The CyberWire Daily Briefing 9.26.17

Summary

By The CyberWire Staff

Equifax CEO and chairman Richard Smith retired this morning in an apparent gesture of atonement for the company's massive data breach. Paulino do Rego Barros Jr. has been appointed interim CEO; Mark Feidler will become non-executive chairman. Equifax continues to receive very harsh reviews for incident response as experts warn all to brace for a breach-enabled cybercrime wave.

Deloitte continues to be tight-lipped about its own breach. Reuters reports that the company says only six customers were affected, the information lost was relatively minor, and the affected customers were informed in a timely fashion. Deloitte's websites and Twitter feeds haven't addressed the breach yet, as far as we can tell. "Engage in proactive messaging to the broader base of stakeholders and the public regarding what is known and not known, and what the organization is doing," figures into Deloitte's own advice on how to handle the strategic and reputational risk of a breach. If the breach really is restricted in scope, perhaps the number of stakeholders are sufficiently limited that quiet and private communication is the appropriate approach; there may indeed be good reason for holding information close. Some observers think it possible the breach may be more widespread and consequential in its effects, but it's still too early to tell.

Germany's Sunday elections returned Chancellor Merkel to office with a different coalition and without much evidence of Russian influence. More information on the influence operations in the 2016 US elections is out, however: division and discord seemed Moscow's goal.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, Democratic Peoples Republic of Korea, United Nations, Russia, Saudi Arabia, Syria, United Kingdom, and United States.

Compliance risk can be a business killer.

Regulations, laws, and the standards of care that follow them are shifting rapidly, struggling to keep up with new technologies and a continually changing threat landscape. In this increasingly complex environment, how can organizations manage risk systematically and effectively? Learn more about how organizations are achieving situational awareness, while automating the labor-intensive tasks associated with managing IT risk and compliance.

On the Podcast

In today's podcast we talk with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan talks our host out of his skepticism of password managers. Our guest is Stephen Moore from Exabeam, who discusses how to approach post-breach cleanup.

You'll also want to check out Recorded Future's latest podcast, produced in partnership with the CyberWire. Levi Gundert explains why it's worth understanding your adversaries' tactics, techniques, and procedures.

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, October 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, October 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Deloitte hacked, says 'very few' clients affected (Reuters) Global accounting firm Deloitte [DLTE.UL] said on Monday it was the victim of a cyber attack that affected the data of a small number of clients, providing few details on the breach.

Source: Deloitte Breach Affected All Company Email, Admin Accounts (KrebsOnSecurity) Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today.

Deloitte left red-faced by hacking of client details (Times) A hacker infiltrated Deloitte’s email system and accessed confidential information associated with several of its clients, it has emerged. The professional services firm admitted to the cyberattack...

Industry reactions to the Deloitte cyber attack (Help Net Security) Deloitte has been targeted in an attack that compromised the emails and plans of some of its clients. Here's insight from infosec industry executives.

Equifax CEO Richard Smith steps down after massive data breach (Los Angeles Times) Equifax announced Tuesday that its CEO, Richard Smith, has retired. It's the latest fallout of a breach that exposed the Social Security numbers and birth dates of up to 143 million people.

Equifax CEO Richard Smith has ‘retired’ following huge data breach (TechCrunch) Just over a week after Equifax's chief security officer and chief information officer "retired," the bungling company's CEO has made the same move after a..

Thank Equifax for that fake new mortgage on your house, stolen tax refund (McClatchy DC) Massive hack of credit bureau could lead to years of headaches for consumers who lost personal data. But could it also lead to better protection?

Cybercrime wake-up call (Albuquerque Journal) Cybersecurity experts say the massive breach of credit-reporting company Equifax Inc.’s data systems may be a needed wake-up call to galvanize business and government into much more aggressive action to protect online data in today’s hyperconnected cyber world.

Can a Phoenix of Accountability Emerge from the Ashes of Equifax breach (Cyberdb) Equifax breach exposed data of approximately 143 million people and raises public concerns over accountability

Questions emerge about Equifax, SEC breaches (FederalNewsRadio.com) The two entities learned of the breaches eventually, but they didn't rush to sound the alarm and notify government watchdogs or the public.

Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities (Threatpost | The first stop for security news) IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk.

Apple's macOS High Sierra will launch with a major security hole (ZDNet) The vulnerability lets an attacker steal the contents of a Keychain — without needing a password.

Russian hackers exploited a Google flaw — and Google won't fix it (Salon) Hacker team "Fancy Bear" used a Google security flaw to attack journalists, and the tech giant has done nothing

Russian operatives used Facebook ads to exploit America’s racial and religious divisions (Washington Post) A sophisticated influence campaign tried to employ such things as Black Lives Matter and wariness of Muslims as wedges.

What, Exactly, Were Russians Trying to Do With Those Facebook Ads? (The Atlantic) From what we know now, it was too small to seriously influence the election, but too big to be an afterthought.

Nuclear war isn't North Korea's only threat (CNN) The country has invested heavily in cyberattack operations to target Western countries and South Korea, Eric O'Neill says.

North Korea Bypassing International Sanctions with Bitcoin Mining (Bitcoinist.com) New reports are suggesting that the North Korean government is using the digital currency Bitcoin in order to bypass sanctions.

Tech support scam used to run cryptocurrency miner in Chrome, IE (iTWire) Researchers at security firm Trend Micro say they have discovered a new campaign that aims to implant a cryptocurrency miner when users visit infected...

How ISIS Is Transforming (Foreign Affairs) ISIS is transforming from an insurgent organization with a fixed headquarters to a clandestine global terrorist network.

Gov’t Actions, Not Religion, ‘Tipping Point’ for African Youths Joining Violent Extremism (IPS) Government action, rather than religious ideology, is a stronger predictor for radicalization in Africa, according to a two-year landmark study by the United Nations Development Programme (UNDP).

Threat Spotlight: Defray Ransomware Hits Healthcare and Education (Cylance) Defray is a sophisticated, high-price ransomware attack aimed at very specific victims in the Healthcare and Education sectors.

XPCTRA Malware Steals Banking and Digital Wallet User's Credentials (SANS Internet Storm Center) While hunting some phishing emails these days, I came across a malware campaign similar to EngineBox, a banker capable of stealing user credentials from multiple banks

The software flaw that could beam out passwords by DNS (Naked Security) iTerm2 was trying to be helpful.

Avast admits more errors in CCleaner malware analysis (ITWire) Czech cyber security company Avast has had to backtrack again on information that it has released so far about the compromise of CCleaner, a Windows u...

Wordfence names hacker who targeted WordPress plugins (Enterprise Times) Wordfence lists nine WordPress plugins used by Mason Soiza to distribute spam for services such as payday loans and gambling sites.

Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites (Wordfence) Note: This post is the first part of a series. The series has a second detailed follow-up which discusses the identity of the person behind the Display Widgets plugin spam. Then there is a third in the series which explains how the same spammer influenced a total of 9 plugins over 4.5 years. If you have …

Android unlock patterns are a boon for shoulder surfing attackers (Help Net Security) The "swiping" unlock patterns typical for Android devices are considerably easier for shoulder surging attackers to discern than PIN combinations.

The Man Behind Plugin Spam: Mason Soiza (Wordfence) This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a …

UK Police: Buying Fake Goods Online Can Lead to ID Theft (Infosecurity Magazine) UK Police: Buying Fake Goods Online Can Lead to ID Theft. City of London Police says over 4,000 sites were created using stolen IDs

No, Facebook spies aren’t secretly “following me”, it’s a hoax (Naked Security) Typing “Facebook security” into your block list won’t reveal their names

TV broadcasts in California interrupted to show "end of the world" alert (HackRead) Gear up for Armageddon- Strange Warning Messages Startled TV Viewers in Orange County. Television viewers across the Orange County area were in for a surpr

Security Patches, Mitigations, and Software Updates

Joomla 3.8 fixes serious LDAP authentication issue, update now (Naked Security) The bug allows the extraction of an affected site’s credentials “in seconds”

Oracle Releases Patches for Exploited Apache Struts Flaw (Security Week) Oracle has released patches for many of its products to address several vulnerabilities in the Apache Struts 2 framework, including one that has been exploited in the wild for the past few weeks.

7 things to know before upgrading to MacOS High Sierra (CNET) The latest version of MacOS changes some of the operating system's underlying plumbing, but it's more evolutionary than revolutionary by design.

Apple iOS 11 Starts Causing Problems (Forbes) Apple AAPL -0.88% iOS 11 is packed full of features (including many secret ones), but following reports of several bugs my Upgrade Guide advised iPhone users in particular should hold off updating.

Cyber Trends

McAfee Labs Threat Report (McAfee Labs) I don’t WannaCry no more. Threat hunting like a pro. The rise of script-based malware

2017 Public Sector Cyber Risk Management Report (Telos) This report details the findings of a survey conducted at the Amazon Web Services (AWS) Public Sector Summit in June 2017. Data from the survey reveals strong support for the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

Three out of four DDoS attacks target multiple vectors (Help Net Security) Three out of every four DDoS attacks employed blended, multi-vector approaches in the second quarter of 2017, according to Nexusguard. Distribution of DDoS

Sophisticated threats? It's usually the basic ones that get you (Help Net Security) Why are so many companies still facing the same security challenges? For one thing, it’s hard that security had to come at the expense of usability.

All of us are sitting on a ticking time bomb called the internet (The Economic Times) The vulnerability of our cyber systems is a ticking time bomb. It can explode anytime, anywhere. Even in your hands, as your smartphone too is on target.

Marketplace

Improving cybersecurity governance in the boardroom (CSO Online) To tackle increasing data threats, companies need to put cybersecurity at the very heart of the business.

Eugene Kaspersky and his Russian-ness (Financial Review) Eugene Kaspersky comes across as a cheeky, clever person, but his Russian-ness has spooked the Americans.

BlackBerry may be sitting on a $1.6 billion war chest. Here’s what it could do with it (Financial Post) Analysts believe that BlackBerry may make acquisitions of companies to strengthen its business in three areas

MACH37 Announces the Fall 2017 Class of Cybersecurity Startups (GlobeNewswire News Room) MACH37 announces 6 startups participating in its Fall program

root9b Holdings, Inc. Announces Incremental Funding, Foreclosure Status and Nasdaq Notice (PRNewswire) root9B Holdings, Inc. (Nasdaq: RTNB) ("RTNB" or the...

CISOs Select Verodin as Winner of Security Current's Security Shark Tank® Chicago (http://www.prnewswire.com/news-releases/cisos-select-verodin-as-winner-of-security-currents-security-shark-tank-chicago-300525730.html) Security Current, the premier information and collaboration community...

Products, Services, and Solutions

FireEye Endpoint Security (HX) 4.0 – Bringing Advanced Protection to Endpoints (FireEye) A constant concern about Endpoint Protection Platforms (EPP) is that they miss a number of threats, forcing organizations to spend an exorbitant amount of time trying to find and clean up damage.

ThreatQuotient and Flashpoint Partner to Increase Data Enrichment (ThreatQuotient) The custom integration of the ThreatQ™ threat intelligence platform with Flashpoint API v4 will provide incident responders and defenders with a central...

Duo Security Two-Factor Authentication Extends Security Options to Microsoft Azure Active Directory (Duo Security) Accompanying study shows majority of Duo customers prioritize securing Microsoft Office 365

Singapore government awards multi-million-dollar contract for DDoS mitigation services (Open Gov) The companies include telcos Singtel, Starhub and BT, as well as Singapore- based technology companies CHJ Technologies, Evvo Labs and Embrio Enterprises.

Digital Shadows Offers Splunk Customers a Splunk-Certified App to Help Manage their Digital Risks (Digital Shadows) Integrating Digital Shadows SearchLight™ with Splunk Enterprise enables organizations to monitor, manage, and timely mitigate incidents in their broader cybersecurity deployment

Xton Technologies Declares a New Era for Privileged Account Management (PRNewswire) Xton Technologies today announced the release of the XT Access Manager...

CIS Controls Foundational Best Practices Could Have Prevented The Equifax® And Other High-Profile Breaches (Business Insider) Equifax has acknowledged their recent "cybersecurity incident" occurred due to the exploitation of a known vulnerability that had been identified in March 2017 in Apache®'s software called "Struts."

VyprVPN: Golden Frog's VPN delivers high-performance, anonymity, and flexibility (ZDNet) I've been using Golden Frog's premium-priced virtual private network service exclusively for six months to see how it performs in the real world. Here's what I've learned.

Insight Engines Announces General Availability of Cyber Security Investigator (BusinessWire) Insight Engines today announced general availability of Insight Engines Cyber Security Investigator (CSI) for Splunk.

M1 unveils new service to detect and deal with mobile malware (Channel News Asia) Local telecom operator M1 on Monday (Sep 25) unveiled a new service to help smartphone users protect their devices against malware.

Flashpoint Digs Into Dark Web With Security Intelligence API (eWEEK) Security intelligence startup Flashpoint updates its API to provide organizations with more insight into the hidden areas of the internet.

Technologies, Techniques, and Standards

Why Your Business Must Care about Privacy (Dark Reading) It might not have something to hide, but it definitely has something to protect.

FBI's Freese Shares Risk Management Tips (Dark Reading) Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.

TTPs From A Through Z With Levi Gundert (Recorded Future) The more you know about your adversary, their motivations, methods, and capabilities, the better advantage you’ll have when it’s time to defend yourself.

Firms look to security analytics to keep pace with cyber threats (ComputerWeekly) Traditional approaches to cyber security no longer enable organisations to keep up with cyber threats, but security analytics is an increasingly popular addition to the cyber arsenal.

Blockchains are the wrong solution to data security problems, says MaidSafe (Computing) 'Blockchains are terrible as a mass storage containers, so data still needs to be stored somewhere else'

Cryptography and the Reduced Need for a Centralized Authority (LeapRate) The following guest post is courtesy of Adinah Brown, content manager at Leverate. Do you have an idea for a guest post? Want...

ISA99 initiates 2 new working groups –Level 0,1 devices and IIOT (Control Global) ISA99 initiates 2 new working groups –Level 0,1 devices and IIOT.

Total Recall – Better Security for Your Network (Infosecurity Magazine) Without a level of historical insight, it is impossible to build a complete security posture.

Design and Innovation

An Ambitious Plan to Stop DDoS for Good Has Its Limits (WIRED) Cloudflare's unlimited DDoS protection should help the internet, but its broader ambitions of killing off DDoS for good are more nebulous.

Research and Development

DOE Taps Guardtime, Siemens to Help Develop Blockchain Tech for Energy Grid Security (ExecutiveBiz) Guardtime and Siemens are part of a team that received a multimillion dollar contract from the Energy Department to develop a blockchain-based technology platform that will work to help secure U.S. energy grid from emerging cyber threats. Both companies will also work with DOE’s Pacific Northwest National Labs, Washington State University, Tennessee Valley Authority and the Defense Department‘s Homeland Defense...

Academia

Like Sputnik, Cyber Attacks Demand a New Approach to Education (Defense One) Network breaches should spur a new focus on STEM — and ethics.

Learnings from the CAT (Infosecurity Magazine) The Center of Applied Technology South (CAT South) is a trade school located in Maryland, and it is home to a number of courses.

Northeastern University and IBM partnership first to turn digital badges into academic credentials for learners worldwide (News@Northeastern) Northeastern University and IBM have established a strategic learning collaboration to integrate the company’s in-house education programs with the university’s academic credentials.

Legislation, Policy and Regulation

Shrinking Anonymity in Chinese Cyberspace (Lawfare) Four new Chinese cyber regulations signal that President Xi Jinping is strengthening China's system of cyber governance and expanding the legal framework for data control.

Why We Must Not Build Automated Weapons of War (Time) The world must keep 'killer robots' from forever changing how we fight

Should the U.S. Require Companies to Report Breaches? (Fox Business) There are two things we can count on in the wake of the Equifax breach, already credited with exposing a majority of American adults to the possibility of identity theft. The first is that more and potentially worse breaches are in our future. The second is that companies will need to be prodded toward smarter cybersecurity practices and faster reporting of breaches.

Is the NSA Doing More Harm Than Good in Not Disclosing Exploits? (Foreign Policy) Inside the complicated national security calculus behind disclosing zero-day vulnerabilities.

Saudi Arabia strives to improve its cyber-readiness: Potomac assessment (SC Media UK) Saudi Arabia is taking significant steps to achieve cyber-readiness, but is being restrained by shortages of appropriately skilled Saudi-labour.

Litigation, Investigation, and Enforcement

China's cyber watchdog imposes top fines on tech firms over censorship (Reuters) China's cyber watchdog has handed down maximum penalties to several of the country's top tech firms, including Tencent Holdings Ltd (0700.HK), Baidu Inc (BIDU.O) and Weibo Corp (WB.O), for failing to properly censor online content.

Anthony Weiner Gets 21 Months in Prison for Sexting With Teenager (New York Times) The sentencing was the latest chapter in the long and tortuous downfall of the former New York congressman who sent lewd text messages to a 15-year-old girl.

Canada recognizes Chelsea Manning as a traitor, won’t let her into the country (Military Times) Chelsea Manning has been denied entry to Canada, according to a letter she recently posted to Twitter.

Former Trump adviser Roger Stone set to testify Tuesday at House Intelligence Committee (Washington Examiner) The appearance before the committee, however, could set up a showdown of sorts that Stone has been itching for.

House Republican demands details on Trump aides' use of private email (POLITICO) The request comes after POLITICO revealed that Jared Kushner used a private email account for White House business.

Activist Who Refused to Give Police Passwords Convicted Under Anti-Terror Laws (Infosecurity Magazine) Activist Who Refused to Give Police Passwords Convicted Under Anti-Terror Laws. Muhammad Rabbani said he was protecting legally privileged material

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Global Launch of Cyber Security Awareness Month (Washington, DC, USA, October 3, 2017) For the first time, in honor of Cyber Security Awareness Month (CSAM) – internationally renowned government and industry experts will explore major cybersecurity issues during a daylong event.

upcoming Events

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, October 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, October 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Cyber Security Chicago (Chicago, Illinois, US, October 18 - 19, 2017) Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Hear from industry experts on how you can build stronger defenses against cyber-attacks & how to recover if your systems are breached.

QuBit Conference Belgrade 2017 (Belgrade, Serbia, October 18 - 19, 2017) A Cyber Security Community Event in the SEE Region. QuBit Conference is a cyber security event gathering all levels of security professionals, industry experts, academics and government officials. QuBit offers the unique opportunity to gain valuable insight into multiple facets and aspects of ever-expanding crucial fields in cyber security. The main aim is to create a community spirit providing space for knowledge sharing. Belgrade is the “home” city of many global IT companies, one of the most important information technology centers in Southeast Europe with strong growth.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Deloitte breach update. Equifax CEO resigns. Russian influence operations.