careless errors still pose biggest threat to agency networks (GCN) Careless or untrained insiders pose more security risks to federal agencies than threats from foreign governments, malicious insiders or terrorists, according to a new survey.

End Users Getting Better at Identifying Phishing Attacks (THE Journal) Users today are more likely to recognize a phishing attack than they were a year ago, according to data from Wombat Security Technologies.

India's Transition To Digital Has Caused A Spike In Cyber Attacks, But They Can Be Fought (Forbes) India’s rapid transition to a cashless economy since Prime Minister Narendra Modi’s demonetization drive has exposed new avenues for virulent cyber threats across the nation.

Marketplace

DHS offers new details on Kaspersky ban (FCW) The Department of Homeland Security published the full text of its Kaspersky ban in the Federal Register just as the Senate voted to ban the company from federal networks as an amendment to the defense bill.

Notification of Issuance of Binding Operational Directive 17-01 and Establishment of Procedures for Responses (Federal Register (NPPD DHS)) In order to safeguard Federal information and information systems, DHS has issued a binding operational directive to all Federal, executive branch departments and agencies relating to information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or affiliated companies.

Cybersecurity: The Next Mega-Money Merger Game? (ValueWalk) Gen. Douglas MacArthur famously said: “Old soldiers never die, they just fade away.” Smart older companies don’t die (or fade away). When their businesses run out of steam, they just buy their way into some other, faster-growing sector. That’s what …

Symantec's Play for Splunk Ends After Review (Bloomberg.com) Symantec Corp. held talks to acquire Splunk Inc. but called them off after reviewing the analytics software company’s finances, people familiar with the matter said.

Digital Shadows raises $26M to expand its market leading digital risk management service and fuel global expansion (Digital Shadows) Led by Octopus Ventures and World Innovation Lab, this new investment will enable the company to meet increasing customer demand across all verticals and geographies

SecureAuth Raises Over $200M to Confront the New Reality of Cybersecurity (SecureAuth) Merger with Core Security brings a new approach to better detecting and responding to breaches.

Securonix Raises $29M in Series A Funding (FinSMEs) Securonix, a Redwood Shores, CA-based big data security analytics provider, raised $29M in Series A funding

Capsule8 Secures $6 Million in Series A Funding Round Led by Bessemer Venture Partners (GlobeNewswire News Room) Jay Leek of ClearSky Security Joins Capsule8 Board of Directors

inBay Technologies Closes $1+ Million Financing (PRWeb) Cybersecurity firm lands key funding from a billion-dollar equity firm Ramphastos and Ottawa-based angel investors to drive its go-to-market strategy

Rapid7 Channel Chief Looks To Hit Reset Button, Says Small Steps Made To Repair Partner Relationships (CRN) John Ryan, hired as the security vendor's director of the Americas channel in February, says he's seeing progress with a new partner program, a companywide channel mind-set and a push to re-establish trust.

Dragos Partners with The Cyberwire to Increase Industrial and Critical Infrastructure Cybersecurity Awareness (PRNewswire) Industrial control systems (ICS) cybersecurity company Dragos...

Wiretap Names Sean 'Ringo' Doran Director of Design, Jason Morgan Head of Behavioral Intelligence (Marketwired) Doran and Morgan will simplify and innovate Wiretap's product design and psychology, creating human-centered technology experiences, and building behavioral intelligence innovation into Wiretap's secure collaboration solutions

Former DHS cyber official joins Acuity (FCW) Danny Toler, who held a senior post at the National Protections and Programs, has joined the consulting firm Acuity.

Coalfire Appoints Michael Chao as Chief Financial Officer (Business Insider) Coalfire, a trusted provider of cybersecurity advisory services, today announced the appointment of Michael Chao as Chief Financial Officer.

Hiscox hires former GCHQ director to advise on cyber risk (Financial Times) Robert Hannigan will advise insurer on emerging threats and criminal techniques

Indegy Adds Renowned Cybersecurity Expert Mark Weatherford to Advisory Board (BusinessWire) Mark Weatherford, one of the most respected cybersecurity experts in the world, is the latest addition to Indegy’s influential team of advisors.

Products, Services, and Solutions

New center to fight cyber crime opens at Munich Airport (Munich Airport) The number of attacks on the IT systems of companies and public-sector organizations in Germany has rapidly increased in recent years, parallel to the rise of digitization. Munich Airport also faces all kinds of cyber attacks on a daily basis.

ThreatQuotient and Phantom Partner to Leverage Enriched Threat Intelligence Delivering Powerful, Simplified Security Operations (BusinessWire) ThreatQuotient today announced a strategic partnership with Phantom to enable defenders to work more effectively.

Evident.io Helps Enterprises Reduce Complexity of Securing Multicloud Environments with New Support for Microsoft Azure (PRNewswire) Evident.io, the leading provider of public cloud compliance and...

WatchGuard Updates Detection and Automatic Remediation Capabilities with Next-Generation Sandboxing (PRNewswire) WatchGuard® Technologies, a leader in advanced network security solutions,...

PKWARE Brings Persistent Encryption to Turnkey Key Management with Smartcrypt Appliances (PRNewswire) PKWARE, a global leader in data security, today announced the launch of...

Microsoft Embeds Hexadite's AI Tech into Windows Defender ATP (eWEEK) Microsoft is using the AI-enabled threat detection and response technologies it recentely acquired from Hexadite to strengthen Windows Defender ATP.

Radware Launches Ultimate IoT Botnet Protection With New DefensePro® Lineup (GlobeNewswire News Room) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, today introduced a comprehensive solution for protection from network layer attacks, including increased threats stemming from Internet-of-Things (IoT) botnets.

Code Dx Version 2.6 Supports NIST 800-53 Compliance and Application Security Testing for Mobile Apps (Business Insider) Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization, and management of software vulnerabilities, today announced version 2.6 of its flagship Application Software Vulnerability Correlation and Management solution, Code Dx Enterprise.

Owl Cyber Defense Solutions Announces ISO 9001:2015 Certification (IT Business Net) Owl Cyber Defense Solutions, LLC ("Owl"), the market leader in data diode network cybersecurity solutions, is proud to announce the company has received its official ISO 9001:2015 certification. ISO 9001 is a quality management system based on the idea of continual improvement.

Intelisecure Launches Solutions, Managed Services Offering to Help Midsize Enterprise Organizations Protect Critical Data (Marketwired) Traditionally an underserved market in the area of data protection, yet facing the same threats, regulations and mandates as larger enterprises, midsize enterprises now have an offering that meets their data protection needs at a consumable price point

Comodo Launches cWatch Web to Improve Website Performance and Security (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...

If Your Password Hygiene Sucks, This Password Manager Will Tell On You (Fast Company) Nearly half of surveyed employees use personal passwords for company accounts–a big no-no, says password manager maker Dashlane.

Vidder Selected by Verizon Enterprise Solutions for New Software Defined Perimeter Managed Service Offering (BusinessWire) Verizon Integrating Vidder Technology into its Software Defined Perimeter Managed Service

Palo Alto Networks Strengthens Ransomware Prevention Capabilities With New Traps Advanced Endpoint Functionality (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security...

Technologies, Techniques, and Standards

Distrustful U.S. allies force spy agency to back down in encryption fight (Reuters) An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

Setting the standard for a blockchain protocol for IoT (Help Net Security) The Trusted IoT Alliance aims to bring companies together to develop and set the standard for an open source blockchain protocol to support IoT technology.

After Equifax Breach, Companies Advised to Review Open-Source Software Code (Wall Street Journal) It doesn’t make much sense: At a time when high-powered automated trading systems can execute stock sales in real time, many large corporations that rely on open-source software to run their businesses track their open-source use on spread sheets on paper.

Following Equifax, Focus On Database Encryption (IT Jungle) In the wake of the massive data breach at Equifax that has impacted millions of Americans, suspicions are arising that the company did not even encrypt its data. As hard as it is to believe that one of the big three credit agencies neglected to use encryption, a survey suggests that storing data in plaintext

5 tips for enterprises to ensure their SMB partners don't cause a data breach (TechRepublic) SMBs are valued partners for many firms, but they often lack resources and expertise to develop comprehensive security policies. Here's how enterprises can ensure their partners are cybersecure.

Darktrace: Security teams are too busy battling internal complexity to fight off hackers (Computing) Dave Palmer, director of technology at Darktrace, explains how machine learning can help complex enterprises combat threats before they do serious damage

Research and Development

Army turns to Plan X to defend against cyber threats (Defense Systems) Plan X software and hardware uses traditional warfare tactics to protect the Army from cyber attacks.

Legislation, Policy and Regulation

Working to Preserve the Stability of Cyberspace (The Diplomat) What can we do to encourage responsible nation-state behavior and restraint in cyberspace?

State of the Union 2017: The Commission scales up its response to cyber-attacks (Europa) Why does the EU need to take action on cybersecurity? Since 2013, the technological and security landscape in the European Union has changed at a very fast pace. Digital technologies are now an integral part of our daily life and the backbone of our economy.

The NDAA Is Fatally Flawed And Threatens National Security (The Daily Caller) Looking at some of the early Christmas gifts buried deep on the National Defense Authorization Act for both liberals like Elizabeth Warren and our enemies like North Korea and Iran, it’s almost hard

Air Force Mulls Merging Cyber, ISR Troops (Breaking Defense) The senior leadership of the Air Force will decide at the late October Corona meeting at the Air Force Academy whether to take the cyber force from Air Force Space Command and merge it with Air Combat Command‘s ISR force.

Is Trump Mulling Peter Thiel for a Top Intelligence Advisory Post? (The Hive) Venture capitalist Peter Thiel has been quietly advising the Trump administration for months. Now—as sources say he could be in line for a top intelligence oversight role—Steve Bannon, White House officials, friends, and foes gauge the billionaire’s motivations, and his Washington mojo.

Lawyers Say More Regulation Is Likely to Follow Equifax Breach (New York Law Journal) Following the Equifax data breach, legal experts are considering what new regulations may result from the massive hack affecting 143 million Americans, and s...

Litigation, Investigation, and Enforcement

Equifax Breach Class Action Lawsuit Filed On Behalf Of Nation's 28 Million Small Businesses (PRNewswire) The estimated 28 million small business operators in the U.S. face special...

Trusted insider at the federal level raises concerns (CSO Online) Charged with bank fraud, Imran Awan provided IT services to the U.S. House of Representatives for 14 years. Is he a white-collar criminal or something more sinister?

Facebook and Senate Panel Scuffle Over Russia Investigation (Foreign Policy) Even fake Russian accounts may have some legal protection.

Tucker Breaks Down New Trump Wiretap Report: 'Rogue' Intel Agencies or DC 'Collusion' (Fox News Insider) Tucker Carlson discussed a new CNN report that appeared to give credence to President Trump's much-maligned suspicions that his New York City skyscraper was wiretapped during the 2016 campaign.

Legal experts bat down Fox News claims Trump vindicated on wiretapping accusations (Newsweek) The president's claims that Obama wiretapped Trump Tower aren't true even after Manafort disclosure, say legal experts.

All Mr. Comey’s Wiretaps (Wall Street Journal) Congress needs to learn how the FBI meddled in the 2016 campaign.

Samantha Power sought to unmask Americans on almost daily basis, sources say (Fox News) Samantha Power, the former U.S. ambassador to the United Nations, was 'unmasking' at such a rapid pace in the final months of the Obama administration that she averaged more than one request for every working day in 2016...

Stingray surveillance ends with cop shooter getting 33 years in prison (Ars Technica) “As I get older, I think more about what's going to happen to my soul when I die.”

Prosecutors Say Weiner Deserves Jail Time in Sexting Case (New York Law Journal) Former U.S. Rep. Anthony Weiner 'deserves time in prison' for his conviction of sending obscene material to a minor, prosecutors argued in papers filed Wedne...

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, September 25 2017 - September 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

Enterprise Cyber Security Even (London, England, UK, September 28, 2017) Cyber-attacks are increasing in both frequency and sophistication. Whitehall Media’s leading-edge Enterprise Cyber Security conference brings together hundreds of thought leaders, practitioners, specialists and innovators who are building capabilities, resilience, capacity and responsiveness.

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity Europe, Infosecurity North America will focus on bringing together the information security community and end users to discuss how to overcome the most pressing cybersecurity challenges today. The topics include malware, cloud security, governance, regulation and compliance, threats, professional development, application security and digital forensics.

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue together to unlock our potential and use the opportunities ahead. CYBERSEC’s mission is to foster the building of a Europe-wide cybsersecurity system. Our goal is to create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, October 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity solutions from Maryland's cybersecurity providers. This event combines face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking with a keynote and a wrap-up luncheon.

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and current administrations, the U.S. military, industry, and academia for a discussion of the past, present, and future of the security of our nation’s cyber infrastructure.

CyberMaryland (Baltimore, Maryland, USA, October 11 - 12, 2017) Maryland is recognized as a cybersecurity leader - nationally and internationally. The state has developed cybersecurity experts, education and training programs, technology, products, systems and infrastructure. With over 10 million cyber hacks a day resulting in an annual worldwide cost of over $100 billion, the United States is at risk. Ensuring that our nation has the workforce, technology and resources to protect our citizens, businesses, infrastructure, intellectual property and more is of paramount importance. Maryland continues to be a leader on this front.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.