The CyberWire Daily Briefing 9.22.17

Summary

By The CyberWire Staff

Things are tense in the Korean peninsula, but not that tense. US Forces Korea says that the text and social media messages that yesterday appeared to be a Noncombatant Evacuation Order telling US civilians to leave South Korea at once was a hoax. Responsibility has not been determined. It could be a state-actor (with Pyongyang the obvious suspect) but a freelancing skid doing for the sick lulz is just as likely.

The breach of the US Securities and Exchange Commission's EDGAR system has spooked investors and legislators alike. It's being called a blow to confidence in the US financial system; how serious a blow remains to be seen.

It now seems that whoever hit Equifax spent several months carefully establishing their presence in its systems. And, with the Equifax breach, closer scrutiny of its competitors will turn up issues there as well: Experian's site allows anyone to request your credit freeze PIN.

ESET warns that ongoing campaigns distributing FinFisher spyware have features suggesting some Internet service providers may have been compromised to distribute the lawful intercept product to its targets.

Investigation into the supply chain's insinuation of a backdoor into Avast's CCleaner security product moves toward the conclusion that the effort was more closely targeted than initially believed. Cisco thinks the hackers were after a relatively small number of large companies: Intel, Microsoft, Linksys, Dlink, Google, Samsung, Cisco, O2, Vodafone, and Gauselmann.

GCHQ warns that bigger attacks than WannaCry are coming, particularly if Britain doesn't get its security act together.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, Ghana, Democratic Peoples Republic of Korea, Republic of Korea, Russia, United Kingdom, and United States.

Worried About Third Party Data Breaches?

We all know the consequences of a third party data breach; one vulnerability can cost your organization millions. But do you know what security measures to implement to successfully reduce your attack surface and prevent third party risk? Learn how in LookingGlass Cyber Solutions' webinar featuring VP of Intelligence Operations Eric Olson and Forrester Senior Analyst Nick Hayes on Wednesday, October 18, 1:30pm ET. Sign up now.

On the Podcast

In today's podcast, we hear from our partners at Accenture Labs, as Malek Ben Salem describes a new attack vector that uses power management systems. Our guest, Robert Sell, shares his experiences participating in a DEFCON capture the flag competition.

And don't forget Research Saturday tomorrow: it's all about pacifiers...

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, Sep 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, Oct 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, Oct 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Dateline

Cybersecurity for executives (including deans and small business owners). (The CyberWire) This week's conference at the Johns Hopkins University covered ground of interest to business leaders, especially with respect to the implications cyber risk has for their legal and contracting activities. The executives for whom the conference was organized were expansively and quite properly defined to include not just the denizens of a Fortune 500 C-suite, but small business owners, partners in medical and accounting practices, college deans, and so on.

Motivation: recognizing the magnitude of the problem. (The CyberWire) What do organizations face in cyberspace, and how should they understand their risk?

Preparation: Don't be like Equifax, and don't think it can't happen to you. (The CyberWire) What should you consider doing to prepare your organization for an incident? In the first place, understand your value proposition, and manage your risk accordingly.

Attribution: AI and big data will help, but a lot of art remains. (The CyberWire) The possibilities and limitations of attribution: a lot of science, but a lot of art, too.

Communication: Storytelling for security. (The CyberWire) Sometimes, in establishing an effective security program, the most important steps are imaginative ones.

Cyber Attacks, Threats, and Vulnerabilities

U.S. Forces Korea: Evacuation message is fake (Military Times) Families of service members and other DoD civilians received a fake message to evacuate the Korean Peninsula.

Hack of Wall St regulator rattles investors, lawmakers (Reuters) Wall Street's top regulator came under fire on Thursday over its cyber security and disclosure practices after admitting hackers had breached its database of corporate announcements in 2016 and may have used it for insider trading.

SEC reveals it was hacked, information may have been used for illegal stock trades (Washington Post) The agency detected the breach last year, but didn't learn until last month that it may have been used for improper trading.

Hack of U.S. Regulator a Blow to Confidence in Financial System (Security Week) The hack disclosed at the U.S. Securities and Exchange Commission deals a fresh blow to confidence in the security of the financial system weeks after news of a potentially catastrophic breach at a major U.S. credit bureau.

Massive Equifax hack reportedly started 4 months before it was detected (Ars Technica) Attackers likely spent months escalating their intrusion into Equifax's network.

Exclusive: U.S. Homeland Security found SEC had 'critical' cyber weaknesses in January (Reuters) The U.S. Department of Homeland Security detected five "critical" cyber security weaknesses on the Securities and Exchange Commission's computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

Experian Site Can Give Anyone Your Credit Freeze PIN (KrebsOnSecurity) An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.

Internet Providers Possibly Involved in FinFisher Surveillance Operations: Report (Security Week) New campaigns featuring the infamous FinFisher spyware are using a previously unseen infection vector, strongly suggesting that Internet service providers (ISPs) might be involved in the distribution process, ESET security researchers warn.

Hackers behind CCleaner compromise were after Intel, Microsoft, Cisco (Help Net Security) There is a new twist in the CCleaner hack saga: the attackers apparently didn't set out to compromise as many machines as possible.

CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features (BleepingComputer) A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded with modern chipsets, threat actors can take over systems via an attack surface found in almost all modern electronic devices.

DroidJack is back! This time as a fake Sarahah app (TEISS) Masquerading as a fake Sarahah app, DroidJack helps hackers view contact lists, GPS locations, SMSs and WhatsApp data in targeted devices.

Undocumented Word feature could lead to system information theft (SearchSecurity) An undocumented Word feature can be abused by attackers and lead to system information theft on both PCs and mobile devices.

What is a fileless attack? How hackers invade systems without installing software (CSO Online) Cyber criminals don't need to place malware on your system to get in. Fileless or zero-footprint attacks use legitimate applications or even the operating system.

When the Breach Wears a Suit and Tie (Digital Guardian) A foiled “black bag” job at the Boston firm Medrobotics underscores the varied nature of threats to sensitive data.

How Malware Keeps Sneaking Past Google Play’s Defenses (WIRED) A rash of malware hit the Google Play store this summer. And while Google has taken big steps to improve Android security, there's no clear end in sight.

Don't Rely On an Unlock Pattern To Secure Your Android Phone (WIRED) A new study found test subjects could mostly spot the patterns from five or six feet away on the first try.

How BitPaymer ransomware covers its tracks (Naked Security) This BitPaymer malware variant uses tricks that you don’t usually see in ransomware – but it still scrambles your files in the end.

This Ransomware Demands Nudes Instead of Bitcoin (Motherboard) It was inevitable.

A Song of Ice and Ransomware: Game of Thrones References in Locky Phishing (PhishMe) We rarely find out the identities of online attackers...

Ransomware Analysis Promises Bleak Future with No Recovery (Infosecurity Magazine) The future of ransomware does not offer any good news, as analysis shows new tactics and advancements by operators

Hackers hold entire school district to ransom (Naked Security) The hacking group stole personal information and sent explicit death threats against children to their parents.

Communications Ongoing with Overseas Hackers as Schools Regain Normalcy (Flathead Beacon) Schools are once again brimming with students as the Flathead Valley begins to emerge from the storm of cyber threats that shook the community over the last week. Average attendance... more

46,000 new phishing sites are created every day (Help Net Security) 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May 2017, Webroot has found.

The Imperative Of Cybersecurity For Houses Of Worship And Not-For-Profit Organizations (BIZCATALYST 360°) Over the past year, cyber threats and attacks have emerged as a prime concern, particularly with regard to homeland and transnational security.

Three things to know about the dark web (Help Net Security) CISOs have to stay ahead of what’s likely to come. With this in mind, here are three things you need to know about the dark web.

Bigger than WannaCry: A giant cyber attack will happen unless we rethink security, says GCHQ (ZDNet) A huge attack which makes WannaCry look like small fry will occur in the not to distant future - unless something changes.

Security Patches, Mitigations, and Software Updates

Critical VMware vulnerability, patch and update now (Naked Security) The impact of this critical vulnerability has the potential to be great.

Cyber Trends

Cyber Expertise Evolves with the Times Even as Skills Gap Widens (Infosecurity Magazine) More than half of IT pros look for network monitoring, IT fundamentals and vulnerability management.

Legacy networks holding back cloud and digital transformation (Help Net Security) What's holding back digital transformation and cloud adoption? 1,000 IT decision makers agree that it's legacy infrastructures.

Why Size Doesn't Matter in DDoS Attacks (Dark Reading) Companies both large and small are targets. Never think I'm not big enough for a hacker's attention.

Ghana lost 50 million dollars to cyber-attack in 2016 (Ghana Web) Mr Dele Aden, the Managing Director of Delta3 International, an Informational Security...

Marketplace

Kaspersky Raises the Question: Are Companies Loyal to Customers or Their Governments? (Government Technology) The recent ban on all Moscow-based Kaspersky Lab products throughout the federal government signals a shift in thinking about where company loyalties lie.

Bastille Confirms $27M in Series B Funding Round (BusinessWire) Bastille, the leader in enterprise threat detection through software-defined radio, has raised $27M in its latest round of funding. The Series B fundi

Cygilant Raises $7M in Growth Funding (FinSMEs) Cygilant, a Boston, MA-based developer of hybrid security as a service, raised an additional $7m in growth funding

Database provider MongoDB has filed to go public (TechCrunch) MongoDB, a database software company based in New York, has filed to go public with the Securities and Exchange Commission as it continues to burn a ton of..

Navy delays NGEN contract award (C4ISRNET) The Navy has delayed contract awards for its multibillion-dollar NGEN program.

Kaspersky provides security software for Brazil military (Telecompaper) Kaspersky Lab will provide cyber security products for the Brazilian Armed Forces, specifically virus protection, reports Folha de Sao Paulo.

Products, Services, and Solutions

Microsoft Intune Gets Security Boost with Zimperium Support (Redmond Channel Partner) The Microsoft Intune mobile management solution, part of the Microsoft Enterprise Mobility + Security (EMS) suite, can now integrate with Zimperium, bringing added security protections for iOS and Android users.

ThreatQuotient and Phantom Partner to Leverage Threat Intelligence (ThreatQuotient) ThreatQuotient™, a trusted threat intelligence platform innovator, today announced a strategic partnership with Phantom to enable defenders...

tCell Delivers Universal DevOps-Friendly AppSec Solution (Marketwired) Support for web servers further simplifies enterprise deployment and bolsters comprehensive attack protections for widest range of new and legacy apps

Clones begone: Dashlane Business 2.0 improves duplicate password spotting (Neowin) The password manager has unveiled its latest update to its Business offering, which brings Active Directory integration, group sharing, one-click provisioning via SAML, and much more.

Forcepoint NIST 800-171 Supply Chain Solution Speeds Path to DoD Compliance (PRNewswire) Global cybersecurity leader Forcepoint today announced it has partnered...

Cypherium Announces Development Scalable Hybrid Blockchain (NEWSBTC) Lead blockchain cryptographers have banded together with experts from companies such as Google, Amazon & Microsoft to create Cypherium.

RapidScale Launches Imperva Incapsula Service as Part of CloudSecurity Offerings (HostReview.com) RapidScale, a leader in managed cloud services, has launched a new CloudSecurity offering powered by Imperva Incapsula. RapidScale added the Incapsula

Anomali Announces Real Time Forensics to Give Organizations Instant Visibility Into Newly Discovered and Existing Threats (Marketwired) Adds new automation and detection capabilities to threat intelligence product lines...

NTT launches security services for industrial control systems (Telecompaper) NTT Security, the specialized security company of NTT Group, has launched ‘IT/OT Integrated Security Services’.

KoolSpan and GO-Trust Announce a Strategic Partnership and the General Availability of TrustCall microSD (Sys-Con Media) KoolSpan, Inc., the leading provider of interoperable secure call and messaging solutions for mobile devices and GO-Trust, a global leader in hardware based encryption solutions, today announced their strategic global partnership, and the General Availability of TrustCall microSD.

WISeKey Unveils its Digital Identity BlockChain Platform CertifyID in NYC; (GlobeNewswire News Room) WISeKey International Holding Ltd ("WISeKey", SIX: WIHN), a leading cybersecurity and IoT company announced that it unveiled its CertifyID integrating Digital Identity with Blockchain technology, in several major Sustainable Developments Events held in New York City this week.

Sword & Shield Enterprise Security Aims to Improve Mobile App Security (markets.businessinsider.com) Sword & Shield Enterprise Security, a leading national cybersecurity firm based in Knoxville, Tennessee, now offers detailed mobile application security assessments for Android, iOS, and Windows phone or tablet-based apps to determine their vulnerabilities and how sensitive information can be compromised through them.

Walmart partners with smart lock maker August to test in-home delivery of packages and groceries (TechCrunch) Walmart announced today it will begin testing a new service that will allow customers with August smart home devices, like the August doorbell and security..

Technologies, Techniques, and Standards

A Robotics Expert Explains the Future of Standards in the Industry (Security Sales & Integration) The Robotic Industries Association’s director of standards development discusses key trends affecting the industry’s tactics, trajectory and traction.

Should You Underwrite A Company That’s Been Breached Before? (BitSight) Find out why cyber insurers should take on the risk of companies that have experienced a data breach or security event in the past.

Track to the Future (ThreatConnect) How to use historical intelligence to get back to the future and defend your organization

Recent hurricanes have the Coast Guard rethinking social media's role in rescue and response (FederalNewsRadio.com) The Coast Guard says agencies need a national protocol for using social media in rescue and response efforts for future weather disasters.

Supporting Healthcare Organizations Through IT Recovery (Trend Micro Simply Security) As we all return to work from the summer holidays, we at Trend Micro reflect on what we have seen in the threat landscape over the first six months of 2017 with the release of our 2017 Mid-Year Security Roundup. It takes me back to the two major attacks that we witnessed, and I was...

Meet the 17-Year-Old Who Hacked the U.S. Air Force (Nextgov) Chicago high school senior Jack Cable moonlights as an ethical hacker.

Design and Innovation

A Surgical Approach to Software Security: Protecting Software from the Inside Out (Infosecurity Magazine) We must focus on a preemptive diagnosis and cure designed to eliminate the opportunity for problems both today and in the future.

Research and Development

China’s Quantum Net Advance Offers a Glimpse into the Future of Enterprise Security (Data Center Knowledge) Chinese companies actively productizing quantum key distribution, which pushes communications security to a new level

Electronic camouflage will be the new war paint, says Marine intel official (C4ISRNET) With advanced sensing equipment, physical camouflage is no longer sufficient against future threats, says an intel official.

What Triggers HTTPS Chrome Browser Warnings? (Threatpost) Researchers combed through 2,000 Chrome error reports to better classify HTTPS error warnings.

Academia

Navy hosting hackathon at MIT to attract tech-savvy millennials (Metro US) The Navy needs tech experts to protect the country against cyber attacks, so MIT is hosting the event.

Cybersecurity Becomes a Career Choice (InformationWeek) Young people can't ignore the news. Data breaches are everywhere and they're beginning to realize that it's up to them to keep our personal and national information private.

Legislation, Policy and Regulation

‘Cyber Defense Is Very Much About Political Decisions’ (Defense One) When European defense ministers played a tabletop cyber defense exercise, things got hard very quickly.

China’s security boss wants AI to ‘predict and prevent’ terrorism (South China Morning Post) Artificial intelligence can complete tasks with a ‘precision and speed unmatchable by humans’, official says

At U.N., Leaders Tell Tech Industry to Do More to Fight Terrorism (Foreign Policy) Online radicalization drives calls for a tougher crackdown on propaganda and encrypted messages.

Thoughts on Facebook’s 9 plans to curb election interference (TechCrunch) Election meddling is Facebook's next adversary, and it's got a plan to attack it just like it did with fake news. Solutions to both these scourges come too..

DoD to bring more employees with ‘critical positions’ under continuous evaluation (FederalNewsRadio.com) Daniel Payne, the director of the Defense Security Services, said the continuous evaluation program will have 1 million employees by 2018.

IoT introducing new cyber risks, redrawing federal CISO role (FederalNewsRadio.com) Amid the "chaos and complexity" of the Internet of Things are basic cybersecurity rules agencies can follow to secure devices but not suffocate innovation.

Litigation, Investigation, and Enforcement

Facebook and Twitter play bigger role in Congressional election-hacking probe (TechCrunch) As Congressional investigations into Russia's role in manipulating the election for U.S. president deepens, tech companies are assuming a more central role in..

Skadden in DOJ's Sights Over Manafort Work: Report (New York Law Journal) The New York Times reported that the Department of Justice wants files related to Trump campaign manager Paul Manafort's work in Ukraine.

Another court tells police: Want to use a stingray? Get a warrant (Ars Technica) DC Court of Appeals: Even if you know the police can track you doesn’t mean they should.

Trader Accused of Running Bitcoin Ponzi Scheme (New York Law Journal) A Brooklyn-based trader was charged with securities violations Thursday for allegedly running a bitcoin Ponzi scheme, the U.S. Commodity Futures Trading Comm...

“Admin from Hell” holds company to ransom with porn makeover (Naked Security) The IT admin demanded $10,000, when he didn’t get it things got X-rated

An Alleged Ethereum Hacker Gave Back $3 Million And Nobody Knows Why (Motherboard) This is unheard of.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, Oct 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

upcoming Events

Connect Security World (Marseille, France, Sep 25 2017 - Sep 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, Sep 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, Sep 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, Sep 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

Enterprise Cyber Security Even (London, England, UK, Sep 28, 2017) Cyber-attacks are increasing in both frequency and sophistication. Whitehall Media’s leading-edge Enterprise Cyber Security conference brings together hundreds of thought leaders, practitioners, specialists and innovators who are building capabilities, resilience, capacity and responsiveness.

O'Reilly Velocity Conference (New York, New York, USA, Oct 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, Oct 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, Oct 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, Oct 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, Oct 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

CyberSecurity4Rail (Brussels, Belgium, Oct 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.

Infosecurity North America (Boston, Massachusetts, USA, Oct 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity Europe, Infosecurity North America will focus on bringing together the information security community and end users to discuss how to overcome the most pressing cybersecurity challenges today. The topics include malware, cloud security, governance, regulation and compliance, threats, professional development, application security and digital forensics.

Hacker Halted (Atlanta, Georgia, USA, Oct 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those chapters and applying them in our newfound digital age. In an age where war is waged over cables and microchips instead of battlefields, one challenge is defining what war is and when war should be declared. Boundaries are being eroded as the globalization of technology continues its march across our physical landscape. Come learn strategies for Cyber War: Hacker Halted 2017.

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue together to unlock our potential and use the opportunities ahead. CYBERSEC’s mission is to foster the building of a Europe-wide cybsersecurity system. Our goal is to create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

2017 ISSA International Conference (San Diego, California, USA, Oct 9 - 11, 2017) Each day, cyber threats become increasingly intricate and difficult to detect. Over the past year, we saw that with the rise of device connectivity came boundless opportunities for malicious hackers to attack device vulnerabilities. No cyber security professional can become an expert on these digital dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and as many as 900 of your colleagues and peers in San Diego as we discuss topics ranging from incident response to application security to business skills for the information security professional. Join us at the 2017 ISSA International Conference and we’ll help you navigate the Digital Danger Zone.

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, Oct 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity solutions from Maryland's cybersecurity providers. This event combines face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking with a keynote and a wrap-up luncheon.

Cyber at the Crossroads (Adelphi, Maryland, USA, Oct 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and current administrations, the U.S. military, industry, and academia for a discussion of the past, present, and future of the security of our nation’s cyber infrastructure.

ManuSec USA (Chicago, Illinois, USA, Oct 11 - 12, 2017) This series will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines.

CyberMaryland (Baltimore, Maryland, USA, Oct 11 - 12, 2017) Maryland is recognized as a cybersecurity leader - nationally and internationally. The state has developed cybersecurity experts, education and training programs, technology, products, systems and infrastructure. With over 10 million cyber hacks a day resulting in an annual worldwide cost of over $100 billion, the United States is at risk. Ensuring that our nation has the workforce, technology and resources to protect our citizens, businesses, infrastructure, intellectual property and more is of paramount importance. Maryland continues to be a leader on this front.

ISSA CISO Executive Forum: Payment Strategies: The Game Has Changed (San Diego, California, USA, Oct 11 - 12, 2017) From the water cooler to the boardroom, daily conversations discuss the most recent incursions, the staggering numbers, and speculation about the thieves’ next target. Recent attacks against Target, PF Chang’s, Michaels, and Sally Beauty Supply stealing millions of records are constant reminders of the daily struggle against hackers seeking to steal payment information. Hackers--including criminal organizations--are taking advantage of unprotected and poorly managed payment systems. As we know, an entire underground economy has sprung up to provide hackers with the tools needed to steal payment information. Organizations must implement a payment strategy to ensure the security and protection of payment systems and information. Users and consumers must be aware of the different payment strategies used to protect information.

National Information Security Conference (Glasgow, Scotland, UK, Oct 11 - 13, 2017) NISC is a highly focused cyber security event designed to encourage peer-to-peer collaboration and thought-leading discussions in a relaxed but professional environment. It provides the proven practices and strategies needed by any cyber security professional to protect their enterprise.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, Oct 12, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

Cyber Georgia 2017 (Augusta, Georgia, USA, Oct 12 - 13, 2017) Cyber Georgia 2017 will focus on convening industry, academia, and government to examine cyber threats and discuss how to better prepare for a cyberattack or denial of service in the hospital and public health arena.

Plan B Tech S3: Security Solutions Summit (National Harbor, Maryland, USA, Oct 13, 2017) Join Plan B Technologies, Inc. on Friday, the 13th of October for this highly anticipated half-day security seminar! Hear the latest cybersecurity research, stats, and insights from IDC Program Director of Security Products, Sean Pike. We will also have 2 Q&A panels with industry leaders and technology experts. Anyone who wants to avoid costly security scenarios should attend including IT engineers, executives and business owners.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

NEO hoax in Korea. EDGAR hack spooks markets, regulators. Equifax hackers were patient. FinFisher spread through ISPs. CCleaner backdoor seems targeted. GCHQ warns of worse than WannaCry.