The CyberWire Daily Briefing 10.5.17

Summary

By The CyberWire Staff

Zscaler has discovered a password stealer spreading through a compromised website. The malware is delivered by VBScript, which after downloading the malicious payload, downloads a decoy document, terminates Microsoft Word processes, installs the payload through PowerShell, and removes document recovery entries of Microsoft Word.

Indian authorities seek to reassure people that their Aadhaar identity data are secure.

In the US, the NFL Players Association inadvertently exposed the personal information of about 1200 players and agents in an unsecured Elastisearch database. (Kromtech found the leak.)

Of the twenty-two million comments received by the US Federal Communications Commission on net neutrality, only 17.4% appear to be genuine, according to data analytics firm Gravwell. The rest? Bots.

In the US, the Department of Homeland Security decries a growing public learned helplessness over cyberattacks and data breaches.

The investigation into the Las Vegas massacre continues, with the shooter's motive still a mystery. But the FBI and local law enforcement say they're looking into the possibility that the killer could have had accomplices. His online activities are drawing predictable attention from investigators.

ICANN has decided to delay a planned DNSSEC master key change to avoid risking disruption of Internet traffic.

Cisco has patched its Firepower Detection Engine. A flaw in SSL decryption could produce a denial-of-service condition.

In industry news, ForeScout has filed for a $100 million IPO, and root9B has resumed trading.

Google's DeepMind is assembling an "ethics" panel of presumed experts to help designers, researchers, and engineers avoid creating disastrously anti-human artificial intelligence.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, European Union, Germany, India, Democratic Peoples Republic of Korea, Republic of Korea, Russia, United Kingdom, United States

Survey says: frameworks are good, compliance could be better.

How does the public sector view the state of cyber risk management, IT modernization, and the role of cybersecurity standards in improving our nation’s cyber posture? A survey of government and industry attendees at the 2017 AWS Public Sector Summit provides a unique window into the perceptions, challenges and opportunities for cyber risk management. Download your copy of the 2017 Public Sector Cyber Risk Management Report.

On the Podcast

In today's podcast, we hear from our partners at Accenture, as Justin Harvey discusses insider threats.

Sponsored Events

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

UMBC Cybersecurity Graduate Info Session (Rockvale, Maryland, USA, October 11, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

CyberMaryland Conference: Baltimore Convention Center October 11-12 (Baltimore, Maryland, USA, October 11 - 12, 2017) The CyberMaryland Conference is an annual two-day event that brings together academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” emphasizes information sharing and networking opportunities for development of cyber assets on both the human and technological side.

The International Information Sharing Conference on October 31 and November 1 in Washington, D.C. (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the ISAO SO. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations and from information sharing newcomers to well-established cybersecurity organizations.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Infostealer spreading through a compromised website (Cloud Security Solutions | Zscaler) The Zscaler ThreatLabZ team has uncovered a new password stealer malware variant being delivered through a compromised website. The payload is Microsoft Intermediate Language (MSIL) compiled and steals the passwords from victims' system, browser, and FTP software.

1,200 Football Players' Personal Data Exposed In NFL Leak -- Colin Kaepernick Included (Forbes) Colin Kaepernick is one of nearly 1,200 footballers who've had their personal addresses and phone numbers leaked.

UIDAI Assures Aadhaar Data Safe After Security Threat (News18) The reported breach

Chips in iPhone 7s, Androids, smart TVs vulnerable to rogue Wi-Fi (Naked Security) Broadcom chips in iPhone 7s phones, some Android devices and smart TVs running tvOS are vulnerable

Top blacklisted Android and iOS apps by enterprises (Help Net Security) Enterprises blacklist apps for a range of security concerns, including specific malicious or data leakage behaviors, security policy compliance and concern

Inside the CCleaner Backdoor Attack (Threatpost) Two members of Avast's threat intelligence team shared new information about the CCleaner backdoor attack.

Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline (Cisco Blogs) Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphics editor for Windows and Mac OS X that can also be used for desktop publishing.

Key net debate 'controlled by bots' (BBC News) A data analytics company says 80% of comments submitted to Federal Communications Commission came from bots.

A 'sense of urgency' as IRS legacy IT systems grow increasingly older (FederalNewsRadio.com) IRS officials say they are following a technology road map and a digital roadmap to modernize the agency's IT infrastructure.

Employees Who Share Passwords Often Bear Responsibility for Hacks (TheStreet) The majority of cyber attacks begin with a phishing email because the hacker is targeting user passwords, and when they are reused by employees on several accounts, 'it's game over,' said Jason Glassberg, co-founder of Casaba Security, a Redmond, Wash.-based white hat hacking firm.

Security Patches, Mitigations, and Software Updates

Cisco Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service Vulnerability (Cisco Security Advisory) A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device.

Cyber Trends

It's dangerous for American society to accept regular cyberhacks as normal, say US officials (CNBC) American society cannot allow itself to become numb to enormous cyberhacks, said government officials at the Cambridge Cyber Summit.

Cylance Global Research Report Finds 64 Percent of IT Decision Makers Expect ROI from Artificial Intelligence within Two Years (BusinessWire) Cylance Global Research Report finds 64 percent of IT decision makers expect ROI from artificial intelligence within two years

Ransomware Cyber Attacks: Which Industries Are Being Hit The Hardest? (BitSight) These four industries have been dramatically impacted by ransomware attacks.

iovation Study Finds 68% of North American Financial Institutions Plan to Invest in Machine Learning to Help Combat Fraud (Marketwired) Combination of trained fraud experts and machine learning promise best way forward for helping financial institutions battle fraud in today's omni channel reality

Most network endpoints are in the dark: Do you know how to find them? (Help Net Security) The need for endpoint security automation is rising. Traditional manual endpoint security approaches are ineffective, leading to neglect of maintenance.

2017 Global Survey of IT and Security Professionals (Infoblox) Are you prepared for a DDoS attack? See how you compare.

Cyber risks loom for energy sector (FCW) Cyberattacks on energy critical infrastructure are the leading threat to the sector, highlighting the need for continued public/private partnerships.

Marketplace

IT concerned about losing jobs while industry worried about IT talent shortage (Help Net Security) While the cybersecurity industry is trying to manage a shortage of qualified professionals, 56% of these fear they’ll lose their jobs should a breach occur.

Better Tech Governance is Better for Business: A 2017 ISACA Research Report (ISACA) In a global survey of executive leaders and board members, ISACA found that one thing is clear: better governance of information and technology has a clear positive impact on business outcomes.

ForeScout Files for $100M IPO to Advance Network Access Control Security (eSecurity Planet) NAC vendor reveals in S-1 filing that it has sold over 43 million endpoint licenses and has over 2,500 global customers.

What You Need To Know About root9B (NASDAQ:RTNB) Following Resumption Of Trading (Benzinga) Shares of Root9B Holdings Inc (NASDAQ: RTNB) crashed 43 percent on Wednesday after the stock resumed trading following a Nasdaq halt on Tuesday. In a new 8-K filing, Root9B...

'We are losing the cyber war' says Oracle's Larry Ellison as he introduces automated security (Computing) We will see more massive data thefts if we continue to fail to prioritise security

Splunk fires a shot across the bows of 'Ludicrous Larry' (Computing) Doug Merritt says there is no such thing as a wall-to-wall Oracle customer

DoD's $28B technology research services contract open for bids (Washington Technology) The Defense Department's solicitation for bids on a potential nine-year, $28 billion technology R&D contract hits the street.

Redwall Technologies to Sponsor ATARC Annual Mobility Summit in Washington, DC, Announce InfoSec Project with The Department of Defense (PRWeb) Ohio-based independent software vendor (ISV) Redwall among a host of best-of-breed sponsors specializing in mobile technologies at the Advanced Technology Academic Research Center (ATARC) symposium, October 24, in Washington, D.C.

Cyberbit Opens New Office in Germany (PRNewswire) Cyberbit, provider of cybersecurity products enabling detection,...

Alphonse Whitmore Named President of BAE Systems, Inc. Intelligence & Security Sector (BusinessWire) BAE Systems, Inc. today announced that Alphonse “Al” Whitmore has been appointed president of the Intelligence & Security (I&S) se

Products, Services, and Solutions

Digital Defense, Inc. and TAG Cyber Launch New Tool To Measure Maturity of Organizations’ Vulnerability Management Programs (GlobeNewswire News Room) Digital Defense, Inc, a security technology and services provider and TAG Cyber, today announced the VM3 (Vulnerability Management Maturity Model) Assessment.

Veracode Becomes First Application Security Vendor to Empower Developers to Secure Modern Web and Cloud Applications (Marketwired) New support for Python Boto3 framework and Scala to ensure static application testing in software development for secure coding practices

Wi-SUN Alliance Selects GlobalSign to Provide Certificate Authority Services to Member Companies (PRNewswire) The Wi-SUN Alliance today announced it has selected...

Cymulate Adds Two New Products to Cybersecurity Arsenal (PRWeb) Validation of security controls against cyberattacks now extends to WAF and DLP solutions

Javelin Strategy & Research Announces Identity Proofing Platform Award Winners: NuData’s NuDetect is the Leader in Innovative Category (PRWeb) NuData Security today announced that it has been designated Leader in the Innovation category in the 2017 Identity Proofing Platform Awards by Javelin Strategy & Research.

Recorded Future Introduces Dynamic Threat Views to Surface Risk-Based, Relevant Intelligence (PRNewswire) Recorded Future, the leading threat intelligence provider, today announced...

FedRAMP Tailored service baseline available for use (Fifth Domain) FedRAMP announced the release of their FedRAMP Tailored baseline program for cloud service provider use after two rounds of public comment on the program.

FireEye Expands Cybersecurity Threat Detection with Major New Releases (BusinessWire) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced major new software releases and next-generation hardware, adding

Technologies, Techniques, and Standards

DNSSEC master key change delayed after ISPs struggle (Naked Security) ICANN isn’t going to risk breaking the internet

Beyond GDPR: Data Residency Insights from Around the World (McAfee) Our study reveals the top data protection concerns and strategies of more than 800 senior business professionals from eight countries and a range of industries.

The Myth of the Secure Cloud (Legaltech News) “There’s really no such thing as the cloud, there are only other people’s computers.” This may have been true at first; but it is now worth some investigatio...

The Role of DNS in SCADA System Security (BlueCat) SCADA systems, powering most industrial processes, are essentially IoT devices just as vulnerable to DNS cyberattacks. Defend with Client-facing firewalls.

Don’t WannaCry? Then Start to Prepare Now (Symantec) Wannacry and other ransomware attacks are likely to get more frequent and more potent as cybercriminals seek new ways to deliver their payloads.

BRO IDS: 7 Takeaways from BroCon 2017 (Bricata) For three days in September, a small but growing community of cybersecurity professionals dedicated to a specialized open source tool, gathered at the National Center for Supercomputing Applications in Urbana, Illinois.

Email fraudsters foiled by a smiley (Naked Security) Kiss that $90K goodbye, untalented imposters!

Integrating conventional and cyber weapons [Commentary] (Fifth Domain) Having served in Desert Storm flying combat missions in the F-16, I found that success during that conflict came from the first true integration of electronic warfare and conventional munitions.

Design and Innovation

DeepMind announces ethics group to focus on problems of AI (Guardian) Firm brings in advisers from academia and charity sector to ‘help technologists put ethics into practice’ in bid to help society cope with artificial intelligence

Research and Development

Cryptomathic Granted New Patent for Strong Non-Repudiation with eSignatures (Fintech Finance) Extends Cryptomathic’s leadership in eSignature IP, confirms Cryptomathic Signer as de-facto choice for trust centers, banks and government agencies seeking the highest level of non-repudiation whe…

Battlefield internet technologies, interconnected robots focus of new Army programs (EurekAlert!) The US Army Research Laboratory recently announced the University of Illinois at Urbana-Champaign and the University of Pennsylvania as lead research organizations for two enterprise research programs that will address challenges the military faces in internet-connected, robot-rich congested and contested battlefields.

Academia

Regent University and Cyberbit Open Cutting-Edge Cyber Range Training Center (PRNewswire) Cyberbit Ltd, provider of cybersecurity...

Legislation, Policy and Regulation

Russia throws North Korea lifeline to stymie regime change (Reuters) Russia is quietly boosting economic support for North Korea to try to stymie any U.S.-led push to oust Kim Jong Un as Moscow fears his fall would sap its regional clout and allow U.S. troops to deploy on Russia's eastern border.

Palo Alto Networks Supports Australian Government Initiative for Cyber Security (DATAQUEST) Palo Alto Networks announced its support of the Australian government’s International Cyber Engagement Strategy, launched on 4 October, 2017. In support of the capacity-building efforts of Australia’s new International Cyber...

Bipartisan group of lawmakers seeks to impose new curb on U.S. government spy power (Washington Post) Their bill would limit the FBI’s warrantless access to Americans’ communications in the surveillance database.

EXCLUSIVE: DOD Drops SPLC From Extremism Training Materials (The Daily Caller) The Pentagon has officially severed all ties to the Southern Poverty Law Center (SPLC) after previously relying on the group’s training materials on extremism. Brian J. Field, assistant U.S. atto

DHS Forms Election Security Task Force (Defense One) The new task force will draw resources from across the Department of Homeland Security, including intelligence analysis.

The U.S. Navy must shore up its cyber defenses [Commentary] (Fifth Domain) As we go forward in the information age and contend with the reality of having to always be “connected,” we must ensure we are doing everything we can to safeguard our networks.

Litigation, Investigation, and Enforcement

European Initiative Says Don’t Curb Objectionable Online Content, U.S. Action Unlikely (Legaltech News) The European Commission recently released guidelines for online platforms aimed to prevent, detect and remove content that incites hatred, violence and terro...

Las Vegas shooter's girlfriend returns to US as police reveal details of his planning (Guardian) Marilou Danley was in Philippines at time of shooting Stephen Paddock placed cameras inside and outside his hotel room

FBI Agent: We Have ‘Multiple Leads’ In US And ‘All Across The World’ In Vegas Shooting [VIDEO] (The Daily Caller) FBI special agent Aaron Rouse said at a press conference Wednesday that the FBI has leads in the investigation of the Las Vegas shooting "all across the United States and all across the world." WAT

Las Vegas massacre: killer Stephen Paddock probably had help, says sheriff (Times) The gunman who murdered 59 people in America’s deadliest mass shooting in modern times probably had help and may have intended to escape, police said last night. Joseph Lombardo, the sheriff of...

The Frightening Enigma of the Las Vegas Shooter (The Atlantic) The absence of any known ideological or personal motivation behind Sunday night’s massacre makes the terror of an already random act of violence even deeper.

FBI and DHS Assessment Outlined Threat of Lone Offenders Targeting Las Vegas (Foreign Policy) The U.S. government warned of possible attacks on entertainment venues and mass gatherings.

Equifax Breach Affects 143M: How Would GDPR Have Impacted the Disclosure (Legaltech News) Had the breach occurred under the General Data Protection Regulation, the implications for Equifax would be substantial.

Wasserman Schultz IT Aide Allegedly Bragged He Paid Pakistani Police For Protection (The Daily Caller) A now-indicted IT aide to various House Democrats was sending money and gifts to government officials in Pakistan and received protection from the Pakistani police, multiple relatives claim. A De

Spies Hack. But the Best Spies Hack Other Spies. (BleepingComputer) During their investigation of NetTravler, Kaspersky Lab researchers discovered an unusual backdoor that could have helped another attacker access one of their main servers, and then use the group's infrastructure or steal data.

Walking in your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell (Securelist) Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt manipulation have proven enough for many researchers to shy away from the attribution space.

'Attribution' paper may queer the pitch for Kaspersky Labs (iTWire) Russian security firm Kaspersky Labs may have put itself squarely in the crosshairs of the lobby promoting the theory that Russia hacked the Democrati...

DHS says Kaspersky decision based on ‘open source’ information (TheHill) DHS banned the federal government from using Kaspersky products in September, citing national security concerns.

US Kaspersky ban shows governments still don't get cybersecurity (The Sydney Morning Herald) Donald Trump's presidential election victory had nothing to do with hackers.

Hill Russia investigators to tell public what they've learned (CNN) Senate intelligence committee leaders on Wednesday plan to detail the conclusions they've already drawn in their months-long investigation into Russia's meddling into the 2016 US election -- and what they plan to do about it.

Senators: Probe into possible Trump-Russia collusion ongoing (Military Times) Leaders of the Senate intelligence committee said Wednesday that they have not determined roughly nine months into their investigation whether Russia coordinated with the Trump campaign to sway the 2016 presidential election.

Paul Manafort Isn’t a Deep-State Martyr (Foreign Policy) Donald Trump’s campaign manager says he’s the victim of dirty tricks. But national security investigators don’t play games.

Lee administration received reports about Cyber Command’s political interference (Hankyoreh) New documents show Blue House officials were aware of military’s role in boosting ruling party candidates

German Law Enforcement Officials Receive 2017 M3AAWG J.D. Falk Award for Initiating Global Takedown of Avalanche Malware (GlobeNewswire News Room) M3AAWG honored two German law enforcement officials today for their work in developing the global public/private collaboration that shutdown a massive malware offensive infecting computers in 189 countries and costing victims over $6 million in ransomware payments.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

U.S. Department of Transportation Cybersecurity Symposium (Washington, DC, USA, October 11 - 12, 2017) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is two days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted by the Office of the DOT Chief Information Officer (CIO) and the Chief Information Security Officer (CISO), the symposium is open to all Federal agencies. Speakers from the DOT, DHS, NHTSA, NIST and industry will share their real world experiences and knowledge related to all facets of cybersecurity infrastructure including energy, Network transportation, defense, homeland security other relevant sectors.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

upcoming Events

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Boston is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services. Conference sessions and panels will focus on automated sharing, analysis, how to build trust in a community of interest, cross-sector sharing, the role of government in information sharing, the value proposition of an ISAO, and much more.

2017 Annual Conference: Networking the Future (Tampa, Florida, USA, October 27, 2017) Networking the Future is the Florida Center for Cybersecurity's fourth annual conference and will host hundreds of cybersecurity technical and non-technical stakeholders from industry, government, the military, and academia for a comprehensive exploration of emerging threats, best practices, research, workforce development, and today's hottest cyber trends.

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, October 27, 2017) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

Digital Risk Summit (Washington, DC, USA, October 25 - 27, 2017) Hosted by Neustar, the Digital Risk Summit is a forward-looking educational conference packed with actionable intelligence and best practices for all types of organizations. If you interact with consumers, customers, and partners by phone or online, you face digital risk. In today’s world, it’s imperative that you stay on top of rapidly evolving threats. Hear and learn from regulators, FBI, U.S. Secret Service and other experts about the latest risks and how best to manage them now and in 2018. Attendees will also have the opportunity to earn CPE, CRCM and CAMS credits.

European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.

PCI Security Standards Council: 2017 Europe Community Meeting (Barcelona, Spain, October 24 - 26, 2017) Three days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Europe Community Meeting.

Industrial Control Systems (ICS) Cyber Security Conference USA (Atlanta, Georgia, USA, October 23 - 26, 2017) Since 2002, the ICS Cyber Security Conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics. Over the years, the focus of the conference has shifted from raising awareness towards sharing security event histories and discussing solutions and protection strategies. The event will cater to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations.

Cyber Security Summit 2017 (Minneapolis, Minnesota, USA, October 23 - 25, 2017) Cyber Security Summit is a public-private collaboration with support from industry, government, and university leaders who gather to discuss security trends and solutions. The 7th Annual Summit will bring together senior executives, risk managers, military representatives, policymakers, lawyers, academics, and technology leaders. Topics, content and speakers are driven by an Advisory Board composed of experts from diverse critical infrastructure operators and commercial market sectors.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.