The CyberWire Daily Briefing 9.29.17

Summary

By The CyberWire Staff

Researchers at Duo Security have released results of their inquiry into Mac firmware vulnerabilities. They conclude that a large number of systems, including some running the most recent versions of MacOS, are susceptible to exploitation. Evidently the Extensible Firmware Interface (EFI) in many devices was not actually installing the security updates users thought they'd applied. Duo notes that firmware exploitation isn't easy, and requires a relatively high level of sophistication on the attackers' part, but the vulnerability is nonetheless a serious one. Some observers think it likely the problem extends into the Windows and Linux worlds as well.

Cyber Ark has found an "illusion gap" technique that could enable attackers to bypass Windows Defender. Microsoft says the danger is exaggerated: you'd have to click through lots of warnings to fall victim.

Skyhigh Networks' research has led it to believe that about 7% of AWS S3 servers worldwide are exposed.

Whole Foods has disclosed it's been hit with a breach that exposed customer paycard data.

ISIS and the Taliban have each released new inspirational videos online as reverses on the ground push the terrorist organizations into cyberspace.

Turkish hacktivist group Aslan Neferler Tim claimed responsibility for Wednesday's takedown of sites belonging to Denmark's Ministry of Immigration and Ministry of Foreign Affairs. The attacks were apparent retaliation for the Immigration Minister's remarks praising Kurt Westergaard’s famous cartoon depicting the prophet Mohammed wearing a bomb as a turban.

India has asked that country's telcos to come up with more effective security measures.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Bahrain, China, Denmark, Egypt, European Union, Germany, India, Israel, Republic of Korea, Qatar, Russia, Saudi Arabia, Singapore, Syria, Turkey, United Arab Emirates, United Kingdom, and United States.

Compliance risk can be a business killer.

Regulations, laws, and the standards of care that follow them are shifting rapidly, struggling to keep up with new technologies and a continually changing threat landscape. In this increasingly complex environment, how can organizations manage risk systematically and effectively? Learn more about how organizations are achieving situational awareness, while automating the labor-intensive tasks associated with managing IT risk and compliance.

On the Podcast

In today's podcast, we hear from our partners at Webroot, as David DuFour explains the difference between artificial intelligence and machine learning. Our guest is R.P. Eddy, coauthor with Richard Clarke of the book Warnings: Finding Cassandras to Stop Catastrophes.

Tomorrow is Research Saturday, and we'll be talking with John Hultquist from FireEye about their investigation of APT 33.

Sponsored Events

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, Oct 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Job Fair, October 11, Baltimore visit ClearedJobs.Net or CyberSecJobs.com for details. (Baltimore, Maryland, USA, Oct 11, 2017) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 11 in Baltimore. Meet leading cyber employers including Delta Risk, Choice Hotels, Lockheed Martin, the NSA and more. Visit ClearedJobs.Net or CyberSecJobs.com for info.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Two Danish ministries taken offline by cyber attack (The Local (Denmark)) A Turkish hacker group has claimed responsibility for a cyber attack that has rendered the Danish Ministry of Immigration website inaccessible.

ISIS releases Baghdadi audio as the group crumbles in Iraq and Syria (Military Times) If confirmed, it would be the first message from the reclusive leader since November 2016.

New Taliban propaganda video features Trump calling Afghanistan a ‘complete disaster’ (Military Times) A recent Taliban propaganda video features current U.S. leaders discussing failed strategies and polices in the war in Afghanistan.

A Field Trip to the Front Lines of the Qatar-Saudi Cold War (Foreign Policy) The showdown in the Gulf shows no signs of ending. And there don’t seem to be any clear winners emerging.

A Closer Look at the German Election (Anomali) On September 24th, 2017, federal elections took place in Germany to elect Germany’s next parliament, the 19th Bundestag. The Christian Democratic Union (CDU) won the majority of votes with 33%, making this Angela Merkel’s fourth term in office.Merkel has been a steadfast supporter of the European Union, and much of the E.U.’s viability can be credited to Germany’s economic prowess and political stability. This made Germany an appealing yet somewhat challenging target

Russian campaign on Twitter and Facebook aims to splinter America (Times) Thousands of Twitter accounts linked to the Kremlin were churning out material designed to splinter America along political, racial and religious lines yesterday, even as tech executives arrived at...

Mark Zuckerberg's Trust Problem (WIRED) If Facebook’s CEO loses his credibility, it's an existential problem for the social network.

Analysis: Twitter and Facebook help shape politics, for good... and ill (Times) Russia has unleashed a shadowy propaganda campaign against the West. The use of Twitter and Facebook is new, but Moscow’s tactics echo the frostiest periods of the Cold War. The Soviet Union had a...

Nuclear War Isn't North Korea's Only Threat (Carbon Black) (Editor’s Note: This opinion piece originally appeared on CNN.com) North Korea has launched 22 missiles in 15 tests in 2017. According to US intelligence sources, the most recent test detonated a 140-kiloton nuclear device, which the North Koreans claim was a hydrogen bomb. (That’s 10 times as powerful as the atomic bomb the United States dropped on Hiroshima in World War …

Was the Equifax CSO to Blame? (Infosecurity Magazine) Companies should want well-rounded individuals that can manage people, understand risks, can communicate and understand legal ramifications.

Equifax's Latest Offer: Is It Enough? (Fortune) Try harder.

Malware Attacks Reveal European Cybersecurity Gaps (National Defense) In the wake of two major malware attacks in Europe this past summer, contractors based in the region who wish to do business with the Pentagon and other U.S. government agencies need to ensure proper cybersecurity measures, according to one analyst.

WannaCry ransomware explained: What it is, how it infects, and who was responsible (CSO Online) Stolen government hacking tools, unpatched Windows systems, and shadowy North Korean operatives made WannaCry a perfect ransomware storm.

Duo Security discovers Apple Mac computers unprotected from malicious firmware vulnerabilities (Duo Security) Duo Security released an in-depth whitepaper detailing a potential systemic issue that leaves Apple Mac computers susceptible to exceptionally targeted and stealthy firmware attacks on Mac computers.

New "Illusion Gap" Attack Bypasses Windows Defender Scans (BleepingComputer) Security researchers from CyberArk have discovered a new technique that allows malware to bypass Windows Defender, the standard security software that comes included with all Windows operating systems.

Microsoft downplays alarm over Windows Defender 'flaw' (Register) Says you'd hafta click through a *boatload* of warnings

Researchers find 7 percent of all Amazon S3 servers exposed (SC Media UK) A recent study by SkyHigh Networks found 7 percent of all Amazon S3 servers are exposed which may explain a recent surge of data leaks

Chrome plugin exploited Tinder privacy bug to track your friends' location (The Next Web) Security researchers built an intrusive Chrome plugin to showcase how a known vulnerability in Tinder can be exploited to stalk your Facebook friends.

New Ransomware Evades Machine Learning Security Software (MSP Mentor) Security software vendors are furiously introducing new products with increasingly sophisticated machine learning algorithms that can detect phishing scams and quarantine a message before it ever gets in front of a vulnerable end user to be clicked upon.

Ransomware keeping cops, NHS and local UK gov bods awake at night (Register) Biggest threat next year, Met Police cybercrime boss says

Copy-Pasting Malware Dev Made $63,000 From Mining Monero on IIS Servers (BleepingComputer) A malware author (or authors) has made around $63,000 during the past five months by hacking unpatched IIS 6.0 servers and mining Monero.

All These Ethereum Scam Emails Are Destroying My Inbox (Motherboard) Help me.

Threat Spotlight: Email Malware Impersonates Secure Bank Messages (Barracuda) Everyone seems to be on a heightened alert following the recent Equifax data breach and probably keeping a closer eye on bank statements and credit reports for good measure.

Whole Foods: We've been hacked and your credit and debit card data could be compromised (Computing) Just Whole Foods, definitely not its new owner Amazon, the company claims

Whole Foods investigating cyber security around payment cards (KIRO7) Whole Foods posted a statement on its website saying the company "recently received information regarding unauthorized access of payment card information" and that it was investigating with help of a leading cyber security firm.

Net Neutrality Activists Targeted by Clever Pornhub-Themed Phishing Campaign (BleepingComputer) Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attempts between July 7 and August 8, reported today the Electronic Frontier Foundation (EFF).

Oops! Lawyers' Email Snafus Highlight Risks to Firms, Clients (New York Law Journal) Email may be essential for lawyers, but this week it felt like their worst enemy.

Uber London Ban Sees Rise in Malicious Taxi Apps (Infosecurity Magazine) Uber London Ban Sees Rise in Malicious Taxi Apps. RiskID spots fake apps serving adware and linking to bad sites

Major Airlines Around the World Paralyzed For Hours by Computer ‘Network Issue’ (Epoch Times) Passengers went through long lines and delays at airports around the world as a check-in computer system failed on Thursday morning, Sept. 28. The failure affected many airlines at major airports around the world simultaneously, including in New York, London, Paris, Melbourne, Singapore, Zurich, and others. For several hours, people couldn’t check in at the …

Security Patches, Mitigations, and Software Updates

Critical Code in Millions of Macs Isn't Getting Apple's Updates (WIRED) Researchers dug into the deep-seated, arcane code in Apple machines known as EFI, and found it's often dangerously neglected.

Apple Silently Patched macOS Security Bypass Flaw (Security Week) Researchers claim Apple has silently patched a macOS vulnerability that can be exploited to bypass one of the operating system’s security features and execute arbitrary JavaScript code without restrictions.

Security update for MozillaFirefox (important) (Vulners.com) This update for MozillaFirefox to ESR 52.3 fixes several issues.

Linux Security Bug Discovered Two Years Ago Has Finally Been Fixed (Wccftech) Linux security bug that was initially classified as non-security issue, has now been fixed after getting a severe rating of 7.4 out of 10.

Cyber Trends

Company directors are increasingly involved with cybersecurity (Help Net Security) Good news! 79% of public company directors report that their board is more involved with cybersecurity than it was 12 months ago.

Are company boards of directors trivialising security? (The Telegraph) Cyber threats are a huge issue for businesses.

As hacks soar, tech honchos are the first to get fired, and then rehired (Kansas City Star) Guarding vital data for companies and organizations can be a thankless job as hacks grow more common and frequent. Those in the jobs should keep a resume handy.

Cyberattacks Breed Risk for CISOs, but Also Job Security (Government Technology) An increasing number of cyberattacks means chief information security officers face an uphill battle and are often the first to be fired after a breach. But the prevalence of attacks means they are also indispensable for an organization’s IT mission.

Ransomware Numbers Continue to Look Abysmal (Dark Reading) Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.

The Global Cyber Attack on Healthcare (Inside Counsel) As of late, ransomware attacks are inspiring a reassessment of cybersecurity in the healthcare industry.

The hackers are winning, and automation may be the only way to beat them (SiliconANGLE) The hackers are winning, and automation may be the only way to beat them

Marketplace

Cybersecurity Market Driven by Survival of the Fittest (Bloomberg BNA) Charles Darwin’s theory of evolution, introduced in 1859 in ‘On the Origin of Species,’ focused on natural selection—which evolved into the well-known phrase “survival of the fittest.” Applying that to the cybersecurity industry means that only some businesses can compete in the modern cybersecurity landscape and survive the natural selection, and that might not be such a bad thing.

Managing expectations to find cybersecurity talent (CSO Online) Finding the cybersecurity leaders of tomorrow means being realistic about job descriptions and providing training and mentoring for non-traditional tech people.

Could Palo Alto Join Symantec In Big Cybersecurity Acquisitions? (Investor's Business Daily) One analyst says Palo Alto may look to boost growth with a big acquisition in coming months.

Trump's Immigration Cops Just Spent $3 Million On These Ex-DARPA Social Media Data Miners (Forbes) There was widespread alarm earlier this week when it emerged the Department of Homeland Security (DHS) would start collecting social media information on all immigrants, whether legally in the United States or not.

OKCupid Co-Founder Max Krohn Believes People Are Ready to Love Encryption (Observer) Encryption has always been good, the problem is that it’s never been easy.

Is Equifax's Pain Symantec's Gain? (Madison) Equifax's (NYSE: EFX) data breach disaster, which potentially exposed the personal data of 143 million consumers in the U.S., seems to be getting worse each day. The credit reporting firm

Microsoft Prepares for GDPR and Builds for Security at Scale (BizTech) It’s a mad, data-thieving world, and Microsoft is trying to safeguard corporate data by asking the right questions and developing creative answers.

Egnyte Expands Beyond Silicon Valley, Opens New Office in Raleigh, NC (KMWorld Magazine) Cloud provider of smart content collaboration and governance is hiring throughout the U.S. and Europe

BlackRidge Technology Establishes Subsidiary to Commercialize New Security Technologies for Blockchain Networks (IT Business Net) BlackRidge Technology International, Inc. (OTCQB: BRTI), a leading provider of next generation cyber defense solutions, has formed a new business subsidiary called BlackRidge Secure Blockchain to pursue new market opportunities for securing blockchain applications.

GIBC Digital Attracts Former Citigroup Global Fraud Head To Lead Fraud And Cyber Practice (IT Business Net) GIBC Digital announced today that it has hired Paul Dunlop to lead its Fraud and Cyber Practice Group. Mr. Dunlop will be responsible for building out the groups global capabilities, with an initial focus on New York, London, and Hong Kong. Prior to joining GIBC Digital, Paul was the Global Fraud Management Head at Citigroup, where he designed and led global enterprise fraud and financial-crimes-risk programs.

CRN Exclusive: Forcepoint Names Former RES Software, Citrix Exec As New Global Channel Chief (CRN) Tom Flink will now serve as vice president of global channel sales at Forcepoint. He said he will focus on growing channel headcount, driving more consistent engagement with partners, and growing brand awareness.

Virginie Duperat-Vergne to join Gemalto as Company Chief Financial Officer Jacques Tierny to step down after 10 years (GlobeNewswire News Room) Gemalto (Euronext NL0000400653 - GTO), leader in digital security today announces that after 10 years of dedicated and exemplary service, Jacques Tierny, the Chief Financial Officer (CFO) of the Company, has decided to leave on December 31, 2017 to pursue other activities.

Products, Services, and Solutions

New infosec products of the week: September 29, 2017 (Help Net Security) Fortanix launches runtime encryption using Intel SGX Fortanix’ Self-Defending Key Management Service (SDKMS) is a cloud service delivering runtime encrypti

Three-year old startup Vera scores huge deal to protect all of GE’s IP (TechCrunch) When Box landed GE as a customer in 2014, it marked a turning point for the cloud content management company, giving them momentum ahead of their IPO. Three..

Palo Alto Networks brings WildFire threat intelligence platform to APAC (Security Brief Asia) Palo Alto Networks has brought WildFire Cloud to Asia Pacific with a new base in Singapore, furthering the company’s cloud reach.

Vanguard Integrity Professionals Announces The Launch Of Version 2.3 Security And Compliance Software For IBM z/OS® Security Server (Markets Insider) Vanguard Integrity Professionals, Inc., cybersecurity experts with cybersecurity solutions securing any enterprise, is pleased to announce the launch and immediate availability of Version 2.3 Security and Compliance software for the IBM z/OS Security Server.

Google extends IoT device management and analytics with Cloud IoT Core public beta (Computing) Platform can handle 'hundreds of millions' of devices and integrate with Google's analytics services

Wyoming pilots DDLs (Security Document World) Gemalto has announced that Wyoming is joining four other jurisdictions in a pilot for digital driver’s licenses (DDLs).

Skyport Introduces ‘Easy Button’ for Securing Active Directory (Cellular News) Skyport Systems, a leading secure hyperconverged infrastructure provider for the hybrid enterprise, announced today a new series of SkySecure Policy Templates customized to protect Active Directory Domain Controllers.

Distil Networks Significantly Increases Website Performance and Security with Enhanced CDN (Markets Insider) Distil Networks, the global leader in bot detection and mitigation, today announced massive upgrades to its Content Delivery Network (CDN), which will protect customers against volumetric DDoS attacks, while dramatically increasing overall website performance.

Beazley’s data breach expertise to back new Generali cyber product in Brazil (Markets Insider) Specialist insurer Beazley, a pioneer in data breach response insurance, has partnered with Generali, one of the world’s leading insurers, to manage data breaches for Generali Brazil’s new cyber insurance offering for its corporate and commercial clients.

Qualys Launches Disruptive File Integrity Monitoring Cloud App for Simplified Detection of Unauthorized Change and Policy Violations (Cellular News) Qualys, Inc. (NASDAQ QLYS), a pioneer and leading provider of cloud based security and compliance solutions, today announced general availability of its highly scalable and centralized File Integrity Monitoring (FIM) Cloud App, a new extension to the Qualys Cloud Platform that reduces the cost and complexity of detecting policy and compliance related changes across sprawling IT environments, and for compliance with increasingly prescriptive regulations.

WISeKey QuoVadis Provides Advanced Solutions for Secure Corporate Email (GlobeNewswire News Room) WISeKey QuoVadis has partnered with several email gateway companies including German encryption specialists Zertificon Solutions

Zimperium® Announces World's First On-device Detection of Undetected Mobile Malware (PRNewswire) Zimperium, the global leader in mobile threat defense (MTD) and the...

Technologies, Techniques, and Standards

ICANN Postpones Major Internet Security Update (Infosecurity Magazine) ICANN Postpones Major Internet Security Update. KSK rollover could kick 750m internet users offline

Preparing for the General Data Protection Regulation - Implementation Guide (Information Security Forum) With the EU’s General Data Protection Regulation (GDPR) around the corner, there is one question on everyone’s lips: is your organisation GDPR ready? If your organisation is holding EU resident data and has not started to prepare for the GDPR, you need to act now. The GDPR is a global requirement and legislators and regulators …

Hope for a Holy Grail of Continuous Monitoring (SIGNAL Magazine) There's no quick route to address increasingly sophisticated cyber attacks or to undo years of neglect wrought by avoiding the problem.

Laying the foundation for a proactive SOC (Help Net Security) Companies are trying to shift their SOC from a reactive to a proactive posture. To do that, the analysts' reaction to security events must become swift.

7 SIEM Situations That Can Sack Security Teams (Dark Reading) SIEMS are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.

Is this the year SIEM goes over the cliff? (Help Net Security) While this may not be the year that SIEM solutions fall off of the cliff of relevancy into obsolete software land, they are moving closer to the edge.

Design and Innovation

How Apple's Face ID works, learns, and protects (Help Net Security) Apple has published a paper throwing more light on how Face ID, its newest biometric authentication option, works on iPhone X.

Research and Development

China Is Another Step Closer to Building a Quantum Internet (Motherboard) China's quantum satellite just facilitated the first intercontinental video call secured using quantum encryption.

Navy awards $458 million contract to UT’s Applied Research Laboratories (Austin American-Statesman) A research contract with the Navy could be worth up to $1.1 billion to the University of Texas.

Ben-Gurion University works with Google to stop hackers (Jewish Telegraphic Agency) This is a paid post. Cellphone hackers could be stopped dead in their tracks by an innovative firewall developed by cybersecurity researchers at Ben-Gurion University of the Negev (BGU). The new firewall adds a missing layer of critical security for Android phones and also monitors for malicious coding. The program was developed after a security...

Industrial base war-gaming: Pentagon wants companies to find supply-chain weaknesses (Defense News) The Pentagon is hoping industry will volunteer information on weak spots in their industrial supply chains, as part of a broader review and war-gaming effort to discover potential failure points for America’s defense industrial base.

Academia

Analyzing Cybersecurity's Fractured Educational Ecosystem (Dark Reading) We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.

Free cyber security training for veterans residing in Colorado New Mexico, Utah, and Wyoming (Alamagordo Daily News) The Daniels Fund, in collaboration with the USO Colorado Springs, has announced a grant for veterans to receive cyber-security training with the SANS Institute VetSuccess Immersion Academy.

Legislation, Policy and Regulation

Congress may finally get a cyber deterrence strategy from DoD at end of the month (FederalNewsRadio.com) After two delays, DoD says it should be able to deliver the long awaited cyber deterrence policy by Sept. 30.

How the US Senate Could Save (or Ruin) the IoT (Infosecurity Magazine) In the coming months, the US Senate is scheduled to discuss and vote on a new bill that concerns IoT security.

3 Issues Arising Out of the EU-US Privacy Shield Annual Review (Legaltech News) From concerns over U.S. surveillance to how the agreement will address GDPR provisions, there are several potential challenges facing the EU-US cross-border ...

Time for cyber security plans to swing into action (Today) Singapore announced several new initiatives to boost online security during the recent Singapore Cyber International Week including international collaborations and a new academy here to train professionals in the field.The announcements were not as major as last year when Prime Mini

First China, now South Korea has banned ICOs (TechCrunch) South Korea has banned ICOs, the up-and-coming method of raising funding via crypto tokens, due to concerns over the potential for financial scams. China's..

Told telcos to implement security policy, says telecom secretary Aruna Sundararajan (The Economic Times) With the advent of 5G, India has become one of the few countries to transform quickly from 2G to 3G and 4G, and now to a newer technology.

Litigation, Investigation, and Enforcement

Report: Equifax Subpoenaed by New York State Regulator (BankInfo Security) New York state's financial regulator has reportedly subpoenaed Equifax - in the wake of it suffering a breach affecting 143 million U.S. consumers - seeking

Investigation reveals that Cyber Command managed a private news outlet with NIS support (Hankyoreh) The discovery could widen probe into political malfeasance committed by the agencies

Europol: the response to unprecedented cyber-attacks (SC Media UK) The global scale, impact and rate of spread of cyber-attacks over the past year is unprecedented reports Europol's 2017 IOCTA.

GDPR is a Year 2000-style cash cow, warns GDPR legal expert Dr Kuan Hon (http://www.computing.co.uk) But contradictions and ambiguities in the GDPR might mean some claimed transgressions will have to be settled in court,Cloud and Infrastructure,Security,Privacy ,GDPR,Kuan Hon,Christopher Strand,Carbon Black,Fieldfisher

'I screwed up royally' accused leaker confessed to FBI agent (Military Times) A young woman charged with leaking U.S. secrets to a news organization told FBI agents she was frustrated with her job as a government contractor when she tucked a classified report into her pantyhose and smuggled it out of a National Security Agency office in Georgia, according to court records.

Kaspersky US government ban - what are the reasons behind the decision? (SC Media US) What is the basis for the ban on Kaspersky products being used by US government authorities? Can we be told?

Exclusive: Read the ICE Agents’ Guide to NSA Surveillance (The Daily Beast) ‘The document strongly suggests that private information obtained using the government’s secret spying tools is bleeding into certain ICE investigations,’ an ACLU lawyer says.

Feds Monitoring Social Media Does More Harm Than Good (WIRED) As the Department of Homeland Security takes a closer look at social media accounts, experts caution that it likely won't even accomplish much.

European Commission Presses Social Media on Illegal Content (Infosecurity Magazine) European Commission Presses Social Media on Illegal Content. New guidelines released to speed take-down of content inciting terror and violence

What's the Deal with WhatsApp Investigating and Discovering Mobile Device Data (Legaltech News) Analyzing data from mobile devices is still uncharted territory for many in Legal and IT. Accordingly, today's modern legal and technology professionals need...

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

upcoming Events

Countermeasure (Ottawa, Ontario, Canada, Nov 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, Nov 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, Nov 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, Nov 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, Nov 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, Nov 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, Nov 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, Nov 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, Oct 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, Oct 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, Oct 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, Oct 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, Oct 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, Oct 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, Oct 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Cyber Security Chicago (Chicago, Illinois, US, Oct 18 - 19, 2017) Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Hear from industry experts on how you can build stronger defenses against cyber-attacks & how to recover if your systems are breached.

QuBit Conference Belgrade 2017 (Belgrade, Serbia, Oct 18 - 19, 2017) A Cyber Security Community Event in the SEE Region. QuBit Conference is a cyber security event gathering all levels of security professionals, industry experts, academics and government officials. QuBit offers the unique opportunity to gain valuable insight into multiple facets and aspects of ever-expanding crucial fields in cyber security. The main aim is to create a community spirit providing space for knowledge sharing. Belgrade is the “home” city of many global IT companies, one of the most important information technology centers in Southeast Europe with strong growth.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Mac firmware vulnerabilities. "Illusion gap" Windows Defender bypass. 7% of AWS S3 servers exposed? Whole Foods hacked. Fresh inspiration and DDoS.