The CyberWire Daily Briefing 9.28.17

Summary

By The CyberWire Staff

North Korea's got a lot of coal it can't sell. Anyone whose got anything worth stealing online should look to their defenses. Pyongyang's especially interested in cryptocurrency wallets these days.

Deloitte continues to deal with the consequences of its recently disclosed breach. Many of those consequences are foreseeable piling on, as lawyers see, with some justification, regulatory gaps exposed by the incident, and as security researchers put the Big Four consultancy under the microscope and find all sorts of places where the company hasn't following its own advice. These include proxy login credentials out on Google+ (they've now been taken down), VPN credentials on Github, thousands of hosts exposed on the Internet (as seen via Shodan searches), etc. Such results are practically inevitable for an organization as big as Deloitte, which may or may not be comforting. There's no further word on whether the breach is more damaging than Deloitte's initial minimalist characterization makes it out to be.

Turning to the other two high-profile breaches, the Equifax incident produces fresh waves of hand-wringing and learned helplessness over the use of Social Security Accounts Numbers as elements of identity management approaches. It's also prompted what Palo Alto Networks deplores as "ambulance chasing." The US Senate, after giving the Securities and Exchange Commission a wire-brushing over the EDGAR breach, has told the SEC to go out and regulate harder.

McAfee reports an uptick in Faceliker malware, malicious code that gooses Facebook "likes."

Bloggers and others note: WordPress has a new patch out.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, European Union, Indonesia, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Russia, United Kingdom, and United States.

A note to our readers: Today marks a milestone for the CyberWire. It's the fifth anniversary of our Daily News Briefing: our first issue went out on this day in 2012. A lot of you have been with us from the start, and we'd like to say thanks to all of you for reading, and thanks for listening.

Compliance risk can be a business killer.

Regulations, laws, and the standards of care that follow them are shifting rapidly, struggling to keep up with new technologies and a continually changing threat landscape. In this increasingly complex environment, how can organizations manage risk systematically and effectively? Learn more about how organizations are achieving situational awareness, while automating the labor-intensive tasks associated with managing IT risk and compliance.

On the Podcast

In today's podcast we hear from our partners at Level 3 Communications, as Dale Drew talks about attack patterns and attack lulls. Our guest, Comodo's Trip Nine, gives us the skinny on trends in credential theft.

Sponsored Events

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, October 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, October 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

With $9.7 trillion of untradeable coal, North Korea turns to bitcoin (Crypto Insider) With an abundance of coal it can’t sell and a strong appetite for bitcoin, could Kim Jong-Un be experimenting with a new form of mining?

After hack, security researchers probe Deloitte's security posture (Help Net Security) We expect companies that advise other companies on information security to be better that most at protecting themselves. But is that expectation misplaced?

Deloitte Hack Reveals Email Vulnerabilities and Regulatory Gaps (New York Law Journal) The hack represents a breach of Deloitte’s ‘crown jewels,’ experts say, and large financial organizations and multinational corporations are likely among tho...

With Equifax, the Fiction about Hacking Becomes a Reality (CGMagazine) The Equifax data breach is a wakeup call to everyone that hacks that can circumvent cybersecurity are no longer a work of fiction.

Deloitte hacked, a brown trousers moment? (Diginomica) Deloitte was hacked while holding the world's leading cyber security consulting firm position as assessed by Gartner. That's quite a feat.

Op-Ed: Equifax hack reveals how absurdly at risk Americans are with their Social Security numbers (CNBC) Dumping the Equifax CEO was the easy part of dealing with the massive hack. Dumping your old Social Security number? Much harder.

Your head could roll in next cyber breach (FederalNewsRadio.com) Massive database will be the child of the Securities and Exchange Commission and contractor, Delaware LLC, and a dozen exchanges.

Sudden Rise Detected in Faceliker Malware That Manipulates Facebook "Likes" (BleepingComputer) Cyber-security firm McAfee is reporting about a sudden surge in detections for Faceliker, a malware strain that can take over browsers and manipulate Facebook "likes" on the behest of a remote party in order to promote social media trends, fake news, and other content.

Hajime IoT worm: Is it pure malware or vigilante malware? (SearchSecurity) The Hajime IoT worm posing as vigilanteware may not be entirely benevolent -- or safe. Expert Nick Lewis explained.

Internet Explorer Bug Leaks What Users Type in the URL Address Bar (BleepingComputer) Microsoft's Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar.

Sonic Investigates Breach, 5 Million Cards For Sale on Cybercriminal Market (SurfWatch Labs, Inc.) The fast-food chain Sonic said yesterday that it is investigating a possible payment card breach at its stores, and security blogger Brian Krebs reported that the incident may be tied to a batch of…

Flagship Killer: USBKILL V3 Demonstrates iPhone 8 & Samsung Note 8 Vulnerable to USB Surge Attacks (Sys-Con Media) USBKill.com, the Hong-Kong based technology company that developed the "USB Killer" demonstrated this week that 2017's Flagship Phones are vulnerable to power surge attacks.

Linux Kernel Bug Reclassified as Security Issue After Two Years (BleepingComputer) Multiple Linux distros are issuing security updates for OS versions that still use an older kernel branch after it recently came to light that a mild memory bug was in reality much worse, and the bug was recently categorized as a security flaw.

Zeus is Still the Base of Many Current Trojans (Panda Security Mediacenter) When it first appeared in 2007, no one expected ZeuS to have such a brutal impact on security. But this Trojan's offshoots have become incredibly dangerous.

TfL denies misleading the public, says has no plans to sell Wi-Fi tracking data (Computing) Tracking scheme promoted service improvements, with no mention of sale of data to advertisers.

Security Patches, Mitigations, and Software Updates

WordPress 4.8.2 is out, update your website now (Naked Security) The first rule of running WordPress is always use the latest version

This month's Windows and Office security patches: Bugs and solutions (Computerworld) It’s been a rocky month, with buggy security patches and patches-of-patches that never should’ve seen light of day. Is this the new normal?

New Chrome 61 Update Takes Care of Two High-Risk Security Vulnerabilities (News4C) We have some great news for Chrome 61 users. Google started rolling out the new 61.0.3163.100 version of the browser which takes care of three major security flaws. This new version can already be downloaded by Mac, Linux and Windows OS users. Google is very adamant about how much it cares about user security and

Cyber Trends

How cyber impacts the full spectrum of terror threats (FCW) Cybersecurity still ranks near the top of threats that worry the nation's security agencies.

New Research Shows Cyber Criminals Increasingly Focused on Credential Theft (PRNewswire) WatchGuard® Technologies, a leader in advanced network security solutions,...

Woefully Inadequate IT Processes for Managing User Accounts and Access Continue to Create Major Security and Compliance Risks, One Identity Survey Reveals (Marketwired) Global study indicates disgruntled former employees or other threat actors still have widespread opportunity to cause harm because their IT accounts remain active

Why DDoS Attacks are on the Rise (Data Center Knowledge) Attacks are growing in size, and “everyone has a target on their back.”

Report: Assessing the Cybersecurity Performance of the Finance Supply Chain (BitSight) Download this BitSight Insight report to learn how the cybersecurity performance of financial organizations compare to companies in their supply chain.

Only 45% of organizations have a structured plan for GDPR compliance (Help Net Security) Only 45% of organizations have a structured plan in place for compliance and 58% indicate that they are not fully aware of noncompliance consequences.

Is your device part of an illegal hacking group? (Information Age) New research reveals London, Manchester and Maidenhead are the leading UK cities fuelling botnet enabled attacks

Marketplace

'Don't chase the ambulance:' Palo Alto Networks CEO speaks out on the epic Equifax breach (CNBC) Jim Cramer sits down with cybersecurity chief Mark McLaughlin to hear his take on recent high-profile hacks.

Myth busted: Contract security companies are definitely worth the money (Healthcare IT News) With staff shortages opening the door to hackers, contract security can help an organization protect its reputation and image.

3 Hot Cybersecurity Stocks to Focus on for the Rest of 2017 (NASDAQ.com) The Cybersecurity industry has been on a bullish trend, of late, thanks to the series of cyber attacks over the last few months.

Sky and Space signs Check Point for satellite cybersecurity (ZDNet) Check Point has been signed on to provide cybersecurity services for nano-satellite telecommunications provider Sky and Space Global's space and ground communication platforms.

Cisco will slash 310 San Jose headquarters jobs (The Mercury News) Cisco Systems will chop 310 jobs from its headquarters in San Jose, the tech titan confirmed Tuesday.

Leonardo eyes work on NATO cyber command (Fifth Domain) Leonardo is looking at further work if and when NATO stands up a fully fledged cyber command.

Critical Survey: Radware (NASDAQ:RDWR) and Its Competitors (Dispatch Tribunal) Radware (NASDAQ: RDWR) is one of 65 publicly-traded companies in the “Application Software” industry, but how does it weigh in compared to its competitors? We will compare Radware to related businesses based on the strength of its institutional ownership, analyst recommendations, profitability, dividends, earnings, valuation and risk. Earnings and Valuation This table compares Radware and […]

7 Startups Working to Secure Communications (Nanalyze) Secure communications are what keep us from disclosing our secrets to bad people. We look at 7 startups that are using technology to secure digital assets.

Cyber flavoured delegation to head to San Francisco (Computerworld) A delegation of Australian cyber security start-ups will be heading to San Francisco in January next year, as part of a Austrade and AustCyber backed initiative.

CyberX Strengthens Management Team to Support Explosive Demand for Industrial and Critical Infrastructure Security (PRNewswire) CyberX, provider of the most widely-deployed industrial cybersecurity platform...

Products, Services, and Solutions

Cyber Defense Network announced for Financial Services Industry (PRNewswire) NC4®, the leading company providing cyber and physical threat...

#StayCurrent: 1E announces comprehensive Windows Servicing Suite Update at Microsoft Ignite (Marketwired) Today at Microsoft Ignite and Envision 2017, 1E, which provides the only software lifecycle automation solutions that can handle both routine IT tasks and emergency actions in real time, announced four major enhancements to its Windows management solution, Windows Servicing Suite (WSS).

Why FireEye’s Helix matters to security professionals (CSO Online) Its Sandbox will be the core product for FireEye into the foreseeable future, but Helix will be an important adjacent market for the company and its customers. Here's why.

Sqrrl ferrets out network traffic anomalies to find hidden threats (CSO Online) Using a threat hunting platform like Sqrrl may take a little bit of a shift in thinking for cybersecurity teams. It’s less like being a beat cop and more like being a consulting detective, but arguably much more effective at catching the really dangerous, hidden threats before they can strike.

Demisto Partners with CrowdStrike to Accelerate Threat Detection and Incident Investigation and Response (BusinessWire) Demisto, Inc., an innovator in Security Automation and Orchestration technology, today announced a partnership with CrowdStrike®, the leader in cl

Threatcare plants Alexalike interface atop its attack simulation service (SiliconANGLE) Threatcare plants Alexalike interface atop its attack simulation service - SiliconANGLE

Gemalto launches payment hardware security module SafeNet Luna EFT Payment HSM (Software Testing News) Gemalto announced the launch of the industry’s first payment hardware security module, SafeNet Luna EFT Payment HSM.

WISeKey partners with Sigfox to launch Secure Element (Buisness Insider) WISeKey International Holding Ltd ("WISeKey", SIX: WIHN), a leading cybersecurity and IoT company, today announced in partnership with Sigfox its new Secure Element for Sigfox-enabled connected devices at the Sigfox World IoT Expo in Prague.

Zimperium Collaborates with Oracle to Offer a Leading Mobile Threat Defense Solution Hosted on Oracle Cloud Infrastructure (Business Insider) Zimperium, a global leader in enterprise mobile threat defense (MTD) and a leading provider of real-time, on-device protection against known and unknown threats, today announced an integration with Oracle Cloud to detect and thwart advanced mobile attacks.

Technologies, Techniques, and Standards

Can Our Identities Ever be Reclaimed? (Security Week) It’s been 22 years since Sandra Bullock struggled to reclaim her identity from cyber-terrorists in The Net, a movie that opened our eyes to the risks of digital identity theft way ahead of its time.

The 'hack back' is not a defense strategy (CSO Online) The urge to strike back against bad actors is getting stronger in the wake of global attacks like Mirai, WannaCry and NotPetya. But while the hack back seems to put power back into victims' hands, it's actually not so simple.

Collaboration Will Solve Security Woes, HackerOne CEO Says (International Business Times) HackerOne CEO Marten Mickos believes its time for organizations to stop making the same mistakes and start allowing outside sources help improve security.

The Three Pillars of Hypothesis-Driven Threat Defense (Security Week) There are two possible outcomes: if the result confirms the hypothesis, then you've made a measurement. If the result is contrary to the hypothesis, then you've made a discovery. - Enrico Fermi

Not sure which ransomware has infected your PC? This free tool could help you find the right decryption package (ZDNet) A new tool analyses the ransom note and the encrypted file in order to offer the appropriate decryption tool -- if it exists.

How to Protect PC from Ransomware malware Attack (ComputerGK.com) How to Protect PC from Ransomware malware Attack You have heard about popular Ransomware attack on computers via Internet

What's on Your Cybersecurity Wish List? (SIGNAL Magazine) "I have yet to see an agency that has fully implemented a risk-based cybersecurity program."

Design and Innovation

The Four Hurdles to Blockchain Adoption (Legaltech News) Until solutions to usability, interoperability, scalability, and privacy are developed, widespread adoption will be hampered.

Research and Development

Computer Scientists Address Gap In Messaging Privacy (Fraud Net) Researchers have developed a solution to a longstanding problem in the field of end-to-end encryption, a technique that ensures that only sender and recipient can read a message.

Firewalls Don't Stop Hackers. AI Might. (WIRED) A startup founded by former spies uses machine learning to tackle the newest cybersecurity threats.

Waiting for Skynet? Don’t hold your breath (Naked Security) AI run amuck is good TV, but is it likely?

Academia

NSA Invites Students to 'Hack Us!' (VOA) Undergraduate and grad students who compete to master six tasks receive small token of appreciation for being among first 50 finishers

Thomas Nelson Community College's cybersecurity program gets national designation (Virginian-Pilot) In order to qualify for the designation, there are several criteria the college had to meet.

New Major Offered in Tech Field (The Pine Log Online) SFA’s College of Sciences and Mathematics recently re- ceived approval to offer a master’s degree in cybersecurity.

Scholarship will help two UAH students achieve goal of career in cybersecurity (The University of Alabama in Huntsville) One student each from the Colleges of Business and Engineering at UAH has been awarded a prestigious Department of Defense Information Assurance Scholarship: Jessica Eason, who is currently pursuing a Master of Science in Cybersecurity – Business Track, and Victoria Van, who is working toward her Bachelor of Science in Computer Engineering.

Norwich proclaims October as Cybersecurity Month, joining national effort (Vermont Business) Vermont Business Magazine Norwich University, a national leader in cybersecurity and digital forensics education, has proclaimed October as cybersecurity awareness month and has joined the National Cybersecurity Awareness Month (NSCAM) effort as an official “Champion.”

Legislation, Policy and Regulation

SEC Launches Cybersecurity Initiatives (PYMNTS.com) The U.S. Securities and Exchange Commission (SEC) announced it is launching two enforcement initiatives to boost efforts to address cyber threats and protect retail investors. The move comes in the wake of the massive Equaifax hack, which exposed the personal data of 143 million Americans. The SEC suffered its own breach of its corporate filing […]

GSA touts anti-hacker support services (Fifth Domain) The General Services Administration has awarded Highly Adaptive Cybersecurity Services SINs to more than 70 vendors to address potential vulnerabilities of high-value assets.

Audit finds weaknesses in DOE cybersecurity (Fifth Domain) Despite longstanding federal requirements for multifactor authentication, the Department of Energy’s procedures still have weaknesses, according to the department’s Office of Inspector General.

DOJ (sort of) releases FBI insider threat audit (Fifth Domain) The Justice Department’s Office of Inspector General won't reveal how successful the FBI is at tackling leaks, but it has released recommendations for the FBI’s insider threat program.

Some in administration use personal phones, despite advice (Federal Times) The inquiries into private communication could prove uncomfortable for President Donald Trump, who relentlessly attacked Democratic opponent Hillary Clinton for her use of a private email account and server during her time as secretary of state.

ACLU Lawyer Blasts NSA Programs: 'Nothing to Do With National Security' (Newsmax) Many of the National Security Agency's surveillance programs collect vast amounts of data on Americans, data that is never used to combat the threat of terrorism, a lawyer for the American Civil Liberties Union said Wednesday.

Litigation, Investigation, and Enforcement

Prosecution Launches Probe into Cyber Command's Election Scandal (KBS) The prosecution has launched an investigation into allegations that the military cyberwarfare command posted illegal political comments during the 2012 Presidential election.

Woman, 65, hired by civil service is held over ‘spying’ (Times) A female contractor to a government department was arrested by counterterrorism officers yesterday on suspicion of spying for an enemy state. The 65-year-old woman was detained in north London...

House Panel Receives Classified Briefing on Kaspersky (Bloomberg) The House Science Committee received a classified briefing Tuesday related to Kaspersky Lab Inc., according to a person familiar with the matter who spoke about the Moscow-based security firm believed to have links to Russian intelligence.

House Republicans renew call for 2nd special counsel, amid fresh Comey concerns (Fox News) House Republicans on Tuesday formally renewed their call for a second special counsel to probe 2016 controversies involving Hillary Clinton and the Obama administration – following allegations that former FBI director James Comey drafted an “exoneration statement” for Clinton weeks before interviewing her.

The Entire Russian Hacking Narrative Is Invalidated In This Single Assange Tweet (Medium) WikiLeaks editor-in-chief Julian Assange has been very active on Twitter lately, even for him. Between his frequent posts about the fight…

Awan Funneling ‘Massive’ Data Off Congressional Server, Dems Claim It’s Child’s HOMEWORK (The Daily Caller) Democratic congressional aides made unauthorized access to a House server 5,400 times and funneled "massive" amounts of data off of it. But there's nothing to see here, Democrats told The Washington P

Defenders of the CFPB's Newest Financial Regulation Are Ignoring Crucial Facts (Reason) Senate Republicans could vote as soon as this week to repeal the CFPB's ban on arbitration clauses.

Lawyers Discuss 'What's Next' After China Shuts Down Cryptocurrency Exchange (Legaltech News) ‘Many industry people believe the government’s ban will effectively extinguish the hope that China becomes a global center of cryptocurrency,’ attorney Pingh...

Alleged leaker hid NSA documents in pantyhose, report says (Fox News) A former National Security Agency contractor has reportedly told federal authorities that she smuggled classified documents out of the NSA office where she worked by stuffing them in her pantyhose.

Defense seeks reduced sentence for former cyber command officer (Augusta Chronicle) The former deputy director of the Cyber Center for Excellence at Fort Gordon will ask the federal judge for a shorter prison term when he is sentenced for possession of child pornography.

Campaigner who refused to hand over passwords found guilty (Naked Security) Muhammad Rabbani was found guilty of obstructing justice after refusing to unlock his laptop and smartphone

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, October 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, October 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Cyber Security Chicago (Chicago, Illinois, US, October 18 - 19, 2017) Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Hear from industry experts on how you can build stronger defenses against cyber-attacks & how to recover if your systems are breached.

QuBit Conference Belgrade 2017 (Belgrade, Serbia, October 18 - 19, 2017) A Cyber Security Community Event in the SEE Region. QuBit Conference is a cyber security event gathering all levels of security professionals, industry experts, academics and government officials. QuBit offers the unique opportunity to gain valuable insight into multiple facets and aspects of ever-expanding crucial fields in cyber security. The main aim is to create a community spirit providing space for knowledge sharing. Belgrade is the “home” city of many global IT companies, one of the most important information technology centers in Southeast Europe with strong growth.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Watch for a cyber crimewave out of Pyongyang. Deloitte under the microscope. Ambulance chasing Equifax. SEC told to regulate better.