The CyberWire Daily Briefing 10.4.17

Summary

By The CyberWire Staff

Yahoo! has determined, and disclosed, that all three billion of its email users were in fact compromised in its already massive, now more massive than believed, 2013 breach. It multiplies the largest breach in history by a factor of three. Yahoo!'s new corporate parent, Verizon, which closed its acquisition of Yahoo! this summer, disclosed the new figure late yesterday on the basis of fresh evidence. Coming on the heels of the Equifax debacle and numerous other data exposures we're now conditioned to regard as relatively small, this slow-developing mess has reinforced calls for data-security regulation at least as stringent as GDPR. It may also prompt stricter liability for corporate officers, perhaps even for government officials.

Equifax's departed CEO Richard Smith's Congressional testimony mollified few, and reinforced a picture of poor preparation and response. He said the breach originated with someone's failure in March to communicate that Apache Struts needed to be patched. A subsequent scan to identify software needing updates also failed to catch the oversight. (That second scan is being called a "failsafe" measure, which it seems incorrect. It was a redundant check; a failsafe system would shut down rather than permit operation in an unsafe mode.) Smith said the failed scan is "still under investigation by outside counsel."

Many are surprised to learn that the US Internal Revenue Service just gave Equifax a $7.25 million contract for tax fraud prevention work.

A large data breach affecting some six-thousand businesses and government agencies seems to be unfolding in India.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Ethiopia, European Union, Germany, India, Democratic Peoples Republic of Korea, Russia, United Kingdom, United States

Survey says: frameworks are good, compliance could be better.

How does the public sector view the state of cyber risk management, IT modernization, and the role of cybersecurity standards in improving our nation’s cyber posture? A survey of government and industry attendees at the 2017 AWS Public Sector Summit provides a unique window into the perceptions, challenges and opportunities for cyber risk management. Download your copy of the 2017 Public Sector Cyber Risk Management Report.

On the Podcast

In today's podcast, we hear from our partners at the University of Maryland as Jonathan Katz explains why random numbers have the importance they do for cryptography. Our guest is Dave Mahon from CenturyLink on the importance of diversity and opportunities for women in cyber security.

Sponsored Events

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, October 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Conference: Baltimore Convention Center October 11-12 (Baltimore, Maryland, USA, October 11 - 12, 2017) The CyberMaryland Conference is an annual two-day event that brings together academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” emphasizes information sharing and networking opportunities for development of cyber assets on both the human and technological side.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Yahoo Triples Estimate of Breached Accounts to 3 Billion (Wall Street Journal) A massive data breach at Yahoo in 2013 was far more extensive than previously disclosed, affecting all of its 3 billion user accounts, its parent company Verizon said.

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack (New York Times) Shortly before it was acquired by Verizon, the company had said one billion users were hit by what was considered the largest known breach of a company.

So, Uh, That Billion-Account Yahoo Breach Was Actually 3 Billion (WIRED) Ten months ago, Yahoo disclosed the biggest breach in history. As it turns out, the company severely underestimated the impact. Think a billion users is bad? Try three billion.

Yahoo provides notice to additional users affected by previously disclosed 2013 data theft (Oath) Yahoo, now part of Oath, today announced that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2...

Yahoo 2013 Account Security Update FAQs (Yahoo! Help) Yahoo is providing notice to additional user accounts affected by an August 2013 theft of user data previously announced by the company in December 2016. This is not a new security issue. In 2016, Yahoo previously took action to protect all user accounts.

Congress pries new details on massive data breach from Equifax ex-CEO (Fifth Domain) One week after retiring, and less than a month after disclosing potentially one of the most consequential data breaches in U.S. history, former Equifax CEO Richard F. Smith faced a barrage of questions on the theft of Americans’ financial data when he testified before the House Digital Commerce and Consumer Protection Subcommittee on Tuesday.

Former Equifax CEO Explains What Caused the Cyber Attack (Fortune) Richard Smith testified in front of Congress.

Ex-Equifax CEO: TransUnion, Experian Should Offer Free Services (US News & World Report) The former head of Equifax on Tuesday said other credit agencies should cover costs to consumers in the wake of his company's data breach.

Equifax security breach worsens as investigations continue (TechSpot) In part of the ongoing investigation into the Equifax security breach, private security firm Mandiant has finished its first round of forensic data collection and analysis.

Equifax Retained Law Firm a Month Before Notifying Public of Data Breach (New York Law Journal) Equifax waited more than a month before on Sept. 7 notifying the public that hackers had accessed personal and financial information for about 145.5 million ...

6 Fresh Horrors From the Equifax CEO's Congressional Hearing (WIRED) With each new revelation about the devastating Equifax breach, the company's defenses and response appear increasingly inadequate.

Scammers Hosted Files on Equifax's Australian Website (BankInfo Security) Credit-reporting agency Equifax's Australian website played host to scammers promoting pirated videos, live streams and books. The finding raises further questions

Battling the forces of darkness: Gary Steele, CEO, Proofpoint cybersecurity firm (San Jose Mercury News) Valuable personal data for millions of Americans, stolen in the Equifax hack, will likely end up for sale on the dark web, cybersecurity firm founder says.

Reseting your PIN isn’t hard when hackers have all of your info (American Genius) When you freeze an account it’s common to be asked for a PIN. When you forget a PIN it’s common to be asked sensitive information to prove yourself. What happens when hackers have access to all of the above?

Massive data breach hits 6,000 Indian organisations including govt offices, banks: Quick Heal (Business Today) Information from servers of more than 6,000 Indian enterprises was reportedly put up for sale on dark net in one of the biggest data breach reported in the country.

IT pros not confident of Aussie data breach prevention: study (iTWire) Nearly 70% of Australian IT professionals lack confidence in the ability of their organisations to prevent, detect and resolve data breaches, accordin...

Google Warns of DoS and RCE Bugs in Dnsmasq (Threatpost) A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq.

Researchers Link CCleaner Attack to State-sponsored Chinese Hackers (Security Week) The sophisticated supply chain attack that resulted in millions of users downloading a backdoored version of the popular CCleaner PC software utility was the work of state-sponsored Chinese hackers, according to a new report.

The Increasing Effect of Geopolitics on Cybersecurity (Security Week) Cyber warfare can be exerted by any nation with an actual or perceived grievance against any other nation

New York Times Reporter: False Claims Could Signal ISIS' Fractured State (NPR.org) NPR's Kelly McEvers talks with Rukmini Callimachi of The New York Times about why ISIS falsely claimed responsibility for the Las Vegas attacks. The FBI flatly rejected the claim.

Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon (Reuters) Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

Foreign government code reviews 'problematic': White House cyber official (Reuters) Allowing foreign governments to require reviews of software secrets of technology products built by U.S. companies is "problematic," the top White House cyber security official said on Tuesday, adding that the increasingly common arrangements presented both security and intellectual property risks.

How US Surveillance Helps Repressive Regimes—the Ethiopia Case (Just Security) Snowden docs indicate NSA gave surveillance technology to Ethiopia's repressive regime. Is the U.S. now complicit?

Bitcoin Exchange Denies Getting Hacked After Customers Lose $3 Million (BleepingComputer) OKEx, a Bitcoin exchange based in China, issued a statement over the weekend, denying it was hacked and blaming recent thefts on careless users who didn't secure their accounts.

Bitcoin’s soft and vulnerable underbelly (Naked Security) Your bitcoins are only as safe as your private key

Three WordPress Plugin Zero-Days Exploited in the Wild (BleepingComputer) Hackers have exploited three zero-days to install backdoors on WordPress sites, according to a security alert published minutes ago by WordPress security firm Wordfence.

5 Cybersecurity Vulnerabilities That People Still Forget About - Information Security Buzz (Information Security Buzz) People are cautious of physical theft, but the security of digital assets is often ignored. The simplest actions can have devastating consequences for your data security. Outdated software, weak credentials, and malware all create opportunities for data exfiltration. Studies show that many users believe they won’t be targeted by hackers and aren’t aware of the …

The Age of Modern Mac Malware (Macworld) Over the past 2 decades, Mac-specific malware has grown in volume, variety, and sophistication.

According to Star Trek: Discovery, Starfleet still runs Microsoft Windows (The Verge) The final frontier indeed

Security Patches, Mitigations, and Software Updates

ZTE is now rolling out a security patch to the Blade V8 Pro with a fix for BlueBorne vulnerability and bug fixes (Devs-Lab) The ZTE Blade V8 Pro is now getting the Android October security patch. ZTE has pushed out a new update that also contains bug fixes and performance improvements apart from the security patch. The update also fixes an issue where the device crashed due to a recent Facebook update. We're Hiring! Join now This is …

Serious Linux kernel security bug fixed (ZDNet) Linux server administrators will want to patch their systems as soon as possible.

IBM Patches 28 More Security Vulns In JDK (IT Jungle) IBM on Saturday released patches to fix 28 flaws in the Java Development Kit (JDK) that ships with the IBM i operating system. Almost all of the flaws originated in Oracle’s underlying Java Standard Edition (SE) kit, and many of them are considered very severe. Twenty-seven of the 28 flaws impact the IBM SDK Java

Cyber Trends

When it comes to data breaches, consumers don't know where to turn (Help Net Security) Nearly half of consumers don't know how to respond in immediate wake of identity theft, a study by the Identity Theft Resource Center (ITRC) has found.

PKI changes and uncertainty due to new applications (Help Net Security) Research by the Ponemon Institute reveals the Internet of Things is playing an increasingly important role in influencing PKI planning and usage.

The changing role of the Chief Information Officer (Help Net Security) Digitalization and technological innovation are changing the nature of the job of the Chief Information Officer, according to Gartner.

Marketplace

IRS gives Equifax $7.25 million to prevent tax fraud (CNET) The credit-monitoring agency responsible for exposing 145.5 million Americans’ sensitive data just got a big paycheck from the government.

Russian cybersecurity magnate Kaspersky slams Congress (TheHill) Cybersecurity magnate Eugene Kaspersky chided Congress in a blog post on Monday over his abruptly postponed testimony in front of the House Science Committee, which had originally been scheduled for last week.

ForeScout Technologies unveils security IPO filing (TechCrunch) ForeScout Technologies has unveiled its IPO filing. This puts the network security company on track for a public debut that could happen as soon as late..

CyberCore Technologies gets investment from Chevy Chase firm (Baltimore Business Journal) Enlightenment’s been active this year, with other investments, a high-profile advisory board appointee and an exit.

Cisco: Is There Patience To Wait For The Future? (Seeking Alpha) The company's current difficulty in growing is still clear. Investors who want to minimize downside risk may buy Cisco stock at a price well below intrinsic val

100 cyber security experts will work at this 'world class' innovation hub (Cambridge News) Digital giant invests in new Cambridge HQ

Research Innovations, Inc. Hires Top Cyber Expert Brian Shirey as VP of Cyber Technology & Solutions to Expand its Cyber Business (Markets Insider) Research Innovations, Inc. announced the appointment of Brian Shirey as Vice President of Cyber Technologies & Solutions.

Products, Services, and Solutions

Comodo Launches Comodo Dome Firewall 2.0, a CC EAL 4+ Certified Unified Threat Management Virtual Appliance (Markets Insider) Comodo, a global innovator and developer of cybersecurity solutions and the worldwide leader in digital certificates, today announced the release of Comodo Dome Firewall 2.0, an all-in-one Unified Threat Management (UTM) virtual appliance, which provides a comprehensive suite of boundary and network security features in a single pane of glass, installed on-premises and free of charge.

Comodo Unveils New IoT PKI Platform, Partner Program (Channel Partners) The Comodo IoT Security Platform will allow device manufacturers and network providers to issue and manage PKI and SSL certificates for private ecosystems, and the company is expanding the traditional use of PKI to offer an automated platform for PKI certificates to be managed throughout the entire lifecycle at volumes that can increase to the level required for the IoT market.

Neustar and NetFoundry Deliver World’s First Identity-Secured IoT Networking Solution (BusinessWire) Neustar, Inc., a trusted, neutral provider of real-time information services, and NetFoundry™, a Tata Communications business incubated in Tata

Netwrix to Launch Data Access Bundle Targeted at SMBs (Markets Insider) Netwrix Corporation, provider of a visibility platform for user behavior analysis and risk mitigation in hybrid environments, today announced the launch of special Data Access Bundle tailored to meet the specific needs of SMBs.

eScan launches new TSPM technology to block RDP hacking attacks (eGov) eScan, a security company that focuses on providing enterprise security, has launched the new Terminal Services Protection Module (TSPM) to block Remote Desktop Protocol (RDP) hacking attacks.

MobileIron and Zimperium to Deliver First Real-Time Detection and Remediation for Mobile Threats (Markets Insider) MobileIron (NASDAQ:MOBL), the security backbone for the multi-cloud enterprise, and Zimperium, the global leader in enterprise mobile threat defense (MTD), today announced that MobileIron will integrate Zimperium's machine learning-based threat detection with MobileIron's security and compliance engine and sell the combined solution.

CREST introduces new Threat Intelligence Analyst Certification (CREST) Industry accreditation body sets the bar for threat intel professionals

Un-Delled SonicWall beefs up firewall to wrestle ransomware (Register) Newly-freed security vendor thinks it can drag users into cloudy security analytics

ShieldX and Webroot Join Forces to Help Customers Defend the Cloud Against Onslaught of Cyberattacks (BusinessWire) As Cyber Security Awareness Month kicks off, ShieldX and Webroot partner to provide cloud security solutions. Companies to host joint webcast Oct 25

Google's new Gmail security: If you're a high-value target, you'll use physical keys (ZDNet) Google will launch a new service to protect politicians and senior executives from sophisticated phishing attacks.

How a Twitter troll was slain (Naked Security) After two months tracking down the troll, what does Foxlin think of Twitter support? “Twitter support was a bot”

The Google tracking feature you didn’t know you’d switched on (Naked Security) Matt’s a security expert but Google’s Your Timeline slipped past him and almost everyone he asked

Windows 10: Why does Microsoft Edge have only 70 extensions after a whole year? (ZDNet) Because we're really picky about which ones are allowed, says Microsoft.

Technologies, Techniques, and Standards

How forgetting to renew a domain name cost $3m (Naked Security) If only they’d hit auto-renew

Want to prevent ransomware attacks? Prepare. (SC Media US) The threat is huge. The response? Not so much. Or at least the response isn't on par with the threat when it comes to ransomware.

How boardrooms are safeguarding digital assets (Help Net Security) More than 90% of surveyed senior business leaders agree that strong technology governance contributes to improved business outcomes and increased agility.

Three Clues Your App Has Been Hacked (SIGNAL Magazine) Most organizations find out too late they've been hacked and are left to control damage.

Use of ‘shadow IT’ solutions in data sharing can be avoided (Advanced Manufacturing) To help ensure terabytes of data at manufacturers’ disposal are a blessing, use content-collaboration solutions to prevent use of solutions IT hasn't blessed.

15 Cybersecurity Tips to Staying Secure While Staying Connected (Secureworks) Learn how strong cybersecurity hygiene can help protect you in today’s digitally connected world.

Design and Innovation

The Pentagon Has the World’s Largest Logistics Problem. Blockchain Can Help (Defense One) DoD should join other logistics-heavy organizations in experimenting with the cryptography-messaging-accounting technology that powers Bitcoin.

Academia

UW Bothell prepares students to meet the demand in cybersecurity | Bothell-Kenmore Reporter (Bothell-Kenmore Reporter) There were one million cyber-security job openings in the United States in 2016. More than 200,000 of those positions went unfilled.

Legislation, Policy and Regulation

Equifax, SEC And Deloitte Cyber Breaches: Is It Time To Remove Executive Immunity From Prosecutions? (Forbes) Here we go again; another corporate scandal.

US Reviewing Better Tech Identifiers After Hacks: Trump Aide (Security Week) US officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, a Trump administration official said Tuesday.

Why Cyberattacks Need to be Treated Like Air Disasters (Windows IT Pro) Many years ago I made a decision that saved my life. Living in Sydney at the time, I deferred a planned trip back to Auckland, New Zealand...

Hackers wanted: Special ops leaders seek soldiers who can fight the enemy up close and online (Army Times) Already in high demand for their rare and elite skills, special operations soldiers need to add one more capability to their toolbox: cyber.

Marine cyber defense command educates new units on cyberwarfare (Fifth Domain) The Marine Corps' chief cyber operations outfit will be offering education to help leaders understand how cyber can be employed into traditional operations.

Privacy Experts Urge House to Reform Section 702 NSA Spying Loophole (InsideSources) Privacy experts want Congress to reform a loophole to FISA Section 702, an expiring NSA authority that allows NSA to collect data without a warrant.

DHS Seeks to Be More Active in Agencies' Cyber Defense (BankInfo Security) A top Department of Homeland Security cybersecurity official says DHS is seeking to play a more active role in responding to cyber incidents at other U.S. federal

WIU Alumnus, Former Head of the Defense Intelligence Agency Moves to U.S. Cyber Command Post (Western Illinois University) U.S. Marine Corps Lt. Gen. Vincent Stewart, a 1981 Western Illinois University history graduate, will step down as the head of the Defense Intelligence Agency today (Oct. 3). He has been tapped to become the Deputy Commander of U.S. Cyber Command.

Former US DIA Chief Tells Analysts, 'Speak Truth to Power' (VOA) Lt. Gen. Vincent Stewart says integrity has never been more important

New top tech exec starts at OPM (Federal Times) Acting Director of the Office of Personnel Management Kathy McGettigan has named David Garcia as the agency’s new chief information officer.

Litigation, Investigation, and Enforcement

US senator seeks cyber info from voting machine makers (Fifth Domain) In a letter Tuesday to the CEOs of top election technology firms, Sen. Ron Wyden writes that public faith in American election infrastructure is “more important than ever before.”

Exclusive: Jared Kushner's personal email re-routed to Trump Organization computers amid public scrutiny (USA TODAY) Records show the personal email Jared Kushner used for White House business was redirected to a Trump Organization computer after scrutiny intensified.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Industrial Control Systems (ICS) Cyber Security Conference USA (Atlanta, Georgia, USA, October 23 - 26, 2017) Since 2002, the ICS Cyber Security Conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics. Over the years, the focus of the conference has shifted from raising awareness towards sharing security event histories and discussing solutions and protection strategies. The event will cater to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, October 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.