The CyberWire Daily Briefing 9.27.17

Summary

By The CyberWire Staff

Deloitte continues to say little about its breach, maintaining its position that few clients were affected. Observers think the incident involved failure to use multifactor authentication on an admin account. (They also think early reports that Government organizations were affected seem to have been inaccurate.)

The US Securities and Exchange Commission told the Senate that, while it's "deeply concerned," no personal information was compromised. To most observers, that was never the concern—exposure of sensitive, material, corporate information was the issue.

IOActive took a look at the security of twenty-one popular mobile stock-trading apps and found them wanting: many didn't require two-factor authentication to access bank accounts, man-in-the-middle vulnerabilities were common, and some didn’t encrypt traffic.

The Dirty Cow Android vulnerability is being exploited in the wild.

Investigation of Russian influence operations in the US continues. The goal is by now clear: disruption, and erosion of such trust as sustains civil society. There are, Foreign Policy argues, signs that Russian information operations are shifting away from national targets and moving toward local governments, associations, religious groups, and "activists." This is nothing new, considered against the background of Russia's history with propaganda.

Retrospectives on WannaCry continue to attribute the ransomware or pseudoransomware to North Korean operators using tools allegedly stolen from NSA. In an information operational display, Sputnik News strongly connects those tools with the US agency, but passes over in silence how those tools were obtained and released. In influence operations, the important lies need a bodyguard of truth.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Russia, Syria, United Kingdom, and United States.

A note to our readers: SINET announced their annual SINET 16 winners yesterday, a select group of start-ups noted for their original, ground-breaking work in cybersecurity. They are (in alphabetical order): Centripetal Networks, Fireglass, Haystax Technology, Infosec Global, iProov, Menlo Security, PatternEx, Phantom, Prevoty, Protectwise, ThreatQuotient, Twistlock, vArmour, Verodin, Versive, and Virtru. The winners will be on display in November, in Washington, DC, at the SINET Showcase. Congratulations to all of them; we look forward to meeting them in DC.

Compliance risk can be a business killer.

Regulations, laws, and the standards of care that follow them are shifting rapidly, struggling to keep up with new technologies and a continually changing threat landscape. In this increasingly complex environment, how can organizations manage risk systematically and effectively? Learn more about how organizations are achieving situational awareness, while automating the labor-intensive tasks associated with managing IT risk and compliance.

On the Podcast

In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a bipartisan bill intended to improve IoT security. Our guest, Isaac Kohen from Teramind, talks about ways of detecting employees involved in radical political activities on company time (n.b. "on company time").

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, Sep 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, Oct 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, Oct 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russia’s Hybrid Warriors Got the White House. Now They’re Coming for America’s Town Halls. (Foreign Policy) Moscow knows that activists, religious groups, and NGOs are democracy’s soft underbelly.

Facebook knew about Russian meddling well before the US election (Engadget) Facebook knew about Russian election meddling in June, 2016 and Obama warned Mark Zuckerberg to take it more seriously.

Leaked Descriptions Of Infamous "Russia Ads" Derail Collusion Narrative "They Showed Support For Clinton" (ZeroHedge) “I think the American people should see a representative sample of these ads to see how cynical the Russians were using these ads to sow division within our society,”

The Latest: Homeland Security says Wisconsin was target (News Tribune) The U.S. Department of Homeland Security is reiterating that it believes 21 states were the target of Russian government hackers seeking vulnerabilities and access to the U.S. election infrastructure.

WannaCry ransomware explained: What it is, how it infects, and who was responsible (CSO Online) Stolen government hacking tools, unpatched Windows systems, and shadowy North Korean operatives made WannaCry a perfect ransomware storm.

WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens (Sputnik) A cybersecurity firm has announced hacking tools linked to the US National Security Agency are being exploited by cybercriminals.

Suspected mass-spoofing of ships’ GPS in the Black Sea (Naked Security) One ship’s navigation system reported that it was actually on land

IS hackers have 'poor coding skills' (BBC News) Three attack tools created by one large IS hacker collective were "garbage", the researcher said.

SEC chair: No PII leaked in breach, still ‘concerns me deeply’ (Fifth Domain) Senators pressed Clayton for details about the 2016 cyberattack on the SEC, which was just disclosed last week, as well as the massive Equifax breach that was disclosed earlier this month.

Here's the Latest About What the SEC Hackers Stole (Fortune) Sensitive information.

SEC's Cyber Breach Report Too Little, Too Late, Experts Say (Legaltech News) 'What a doozy!' said one expert of the breach disclosed by the SEC this week.

Deloitte breach! All you need to know (Teiss) Deloitte, one of the world's leading accountancy firms, was hit by a destructive cyber-attack in November last year that compromised secret client emails and other records.

Sensitive client emails, usernames, passwords exposed in Deloitte hack (Register) Oops, did someone forget to turn on 2FA?

Updated: Government Agencies Not Compromised in Deloitte Breach (Nextgov) The breach affected an email system that included information from several markets.

The great Deloitte dumpster fire… (Teiss) Deloitte have been caught out. Caught out not practising what they preach. Caught out not following the steps they preach to their many clients, they charge mega bucks from.

Exposure of your sensitive data isn’t a bug, it’s a feature (TechCrunch) Another day, another breach. Equifax, SEC, Deloitte and the next one is coming soon. Nothing surprising there anymore, not for customers, not for the breached..

Mobile stock trading apps ignore critical flaw warnings (ZDNet) IOActive discovered vulnerabilities in today's 21 most popular trading apps -- but the vendors couldn't care less.

Avast Publishes Full List of Companies Affected by CCleaner Second-Stage Malware (BleepingComputer) Earlier today, Avast published a full list of companies affected by the second-stage CCleaner malware, as part of its ongoing investigation into the CCleaner hack that took place last week.

Remote Wi-Fi Attack Backdoors iPhone 7 (Threatpost) Google’s Project Zero released an attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.

Password-theft 0-day imperils users of High Sierra and earlier macOS versions (Ars Technica) Rogue apps can exfiltrate all plaintext passwords, no master password required.

Dirty Cow vulnerability discovered in Android malware campaign for the first time (ZDNet) The bug has been found in malware designed to root and install backdoors into Android handsets.

Banking trojan has resurfaced on Google Play once more (WeLiveSecurity) Banking trojan has returned to Google Play in a more stealthier guise as cybercriminals target users once more as they seek to access private data.

XPCTRA financial malware leaves no stone unturned (Help Net Security) A Trojan that has previously been only stealing users' banking credentials has been modified to go after digital wallet credentials.

What's causing so many data breaches and leaks? 7% of all Amazon S3 servers exposed online (International Business Times UK) Experts reportedly uncovered that 35% of all S3 buckets were unencrypted, potentially leaving data under risk of exposure.

An Elaborate ATM Threat Crops Up: Network-based ATM Malware Attacks (TrendLabs Security Intelligence Blog) Infecting automated teller machines (ATMs) with malware is nothing new. It’s concerning, yes. But new? Not really.

Insteon and Wink home hubs appear to have a problem with encryption (Register) Which is to say neither do it

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards (KrebsOnSecurity) Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems.

Showtime's Web sites roped visitors' CPU into mining cryptocurrency (Help Net Security) Block JavaScript: if you don't, your computer's CPU power could be used to mine cryptocurrency without your knowledge or consent.

Now weaponised, ransomware is a grave threat (Techgoondu) Just as criminals are getting smarter, enterprises have to get up to speed to counter new ransomware threats.

Shocker? Companies still unprepared to deal with ransomware (Help Net Security) In many respects, ransomware is a game changer. Many organizations are alarmingly unprepared for the ransomware onslaught.

Security Patches, Mitigations, and Software Updates

WordPress 4.8.2 is out, update your website now (Naked Security) The first rule of running WordPress is always use the latest version

Signal Has a Fix for Apps' Contact-Leaking Problem (WIRED) The private messenger is testing an Intel-chip feature that could let apps check your phone's contact list—and then provably forget it.

Cyber Trends

How the Value Outweighs the Cost of Security (Security Intelligence) Regardless of a company's size, the value of building a strong security posture will always outweigh the cost of security.

Netwrix Releases In-Depth Report on IT Risks Faced by Organizations of Various Sizes, Verticals and Regions (Netwrix) The report details how organizations prepare themselves for cyber risks depending on their size, industry and region.

In cloud computing, more data loss on the horizon (Raytheon) By now, it's a familiar story: A company puts massive amounts of data on a remote cloud server – then someone finds a way in, gaining access to sensitive business documents or the personal information of millions of people.

Healthcare sector reports greatest number of security incidents (Help Net Security) While healthcare security incidents are most likely the result of accidental disclosures and human error, cyberattacks on the sector continue to increase.

Marketplace

Cyber insurance an untapped opportunity, can help companies fortify data: Dell EMC (Moneycontrol) The explosion of data created by consumer and business apps is creating hundreds of terabytes of data, resulting in what Dell EMC’s global pre-sales leader PK Gupta calls “data fog."

Chinese takeover of Imagination Technologies raises national security concerns (Teiss) An impending Chinese takeover of Imagination Technologies may put the UK's military and national security at risk, experts warn.

Blockchain & cryptocurrencies: gungho or hell no? (Memeburn) Blockchain and cryptocurrency were previously met with heaps of scepticism from the tech community. But it's now slowly becoming more mainstream.

Like It or Not: Public Companies Are Feeling the Crypto Mining Boom (CoinDesk) Public companies like AMD and Nvidia are benefiting from a surge in cryptocurrency mining, but analysts say they may not be ready to commit long-term.

CyberArk: Breaking The Barrier Of Stagnation (Seeking Alpha) CyberArk's recent sell-off still provides little bargain opportunities. Its capped TAM continues to tilt risk/reward against a pressurized upside. CyberArk is a

FireEye (FEYE) Looks Promising: Should You Buy the Stock? (NASDAQ.com) Shares of FireEye Inc. 's FEYE have been on the rise since it reported splendid second-quarter 2017 results. The indicators of a stock's bullish run include a rise in its share price and strong fundamentals.

Sky and Space signs Check Point for satellite cybersecurity (ZDNet) Check Point has been signed on to provide cybersecurity services for nano-satellite telecommunications provider Sky and Space Global's space and ground communication platforms.

OWL Cybersecurity Announces Name Change to DarkOwl (WebWire) OWL Cybersecurity, a Denver-based cybersecurity company offering the worlds largest commercially available database of darknet content, today announced it is changing its name to DarkOwl. The new name better reflects its focus on darknet expertise...

Is Arizona becoming a leader and innovator in cybersecurity? (AZ Big Media) Cybersecurity is one of the fastest growing industries in the nation. Find out how Arizona companies and leaders are engaging with this industry.

Fortinet's Genevieve White resigns as channel chief (CRN Australia) Security vendor now in recruitment mode.

Avecto Expands Executive Team with Robin Saitz as CMO and Andrew Avanessian as COO (PRWeb) Key Marketing and Operations appointments extend Avecto's leadership position in privilege management

JASK Names J.J. Guy as Chief Technology Officer to Further its Mission of Improving Efficiency of Security Operations Teams Through Artificial Intelligence (Marketwired) Carbon Black founding team member and U.S. intelligence veteran to lead AI-driven product vision; company to open new Austin, Texas office

Products, Services, and Solutions

SecurityFirst™ DataKeep™ Protecting Data from Creation to Deletion (SecurityFirstCorp.com) Cost-effective, scalable and transparent data-centric protection for companies of any size

Venafi Trust Protection Platform Achieves Common Criteria Certification September 26, 2017 (Venafi) The Venafi Trust Protection Platform manages and secures the cryptographic keys and digital certificates that make up machine identities, delivering an enterprise-grade platform that provides in-depth security, operational efficiency and organizational compliance.

Read/write access to NTFS in macOS Sierra - Paragon NTFS for Mac® 15 (Paragon Software) Fast, seamless, easy to use. Mount, unmount, verify, format, or set any of your Windows NTFS volumes as a startup drive.

Comodo launches IoT security platform (BetaNews) We all know we need to protect our computer systems when they're connected to the internet, but there’s generally less awareness of the threat posed by the latest generation of Internet of Things devices.

Splunk Brings Machine Learning to Mainstream With New Solutions at .conf2017 (Splunk) Turn data into answers with Splunk Enterprise 7.0, Splunk ITSI 3.0, Splunk UBA 4.0 and Splunk Cloud.

Microsoft looks to the cloud to expand its security offerings (TechCrunch) Ignite is Microsoft's main annual conference for bringing together its enterprise users and IT community. It's no surprise then that security is one of the..

ThreatQuotient and Flashpoint Partner to Increase Data Enrichment (ThreatQuotient) The custom integration of the ThreatQ™ threat intelligence platform with Flashpoint API v4 will provide incident responders and defenders with a central...

A smartphone made in Russia claims to be "surveillance-proof" (Futurism) The company that designed the phone is on the US blacklist for links with Russian intelligence.

SonicWall Releases A Slew Of New Products (Storage Reviews) Today SonicWall announced several new products and services aimed at accelerating speed thresholds for its Automated Real-Time Breach Detection and Prevention Platform across wired, wireless and mobile networks.

Array Networks Partners With Webroot to Enhance APV Series Application Delivery Controller With Web Classification (BusinessWire) Array Networks partners with Webroot to enhance its APV Series application delivery controllers (ADCs) with web classification capabilities.

Ixia First to Deliver End-to-End Visibility for All Leading Public Cloud Platforms (BusinessWire) Ixia First to Deliver End-to-End Visibility for All Leading Public Cloud Platforms with CloudLens

Trustonic underpins Korean national certification platform (Finextra Research) As the means of authentication become more diverse and the need for more convenient financial services grows, the Korean Accredited Certification Authority (Koscom SignKorea) is building a ‘United Authentication Platform’...

Splunk expands machine learning capabilities across platform (TechCrunch) Splunk has always been data central for IT operations info, but as the logs fill up with ever-increasing amounts of data, it has become impossible for humans..

LightEdge Solutions Acquires Cabela’s Omaha Data Center (Lightedge) LightEdge Solutions announced today it is buying Cabela’s existing, state-of-the-art Omaha data center retrofitting it to support LightEdge

Technologies, Techniques, and Standards

Subpar IP Decisioning Data Can Drive Risky Security Decisions (CSO Online) Cyber threats have driven companies to invest heavily in security data, technologies and services.

How Network Visibility Enables the Detection and Response Mission (Masergy) Network Visibility provides a complete network activity and metadata history which improves alert validation and effective response to infections.

Which security investments make a difference? (Help Net Security) The costly consequences businesses are suffering highlights the growing importance of strategically planning and closely monitoring security investments.

Vulnerability vs. risk: Knowing the difference improves security (CSO Online) Conflating security terms evokes fear but doesn't help security newbs understand the difference between vulnerabilities and actual risks.

Design and Innovation

Microsoft’s new coding language is made for quantum computers (Engadget) Microsoft has developed a language for quantum computers that don't exist yet.

New MIT Tool Automatically Rewrites Old Code for New Software (Motherboard) But take heart: It still requires human developers.

Caught In the Equifax Breach? Blockchain Startups Are Here to Help (HuffPost) The most significant data breach in United States history just occurred with the Equifax hack, exposing 143 Million Social Security Numbers and credit fi...

Academia

Lockheed Martin CEO donates $5 million to Culverhouse (The Crimson White) “Marillyn’s generosity to her alma mater will sustain and promote our rigorous data-science program, enabling us to give students critical skills that are in high-demand by industry and government.”

American Military University Continues Support of CyberPatriot (markets.businessinsider.com) The Air Force Association’s (AFA) CyberPatriot program announced today that American Military University (AMU) is continuing its support of the National Youth Cyber Education Program.

Call for Participation (Women in CyberSecurity) Submissions in all categories are now open throughout November 1st. Acceptance notifications will be sent December 1st.

Legislation, Policy and Regulation

The Global Commons is a Great Good (The Cipher Brief) "However, that is not without some responsibility and accountability for individuals and nation-states who operate there."

US And Russia Quietly End Diplomatic Tailspin (BuzzFeed) A behind-the-scenes effort by US and Russian diplomats may have preempted a new wave of tit-for-tat retaliations.

Facebook Is a Broadcaster: Let's Regulate It Like One (Fortune) The new TV monopolist.

Feds want foreign surveillance authority renewed (Fifth Domain) Intelligence and law enforcement officials across the government lobbied Congress Monday to let them conduct broad surveillance on foreign targets in coming years, saying it helps prevent terrorist and cyberattacks on the United States.

NSA targeted 106,000 foreigners in past year's surveillance program soon up for renewal (The Japan Times) The U.S. National Security Agency conducted targeted surveillance over the past year against 106,000 foreigners suspected of being involved in terrorism an

SEC chairman: 'We want and need' IT modernization fund Trump admin wants to eliminate (FederalNewsRadio.com) SEC Chairman Jay Clayton told senators the agency needs to keep its long-term IT modernization fund in order to defend against future cyber breaches.

Litigation, Investigation, and Enforcement

Skynet in China: Real-time spying on citizens (CSO Online) AI married to CCTV surveillance in China uses facial recognition and GPS tracking to overlay personal identifying information on people and cars in real time.

WhatsApp service disrupted in China as censorship tightens (Fifth Domain) Chinese authorities are tightening controls on social media ahead of the party congress next month at which President Xi Jinping is due to be appointed to a second five-year term as leader.

Russia threatens to block Facebook over data storage (Fifth Domain) Alexander Zharov, chief of the Federal Communications Agency, told Russian news agencies on Tuesday that they will work to “make Facebook comply with the law” on personal data, which obliges foreign companies to store it in Russia.

What’s True, False And In-Between In The Trump Dossier? (The Daily Caller) The infamous Trump dossier: Democrats say key parts of it have been proved accurate and Republicans claim it has been debunked. But the truth about the salacious document, written last year by form

House Demands Details on White House Private Email Users (Infosecurity Magazine) House Demands Details on White House Private Email Users. Trump team accused of rank hypocrisy

U.S. Homeland Security to begin collecting immigrants’ social media info (The Daily Dot) The new policy affects green card holders and naturalized citizens.

Another thug learns that SWATting Brian Krebs is a bad idea (Naked Security) Things have not gone well for Krebs’ tormentors

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Threats to Critical Infrastructure: INSA Panel Discussion (McLean, Virginia, USA, Oct 4, 2017) INSA will hold a panel discussion on cyber threats to critical infrastructure, with a particular focus on the energy and transportation sectors and the dependencies between the two. The panel’s government and industry experts will explore these sectors’ cyber threats and vulnerabilities, assess existing public-private partnerships, and identify strengths and weaknesses of response mechanisms.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, Mar 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

upcoming Events

Countermeasure (Ottawa, Ontario, Canada, Nov 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, Nov 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, Nov 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, Nov 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, Nov 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, Nov 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, Nov 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, Nov 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, Oct 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, Oct 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, Oct 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, Oct 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, Oct 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, Oct 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, Oct 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Cyber Security Chicago (Chicago, Illinois, US, Oct 18 - 19, 2017) Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Hear from industry experts on how you can build stronger defenses against cyber-attacks & how to recover if your systems are breached.

QuBit Conference Belgrade 2017 (Belgrade, Serbia, Oct 18 - 19, 2017) A Cyber Security Community Event in the SEE Region. QuBit Conference is a cyber security event gathering all levels of security professionals, industry experts, academics and government officials. QuBit offers the unique opportunity to gain valuable insight into multiple facets and aspects of ever-expanding crucial fields in cyber security. The main aim is to create a community spirit providing space for knowledge sharing. Belgrade is the “home” city of many global IT companies, one of the most important information technology centers in Southeast Europe with strong growth.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Lies protected by a bodyguard of truth. SEC, Deloitte, Equifax breach updates. Paycard data stolen from Sonic. US IC lobbies for 702 renewal.