The CyberWire Daily Briefing 10.2.17

Summary

By The CyberWire Staff

Equifax is suggesting its data breach was probably the work of Chinese intelligence services. Sources claim to perceive similarities of tactics and approach to the 2016 intrusion into the US Office of Personnel Management. Sources also say a dispute between Equifax and Mandiant (Equifax is said to have thought Mandiant substituted junior personnel for the senior consultants Equifax believed they'd hired) led the credit bureau to discount the security consultants' warnings during a crucial phase of the attack.

TransTeleCom, a Russian telecommunications firm, appears to have established an Internet connection with North Korea. This supplements the DPRK's other Internet connection through China Unicom. The new connectivity increases Pyongyang's bandwidth and resilience, both attack potential and potential attack surface.

ISIS does some virtual whistling past its Raqqa graveyard with online videos displaying captured coalition small arms. More worrisome perhaps is its warning to Muslims (conveyed via Telegram) to avoid public places in infidel lands, as these will be targets of the "soldiers of the Caliphate."

Facebook is expected today to provide the US Congress with evidence concerning 2016 election ads purchased by Russia's Internet Research Agency. Bots have become more visibly active in social media; their tendency has been to exacerbate conflict without much discernible interest in conflict's outcome. US Senator Warner (D-Virginia), vice chair of the Senate Intelligence Committee, thinks social media have now become decidedly weaponized.

A PHP backdoor has been hidden in software that purports to be a WordPress security plugin.

Siemens patches a Ruggedcom improper access vulnerability.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Belgium, Brazil, China, Estonia, European Union, France, Germany, Greece, Indonesia, Iran, Ireland, Italy, Kenya, Democratic Peoples Republic of Korea, Nigeria, Russia, Saudi Arabia, South Africa, Syria, United Kingdom, and United States.

Survey says: frameworks are good, compliance could be better.

How does the public sector view the state of cyber risk management, IT modernization, and the role of cybersecurity standards in improving our nation’s cyber posture? A survey of government and industry attendees at the 2017 AWS Public Sector Summit provides a unique window into the perceptions, challenges and opportunities for cyber risk management. Download your copy of the 2017 Public Sector Cyber Risk Management Report.

On the Podcast

In today's podcast we hear from our partners at the SANS Institute, as Johannes Ullrich describes malware that uses malicious DLL files.

Sponsored Events

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, Oct 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Conference: Baltimore Convention Center October 11-12 (Baltimore, Maryland, USA, Oct 11 - 12, 2017) The CyberMaryland Conference is an annual two-day event that brings together academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” emphasizes information sharing and networking opportunities for development of cyber assets on both the human and technological side.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Equifax hack the work of Chinese intelligence with links to US Office of Personnel Management hack of 2015, claim reports (Computing) Dispute between Equifax and Mandiant widened attackers' window of opportunity

Here’s What to Ask the Former Equifax CEO (KrebsOnSecurity) Richard Smith — who resigned as chief executive of big-three credit bureau Equifax this week in the wake of a data breach that exposed 143 million Social Security numbers — is slated to testify in front of no fewer than four committees on Capitol Hill next week.

The Inside Story of Equifax’s Massive Data Breach (Bloomberg) The intruders broke in and then handed off to a more sophisticated team of hackers, the hallmarks of a state-sponsored operation.

Online thieves may be exploiting the Equifax panic, researchers say (Houston Chronicle) The Equifax breach may have you watching your financial records closely for evidence of fraudulent new accounts or suspicious transactions. But you may also want to keep a close eye on your incoming email, researchers say.

Is North Korea hacking bitcoin to bypass sanctions? (Nikkei Asian Review) Researchers link recent attacks with Pyongyang-based hackers

Russia Provides New Internet Connection to North Korea (38 North) A major Russian telecommunications company appears to have begun providing an Internet connection to North Korea. The new link supplements…

Saudi entertainment authority says hit by cyber attack (Reuters) Saudi Arabia's General Entertainment Authority (GEA), which has begun sponsoring concerts and shows said on Friday its website had been the target of cyber attacks from outside the kingdom.

ISIS propaganda showcases US weapons, including an AT-4 rocket (Military Times) ISIS released its latest propaganda video about the defense of its de facto capital of Raqqa, which showcases several American weapon systems to include an AT-4 anti-tank rocket.

ISIS warns Muslims to avoid public places in Europe, America, and Russia (Military Times) The message warns Muslims to avoid these public places because “these places are targets of the soldiers of the caliphate,” the message reads.

'Doublethink required?' Twitterati mock CIA’s Russian-speaker recruitment drive (RT International) With the anti-Russia hysteria in the US reaching unprecedented proportions, the CIA has announced it’s looking for US nationals with a perfect command of Russian to work as linguist analysts to protect the US national security and “unveil the truth,” whatever that means.

#BotSpot: Bots Boost NFL Divides – DFRLab (Medium) Identifying botnets amplifying #TakeAKnee and #BoycottNFL

Facebook will share Russian-bought election interference ads with congress tomorrow (TechCrunch) Facebook will release over 3000 ads bought by a Russian entity to interfere in U.S. politics and the 2016 presidential election with congressional..

Zuckerberg asks forgiveness, but Facebook needs change (TechCrunch) "For the ways my work was used to divide people rather than bring us together, I ask forgiveness and I will work to do better" Mark Zuckerberg posted to..

Who Will Take Responsibility for Facebook? (WIRED) The reckoning is upon Mark Zuckerberg.

Faceliker Trojan leads the malware race in Q2 (Security Brief) "By making apps or news articles appear more popular, accepted and legitimate, unknown actors can covertly influence the way we perceive value."

Spot a Bot: Identifying Automation and Disinformation on Social Media (Medium) There are bots everywhere, or so it seems.

'Phish for the Future' spearphishing campaign set digital civil liberty activists in its sights (Graham Cluley) A spear-phishing campaign known as "Phish for the Future" targeted activists who have a history of championing users' digital civil liberties.

Hacker Hides Backdoor Inside Fake WordPress Security Plugin (BleepingComputer) A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO."

Android malware ZNIU exploits DirtyCOW vulnerability (Naked Security) DirtyCOW can be used to compromise phones and tablets

Estonian Blockchain-Based ID Card Security Flaw Raises Issues About Identity (Lexology) On August 30, 2017, an international team of security researchers notified the Estonian government of a security vulnerability affecting the digital…

Banking trojan campaign uses commercial packers to target Brazilian users (Graham Cluley) A banking trojan campaign is using commercial packing platforms to evade analysis and thereby successfully infect unsuspecting users.

Crowdstrike CTO: Theft and destruction are ‘just a few keystrokes’ apart (Computer Business Review) Highly advanced weaponry is not the only means of delivering a crippling blow to a nation, cyberattacks can too. We gained insight from the Crowdstrike CTO.

As CCleaner illustrates, software security has a 'systemic problem' (The Parallax) The CCleaner hack shows any app can be used to attack unsuspecting targets. Software makers need to verify their products are secure before distribution.

What Is a 'Supply Chain Attack?' (Motherboard) A dangerous threat that takes advantage of the inherent trust between users and their software providers is a growing trend.

How attackers can take advantage of encrypted tunnels (Help Net Security) 23% of security professionals don’t know how much of their encrypted traffic is decrypted and inspected, according to Venafi.

Hikvision Security Cams Compromised to Display "HACKED" (HackRead) If you own Hikvision security cameras you would have noticed the sudden change in the live feed display where the normal footages were replaced with the te

Roughted remains the top malware in Africa to watch out for (IT News Africa) Check Point Software has revealed that banking Trojans were extensively used by cyber-criminals during August 2017, with three variants appearing in the company’s latest Global Threat Impact Index.

Cyber-attack threatening Splendora ISD personal info (ABC13 Houston) The school district said it was first notified of the threat early Wednesday that is targeting confidential information such as phone numbers and addresses.

iPhone X Face ID baffled by kids, twins, siblings, doppelgängers (Naked Security) Get the lowdown on Apple’s newly released Face ID Security Overview

Business Process Compromise and the Underground’s Economy of Coupon Fraud (TrendLabs Security Intelligence Blog) The fraudulent redemption of freebies, discounts, and rebates in the form of coupons is reportedly costing U.S. businesses $300–600 million every year.

The 9 Easiest Ways For Strangers To Access Your Kids Online, According To An Expert (Romper) As the internet becomes an increasingly large part of our social lives, benefits and opportunities abound.

Security Patches, Mitigations, and Software Updates

Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol (Threatpost) Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom protocol to apply firmware updates this week.

Marketplace

Are Vets the Solution to the Cyberstaffing Gap? (Government Technology) As need grows for a strong government cybersecurity workforce, veterans offer a blend of discipline and technical experience.

Relentless Cyber Attacks Make These A Screaming Buy (Forbes) President Donald Trump’s bed-ridden, 400-pound hacker and his friends have been relentless in making 2017 a banner year for digital disruption of the worst kind.

Colorado Springs cybersecurity firm root9B acquired by New York private equity firm (Colorado Springs Gazette) Tracker Capital Management LLC, a New York-based private venture investment firm, announced Thursday that it has acquired root9B LLC...

Palo Alto May Actually Be Underrated For Once (Seeking Alpha) Palo Alto Networks shares have recovered more than 30% off of their early 2017 lows, but the shares may yet be undervalued if the company can maintain low-to-mi

Motley Fool: Cisco’s transition bodes well for the future (Spokesman) Cisco Systems’ business-model transformation should position it well for the future.

Angst vor Kaspersky und Co? Diese Antiviren-Scanner kommen aus Deutschland (Trendblog) Sie kommen aus Russland, Rumänien, Finnland, Japan, Tschechien oder Spanien – die hierzulande beliebtesten Antiviren- und Internet-Security-Programme stammen gar nicht aus Deutschland.

Deloitte: This veteran company is bringing artificial intelligence to the federal government (Washington Business Journal) What could you accomplish if mundane tasks were removed from your workload?

SAIC offers buyouts to senior managers, consolidates organizations (Washington Business Journal) Reston-based Science Applications International Corp. announced Monday that it has offered voluntary buyouts to 100 senior managers while consolidating several organizations.

Mike Rogers Joins 4iQ Board of Directors (via Passle) (Passle) We are so honored to have Congressman Mike Rogers on our board.

Noblis Welcomes the Honorable Deborah Lee James, Former Secretary of the Air Force, to Board of Trustees (PR Web) Noblis Board of Trustees gains seasoned national and homeland security expertise

Avecto appoints Chief Marketing Officer (Prolific North) Manchester global security software firm, Avecto, has named Robin Saitz as its new chief marketing officer.

Deloitte appoints Andrew Pimlott as partner (The Peninsula Qatar) Deloitte has appointed Andrew Pimlott as Partner to lead its Forensic Technology practice, and promoted two new partners in a further expansion of its Financial Advisory business in the Middle East.

Products, Services, and Solutions

ZeroFOX Expands Enterprise Security Product Suite with Employee and Executive VIP Protection Solutions (BusinessWire) ZeroFOX, the innovator of social media and digital security, today unveiled ZeroFOX Employee Protection and Executive &amp; VIP Protection, the la

EclecticIQ Platform 2.0 Redefines Threat Analysis with Intelligence Reporting, New UI, and More (EclecticIQ) EclecticIQ, the cyber threat intelligence technology provider and fusion center operator, achieved another breakthrough for threat analysts with today’s launch of EclecticIQ Platform 2.0.

Oracle announces a new automated database that can patch cybersecurity flaws itself (Business Insider) "It will be less than one half of what Amazon charges you. We will write that in your contract," Oracle chairman Larry Ellison said on Sunday.

Technologies, Techniques, and Standards

DNSSEC key signing key rollover: Are you ready? (CSO Online) ICANN has postponed the deadline for updating name servers with the new root zone key signing key to early 2018 because too many ISPs and network operators are not ready, and that would cause DNSSEC validations to fail.

Effective Ransomware Responses: Understanding Ransomware and How to Successfully Combat It (FireEye) At FireEye, we’ve been observing an increased use of ransomware for a while now.

Effective Patch Management Requires a Well-Defined Strategy (MSP Mentor) Effective patch management requires a proactive approach. If businesses and solution providers don’t have a clearly defined policy, chances are they’ll miss some patches.

Back to Filing Cabinets? Simplifying the Complex Task of Data Security (Security Intelligence) Without visibility into all data stored on the network, the complex task of data security can have IT teams pining for the bygone days of filing cabinets.

Investigating Security Incidents with Passive DNS (SANS Internet Storm Center) Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned.

Protecting networks from DNS exfiltration (Help Net Security) Everyone around the globe has heard about the colossal Equifax breach last month. Its implications haven’t yet been fully calculated except now that the CE

Five Steps to Simplify NIST Cybersecurity Framework Adoption (Infosecurity Magazine) How to simplify NIST Cybersecurity Framework adoption and gain the cyber resilience benefits.

How US and UK companies address GDPR data protection requirements (Help Net Security) Companies all over the world are determining how to best adjust their internal systems and processes in order to address GDPR data protection requirements.

Best and Worst Security Functions to Outsource (Dark Reading) Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.

How to secure the Industrial IoT: A Q&A with GE's CISO (CSO Online) Manufacturing giant GE takes a holistic approach to industrial internet of things (IIoT) security that integrates enterprise and product security. CISO Nasrin Rezai explains why this is important and how it works.

Design and Innovation

It's "up to us" whether AI works for us, or turns against humanity, warns Satya Nadella (Computing) Better set of design principles are critical to correctly create the first AI, says Microsoft CEO

Beyond Bitcoin: The power struggle over trust-based technology (The Conversation) The development of distributed trust technologies is making traditional institutions like banks, corporations and governments nervous. Those who have power like to hold onto it. What's next?

Radical Leftists Built Their Own Reddit After It Banned Them (Motherboard) "I decided to delete my Reddit account and make a site where socialists and anarchists wouldn’t get punished for talking out against fascism.”

EFF: Stupid patents are dragging down AI and machine learning (Ars Technica) "The patent reads like the table of contents of an intro to AI textbook."

My lousy Super Bowl-betting AI shows how humans are indispensable in cybersecurity (The Next Web) Artificial intelligence and machine learning have never been more prominent in the public forum…

Where human intelligence outperforms AI (TechCrunch) With every new trend comes a counter-trend. And so despite the current excitement over the wonders of artificial intelligence, one company is betting that..

Research and Development

New research details the privacy implications of email tracking (CSO Online) Princeton University researchers have a new paper for PETS 2018: “I never signed up for this! Privacy implications of email tracking.”

DHS cyberinsurance research producing insights about security trends (TechRepublic) The US Department of Homeland Security says it's starting to see interesting security trends based on a long-term research project into cyberinsurance markets.

The Science of Cybersecurity (SIGNAL Magazine) A group of DHS researchers focused on fortifying homeland security has cybersecurity technology development down to a science.

Air Force Extends the Development of its Cyber Mission Platform (Defense Systems) The service continues developing its first unified platform to operate and deploy offensive cyber tools.

Legislation, Policy and Regulation

Social Media is ‘First Tool’ of 21st-Century Warfare, US Lawmaker Says (Defense One) And buying Facebook ads is much cheaper than an F-35 fighter jet, said Sen. Mark Warner.

UN’s failure to frame cyberspace norms leaves officials split over cyber warfare (Jane's 360) The UN’s recent failure to proscribe cyber warfare has left government officials and legal experts in Europe divided over whether existing laws are sufficient or new ones are needed to contain the threat.

Taoiseach meeting fellow EU leaders to discuss cyber security (Breaking News) The Taoiseach Leo Varadkar is in Estonia at a Digital Summit looking at cyber security.

PM May calls for European cyber-cooperation; Norway joins Nato CCD COE (SC Media UK) UK Prime Minster Theresa May urges European cooperation to combat cyber threats; Norway joins Nato CCD COE

NSA says it would need to scale down spying program ahead of expiration (Reuters) The U.S. National Security Agency would need to begin winding down what it considers its most valuable intelligence program before its expiration at year-end if the U.S. Congress leaves its reauthorization in limbo, the agency's deputy director said on Friday.

Cyber Command Is Growing Up. Now For the Real Issue. (The Cipher Brief) Elevating Cyber Command now may be akin to if the U.S. created a Battleship Command in 1935; the wrong force for the wrong kind of conflict.

Cybersecurity threats demand modernizing federal technology (TheHill) Cyberattacks are on the rise, and it's imperative that the federal government take action.

Montgomery County doesn't plan to reveal its blueprint to prevent new cyber attacks, citing security (Montgomery Advertiser) The county worries that hackers will use the information to mount future attacks against their systems

Litigation, Investigation, and Enforcement

Iran Attends Europol-Interpol Cybercrime Conference (Financial Tribune) The fifth edition of Europol-Interpol...

Twitter’s Disclosure of Russian Activity Sparks Criticism From Lawmakers (Wall Street Journal) Twitter offered its first public information on Russian use of its platform during the U.S. presidential election, but its limited disclosure only fueled criticism from lawmakers who are pushing for greater transparency from internet companies over how their platforms are manipulated.

Padilla Faults DHS on Russian Cyberwarning; CDT Says Safeguards Worked (Government Technology) California's Secretary of State, Alex Padilla, claims that DHS confirmed Russian scanning in California's statewide network.

Judge Delays Decision In Motion To Release Reality Winner On Bail (The Intercept) The arguments on Friday dealt less with questions of Winner's culpability than with her character and political views.

Tony Blair institute finds that non-violent Islamist groups serve as recruitment pool for jihadists (Times) More than three quarters of British jihadists have been involved with non-violent Islamist groups before turning to foreign fighting and carrying out terrorist attacks, a report has indicated.

Apple sees sharp increase in U.S. national security requests (Reuters) Apple Inc has received more than four times as many national-security related requests from the U.S. government in the first half of this year versus a year ago, according to a company report on Thursday.

The NSA Warned Jared Kushner Not to Do the Dumb Email Thing That He Then Did (Gizmodo) Donald Trump’s son in law Jared Kushner and a number of other senior White House officials who used their personal emails for work purposes were expressly warned by the National Security Agency not to do so, Politico reported on Friday.

Greece opens Russian cybercrime suspect's extradition case (Fifth Domain) Complicating matters, Russia is also seeking his extradition on separate fraud charges.

Court Rules FBI Can Keep Names of, Payments Made to iPhone 5C Hackers Secret (Gizmodo) The FBI does not have to disclose the name of or how much it paid a private firm to crack Apple’s iPhone security, U.S. District Court Judge Tanya Chutkan ruled on Saturday.

Release of FISA Title IV and V Documents (IC on the Record) Today, the ODNI, in consultation with the Department of Justice, is releasing additional FISA Title IV and V documents.

Agency to take legal action against Wanna One's Bae Jin-young cyberbullying (The Jakarta Post) C9 Entertainment, the South Korean agency that handles Bae Jin-young, one of the members of K-pop group Wanna One, has announced on Sept. 27 that it will be taking legal action following the cyber harassment toward the 17-year-old Bae.

The State of the Law on Data Scraping (Galkin Law) Data scraping is common, but may violate numerous law, and poses a risk of litigation. A recent case against LinkedIn may pave the way for data scrapers.

Inmates Need Social Media. Take It From a Former Prisoner (WIRED) Opinion: Banning prisoners from Facebook and Twitter doesn't help their rehabilitation.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Federal IT Security Conference (Columbia, Maryland, USA, Nov 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, Nov 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, Nov 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, Nov 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, Nov 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, Nov 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, Nov 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, Nov 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, Nov 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, Nov 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, Oct 31 - Nov 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, Oct 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, Oct 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, Oct 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, Oct 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, Oct 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, Oct 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, Oct 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Weaponization of social media: bots, sockpuppets, trolls, malware (and ads). Equifax hacked by China? DPRK gets more connected.