The CyberWire Daily Briefing 9.25.17

Summary

By The CyberWire Staff

The Guardian reports the Deloitte has been hacked. The firm was compromised through an admin account in October or November last year, and discovered the breach in March 2017. Investigation is "ongoing;" its Azure account is thought to have been compromised, but Deloitte is being tight-lipped, saying only that "few" clients' information (including emails) was exposed.

Avast thinks the backdoor insinuated into its CCleaner security software was probably put there by Chinese intelligence services. Kaspersky and other companies looking into the incident attribute the hack to APT17 (a.k.a. DeputyDog), and they also see a tie to the cyberespionage group Axiom. Novetta regards Axiom as an umbrella organization engaged in coordinating espionage on behalf of the the Chinese government.

ESET's look at the spread of FinFisher spyware has concluded that major Internet service providers in affected countries were "complicit" in spreading the lawful intercept product into targeted devices. ESET declines to name the countries where they observed this campaign, citing concerns for the safety as grounds for its reticence.

Another Amazon Web Services S3 bucket has been exposed to public access. This one was a fumble at Verizon; it left server configurations and other sensitive information hanging out on the Internet.

More cyber extortion waves continue. One of the more notable is a large spam campaign distributing Locky.

As observers goggle with continued astonishment at Equifax's handling of its breach, some look to Belgium for an alternative model of credit reporting that presumably handles consumer data in a more consumer-friendly fashion.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Belgium, China, European Union, Germany, Iran, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States

Compliance risk can be a business killer.

Regulations, laws, and the standards of care that follow them are shifting rapidly, struggling to keep up with new technologies and a continually changing threat landscape. In this increasingly complex environment, how can organizations manage risk systematically and effectively? Learn more about how organizations are achieving situational awareness, while automating the labor-intensive tasks associated with managing IT risk and compliance.

On the Podcast

In today's podcast we speak with our partners at Booz Allen Hamilton, as Chris Poulin discusses vulnerabilities in connected cars.

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, October 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, October 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Deloitte hit by cyber-attack revealing clients’ secret emails (Guardian) Exclusive: hackers may have accessed usernames, passwords and personal details of top accountancy firm’s blue-chip clients

Breaking nuclear deal could bring hacking onslaught from Iran (POLITICO) “They’re plenty good enough to cause a lot of difficulty,” said one cyber expert.

Nuclear war isn't North Korea's only threat (CNN) The country has invested heavily in cyberattack operations to target Western countries and South Korea, Eric O'Neill says.

Researchers Link CCleaner Hack to Cyberespionage Group (Motherboard) Experts believe a state-sponsored hacker was behind the attack, which affected 2.2 million people.

CCleaner malware may be from Chinese group: Avast (iTWire) Security company Avast says it has found similarities between the code injected into CCleaner and the APT17/Aurora malware created by a Chinese advanc...

This Google, Microsoft, Samsung-Targeting 'CCleaner' Attack Sets an Insidious Trend (Fortune) Hackers have learned to compromise software supply chains.

Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds (Register) Dictators' favourite spyware is working at the top, says report

Passwords to Over a Half Million Car Tracking Devices Leaked Online (Gizmodo) We’ve seen a lot of data breaches this year: some big, some small, some that are dangerous, and some that are just embarrassing. But if we were to name one as the creepiest data breach of 2017, this leak of logins for car tracking devices might take the cake.

Another Verizon leak exposed confidential data on internal systems (ZDNet) Dozens of documents reveal detailed maps and configurations of internal Verizon servers.

Chris Vickery on Amazon S3 Data Leaks (Threatpost) Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks.

Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table (BleepingComputer) A new bootlocker ransomware called RedBoot will encrypt files on the computer, replace the MBR, or Master Boot Record, of the system drive and then appears to trash the partition table.

Multiple Spam Waves Detected Pushing New Locky Ransomware Version (BleepingComputer) Reports are coming in from multiple security researchers and security firms about increased activity from one of the groups spreading the Locky ransomware.

Remotely locked Apple devices hit by ransomware (CRN Australia) Most likely using stolen iCloud credentials.

Fair Ransomware Protocol using Bitcoin (Qiita) Ransomware is one of the malicious programs (malware), which encrypts victim's data and requests money such as Bitcoins as ransom for decrypting the data stored in their computer.

DDoS Extortion Group Sends Ransom Demand to Thousands of Companies (BleepingComputer) A group of DDoS extortionists using the name of Phantom Squad has sent out a massive spam wave to thousands of companies all over the globe, threating DDoS attacks on September 30, if victims do not pay a ransom demand.

Massive Wave of Ransom DDoS Threats Sweeps Globe (Infosecurity Magazine) A group calling themselves the Phantom Squad is threatening thousands of companies with DDoS if they don’t pay a ransom.

Popular Android Keyboard App Caught Collecting User Data, Running External Code (BleepingComputer) GO Keyboard, an insanely popular custom keyboard app for the Android OS, also available on the official Google Play Store, was caught collecting user data and downloading and running code from a third-party server.

Users plagued by iOS app security issues, according to new research (SearchSecurity) New research shows a variety of iOS app security issues are plaguing users. Plus, CCleaner malware is worse than expected, and more.

Google Project Zero Finds 17 Bugs in Safari, Far More Than Other Browsers (NDTV Gadgets360.com) Google's security team Project Zero has open sourced an automated testing tool called Domato which they have been using to find dozens of security bugs in popular Web browsers.

Microsoft finds a security flaw in Chrome and gets $7,500 as a prize (Windows Latest) Microsoft Offensive Security Team has discovered a security flaw in Chrome browser. Google Chrome has been reported to most resilient against attacks whereas Microsoft Edge was the most hacked browser at Pwn2Own 2017. Nothing is perfect and neither is Google Chrome...

Coinhive Is Rapidly Becoming a Favorite Tool Among Malware Devs (BleepingComputer) Coinhive is quickly becoming the Martin Shkreli of the Internet, going from an innovative tool that lets you mine Monero with your browser, to a technology abused by hoards of malware authors.

OptionsBleed – The Apache HTTP Server Now Bleeds (TrendLabs Security Intelligence Blog) A new vulnerability in the Apache HTTP server was found recently. Designated as CVE-2017-9798, this vulnerability lies in how Apache handles certain settings in its configuration files, resulting in memory leaks.

On the prevalence of cross-site scripting (XSS) attacks in modern web applications (Quelques digressions sous GPL...) As I attended AppSec USA in Orlando, a lot of discussions revolved around the OWASP Top 10. Setting the drama aside for a moment, there is an interesting discussion to be had on the most common vulnerabilities found in current web applications.

Linux Trojan Using Hacked IoT Devices to Send Spam Emails (The Hacker News) New Linux Trojan Using Hacked Internet of the Things (IoT) Devices to Send Spam Emails

Private, But Not Secure: HTTPS is Hiding Cybercrime (Security Week) Encrypted communications have boomed in popularity in the aftermath of the Snowden leaks in 2013, which has ironically opened up a new pathway for cybercriminals.

Spoofed IRS notice delivers RAT through link updating trick (Help Net Security) The malware delivery trick involving updating links in Word documents is apparently gaining some traction as a spoofed IRS notice delivers RAT malware.

All the Ways Equifax Epically Bungled Its Breach Response (WIRED) The Equifax breach that potentially exposed the personal information of 143 million people was bad. The company's response has almost been worse, if that's even possible.

Equifax or Equiphish? (KrebsOnSecurity) More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer.

Credit agency Experian says it can protect you from the 'dark Web' — sort of (Los Angeles Times) Credit agencies spook people into buying services they may not need and, in so doing, give the companies permission to share data with marketers.

When Ripples Become Waves: The Equifax Cybersecurity Incident (JD Supra) Since September 7, 2017, Equifax, one of three credit rating agencies in the United States, has been dealing with the fallout from one of the largest...

Reflecting on The Equifax Hack: 143 Million Breached Identities (Bloom) Today, news broke that an Equifax security breach exposed 143 million people to identity theft.

Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse (Threatpost) Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its PSIRT blog.

How 'the invisible network' poses a major security threat (BBC News) Many firms have no idea how many devices are connected to their networks - a major cyber-security risk.

The democratization of censorship: when anyone can kill as site as effectively as a government can #1yrago (Mostly signs (some portents)) On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I’d just interviewed him on stage in London), and I said, “I think the most...

Sir Martin Sorrell on the WPP cyber attack: ‘I’ve had worse weeks’ (The Drum) As summer was taking hold at the end of June, so too did one of the great modern threats in the digital age, with a global cyber attack bringing some of the world’s largest organisations to their knees.

Cyber attack ruled out as Sydney Airport attempts to clear chaos (ABC News) Authorities are expecting a backlog of delayed flights at Sydney Airport to clear this evening after a computer glitch forced the cancellation of dozens of flights earlier in the day.

Security Patches, Mitigations, and Software Updates

Verizon Releases BlueBorne Patch For The Galaxy Note Edge (Android Headlines) Verizon is now rolling out an update to the Samsung Galaxy Note Edge that fixes the BlueBorne vulnerability.

Cyber Trends

CPU Mining is Making a Comeback (But Only on Botnets) (CryptoCoinsNews) CPU mining malware increased sixfold during the first eight months of 2017, according to a new report from IBM X-Force.

Cyber-terrorism, Cyber-Crime and Data Protection (ICT) The Honorable Giulio Terzi, Former Minister of Foreign Affairs, Italy, remarks from ICTs 17th World Summit on Counter-Terrorism: Keynote address on Cyber-terrorism, Cyber-crime and Data Protection.

Asset managers must beef up cyber security defences (Financial Times) Hacks at the SEC and Equifax highlight the need for extra vigilance, writes Aliya Ram

Criminal hacking: Top technology risk to health, safety and prosperity (Help Net Security) Criminal hacking, outranks other significant hazards, including climate change, nuclear power, hazardous waste, and government surveillance.

Marketplace

Utilities Will Spend Billions On Cybersecurity As Threat Grows (Forbes) The National Institute of Standards and Technology released a report in February identifying products available to enhance the electric grid’s cybersecurity.

GDPR is coming: Is it a costly burden or marketing opportunity? (SiliconANGLE) The financial penalties for non-compliance are significant.

How Belgium deals with credit without Equifax, Experian, and TransUnion (Yahoo! Finance) Belgium has a different system of credit reporting that uses a public registry instead of private credit companies like Equifax, Experian, and TransUnion.

Some tips for cyber security vendors looking to expand into Germany (Acumin) For many cyber security vendors who are looking to expand their operation across EMEA, Germany is a prime location in which to start.

Bringing data security to startups starts with relationships (Information Management) Finding allies in the business that support your direction will make every change going forward much easier to manage.

Microsoft Security stopped being an oxymoron with the acquisition of Hexadite (Computerworld) How Microsoft shifted from thinking security was someone else's job to making it a strategic part of their Windows platform.

Palo Alto vs. Check Point Software: Which Is the Better Cybersecurity Stock? (The Motley Fool) Pitting a fast-growing, volatile cybersecurity stock against a steady, conservative player.

The feds shouldn't blackball Kaspersky without public evidence (TheHill) The cybersecurity firm has been accused of colluding with the Russian government.

Hacken: The First Decentralized Marketplace for White Hat Hackers (WireUpdate) Hacken, an innovative cryptocurrency platform focused on creating a cybersecurity ecosystem for hat hackers, has announced that the crowdsale for its HKN tokens will open to the public on October 12, 2017.

BAE continues fight for $300M CACI intell award -- Washington Technology (Washington Technology) BAE Systems has filed a fresh protest now that CACI International has won a $300 million Army intelligence contract for the second time.

HPE to cut 5000 jobs from global workforce: reports (CRN Australia) HPE Next restructuring to hit channel veterans.

Products, Services, and Solutions

Cloudflare CEO: DDoS Attacks Will Now Be ‘Something You Only Read About In The History Books’ (Motherboard) Starting today, Cloudflare is making protection against DDoS attacks free, regardless of how bad they are.

New infosec products of the week: September 22, 2017 (Help Net Security) Cyber-defense for critical infrastructure including factories, plants, utilities & hospitals NTT Security has launched IT/OT Integrated Security Services,

Queensland govt body one-ups cyber threats through Darktrace tech (IT Brief) “Anticipating and pre-empting every security risk is practically impossible in the face of ‘unknown unknowns’ and insider threats."

Playbook Fridays: Enriching Indicators with Shodan (ThreatConnect) ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.

AFSOC receives new anti-jam GPS receiver (C4ISRNET) Air Force Special Operations Command taken delivery of next-generation Digital GPS Anti-Jam Receiver (DIGAR) technology from manufacturer Rockwell Collins.

Wipe Files with No Backdoors - Jetico BCWipe Built on Supply-Chain Security (PR.com) This week’s news opened new concerns among the global community of privacy-minded users, as recent attacks have shown how software supply-chain security...

Kaspersky unveils ‘surveillance-proof’ phone (Taipei Times) For Russians who fear that someone might be eavesdropping on their telephone conversations, leading IT entrepreneur Natalya Kaspersky says she has a solution.

Spectrecoin, A Revolution in Blockchain Privacy Technology (PRWeb) Spectre aims to disrupt the status quo of the blockchain with strong cryptography and anonymous transactions.

KoolSpan and GO-Trust Announce Strategic Partnership (Financial News) KoolSpan, Inc., the provider of interoperable secure call and messaging solutions for mobile devices, and GO-Trust, a global provider of hardware based encryption solutions, has announced their strategic global partnership, and the General Availability of TrustCall microSD, the companies said.

Technologies, Techniques, and Standards

Cyber threat analysis in complex adaptive systems (Help Net Security) A cyber threat analysis methodology must be based on the reciprocal nature of hunting units and that their real-time support of higher-level analysts.

How to tell if your computer is secretly mining cryptocurrency, and what to do about it (Quartz) Ad-blockers can help.

Air Force launching 'shadow operations center' at Nellis AFB to drive MDC2 (InsideDefense.com) The Air Force is standing up a multidomain command-and-control experimentation center, dubbed the "shadow operations center" at Nellis Air Force Base, NV, to turn ideas gleaned from this year's Enterprise Capabilities Collaboration Team into operational realities.

How Machine Learning Stopped a Brute Force Attack (insideBIGDATA) In this special guest feature, Sekhar Sarukkai, Chief Scientist at Skyhigh Networks, discusses the power of machine learning and user behavior analytics in detecting and mitigating the effects of cyberattacks before financial loss occurs.

Design and Innovation

It’s time to kill the web (Mike’s blog) Something is going on. The people are unhappy. The spectre of civil unrest stalks our programming communities.

Blockchain and Cyber Security: the Equifax Episode (The Market Mogul) In sheer scale, the Equifax breach is small, impacting 143m people, when compared to other data breaches of the past year such as Yahoo’s 1bn user account violation.

Research and Development

The Dangers of the 'Brainternet' (Motherboard) Can you hack the Internet Of Brains?

Academia

Feds OK Purdue acquisition of Kaplan (Military Times) The federal government has given Purdue University the green light to continue with plans for its new online school.

Legislation, Policy and Regulation

The right path forward for Congress on cyber deterrence (Washington Examiner) The DOD would be far better served by following the Senate language to develop a cyber-deterrence policy.

Responsible vulnerability disclosure is becoming an international norm (Cyberscoop) More and more countries are joining the United States in adopting a policy of weighing the pros and cons of responsible vulnerability disclosure, as the public calls for more clarity regarding intelligence agencies and their supposed hoarding of previously undiscovered software flaws.

Identity protection is an overdue government mission (GCN) Governments across America now need a more robust approach to provide secure digital identities for their own operations and for the citizens they serve.

Langevin Reintroduces Breach Notification Legislation (Meritalk) Rep. Jim Langevin, D-R.I., reintroduced legislation this week that would require companies that experience a breach to notify affected individuals within 30 days of the breach’s discovery and that they coordinate with the Federal Trade Commission to do so.

Could Europe teach the U.S. a lesson about cyber security regulation? (NBC News) As America grapples with the Equifax breach, Europe is already taking steps to comply strict new rules designed to make sure something like this never happens.

ICOMG Wants The Government To Stay The Hell Away From Crypto (The Merkle) Recently, a friend of mine from the United States (the land of the free), wanted to participate in an ICO for a brand new coin. He had done all the research on the team, read the white paper, and ha

Opinion | Amid the Russia probes, Trump makes an important nomination (Washington Post) A dormant board overseeing intelligence is coming back to life.

Federal employees ordered to attend anti-leaking classes (ABC News) Employees at the Environmental Protection Agency are attending mandatory training sessions this week to reinforce their compliance with laws and rules against leaking classified or sensitive government information. It is part of a broader Trump administration order for anti-leaks training...

Information domain demands major force structure changes for Marines (Defense News) The Marine Corps is taking steps to build information warfare capabilities within its maneuver forces.

Litigation, Investigation, and Enforcement

Ahmed Hassan ‘bought Parsons Green Tube bomb ingredients on Amazon’ (Times) The Parsons Green bomb included ingredients allegedly purchased from Amazon and was packed with shrapnel including knives and screws to inflict maximum harm, a court heard. Ahmed Hassan, 18, an...

Man who planted virus in an Army computer program cost taxpayers millions (Army Times) A defense contractor was found guilty of transmitting malicious code that affected a program used to handle pay for nearly 200,000 soldiers.

Accused NSA leaker Reality Winner seeks release from jail (Atlanta Journal-Constitution) Reality Leigh Winner should be released from jail pending her trial in the National Security Agency...

Russia targeted election systems in 21 states, successfully hacking some (TechCrunch) On Friday, the Department of Homeland Security notified nearly half of the U.S. states that their election systems were targeted by Russia-affiliated hackers..

7 signs Robert Mueller's Russia investigation is getting serious (Washington Examiner) Here's why many legal experts say that some in President Trump's orbit should be worried.

Obama tried to give Zuckerberg a wake-up call over fake news on Facebook (Washington Post) The company’s investigation at first feared a Russian hack. It then uncovered a sweeping disinformation campaign brought by shadowy accounts.

Kushner used private email to conduct White House business (POLITICO) The senior adviser set up the account after the election. Other West Wing officials have also used private email accounts for official business.

House panel delays Kaspersky testimony (TheHill) Hearing addressing software produced by Russian cybersecurity firm postponed to later date.

Tracking phones without a warrant ruled unconstitutional (Naked Security) ‘Stingray use without a warrant violates 4th Amendment’

Darkweb counterfeiters taken down in Europol coordinated joint action (SC Media UK) Criminals selling counterfeit Euro banknotes on the Darknet arrested in a joint operation by seven EU Member States, coordinated by Europol.

Russia trying to block another suspected cybercriminal's extradition to US (Fifth Domain) The lawyer for an alleged Russian hacker said Friday that authorities in Moscow are fighting his extradition from Spain to the U.S., the third time in recent months that Russia has moved to block U.S. prosecution of suspected cybercriminals.

Peraton files suit against Raytheon (InsideDefense.com) Peraton, the company created through a spin-off of the Harris IT services business, has filed a lawsuit against Raytheon, alleging Raytheon breached its contract and miappropriated its trade secrets.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, October 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, October 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Cyber Security Chicago (Chicago, Illinois, US, October 18 - 19, 2017) Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Hear from industry experts on how you can build stronger defenses against cyber-attacks & how to recover if your systems are breached.

QuBit Conference Belgrade 2017 (Belgrade, Serbia, October 18 - 19, 2017) A Cyber Security Community Event in the SEE Region. QuBit Conference is a cyber security event gathering all levels of security professionals, industry experts, academics and government officials. QuBit offers the unique opportunity to gain valuable insight into multiple facets and aspects of ever-expanding crucial fields in cyber security. The main aim is to create a community spirit providing space for knowledge sharing. Belgrade is the “home” city of many global IT companies, one of the most important information technology centers in Southeast Europe with strong growth.

EDGE2017 Security Conference (Knoxville, Tennessee, USA, October 17 - 18, 2017) The EDGE2017 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2017 is where complex business security problems meet real-world solutions.

4th Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, October 17, 2017) This annual networking event highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships and build new ones. - See more at: https://thecyberwire.com/events/s/4th-annual-women-in-cyber-security-reception.html#sthash.u5bTN3tr.dpuf

DC CyberWeek (Washington, DC, USA, October 16 - 20, 2017) Join us October 16-20, 2017 for DC CyberWeek, a week-long festival in our nation's capital focused on bringing together cybersecurity experts, decision makers and leaders from the government and tech communities. DC CyberWeek is a series of hundreds of distributed events powered by the tech community and complemented by core conferences, parties and projects created by the festival organizer, CyberScoop. DC CyberWeek is about big ideas and coming together to make an impact on the greater good of our connected world.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.