The CyberWire Daily Briefing 10.18.17

Summary

By The CyberWire Staff

North Korea, its economy hard-hit by international sanctions, continues to find income through cybercrime. BAE researchers attribute a recent theft of $60 million from Taiwan's Far Eastern International Bank to the DPRK's Lazarus Group, the same outfit thought responsible for 2016's illicit funds transfer from the Bangladesh Bank. As they did in the 2016 robbery, the thieves exploited the SWIFT international money transfer system. How they did so isn't yet fully understood, but it appears that a ransomware attack may have functioned as misdirection.

The Magnitude exploit kit is currently active distributing Maniber ransomware to South Korean targets. The vector is malvertising.

Some security researchers argue it's IEEE's fault that the WPA2 wi-fi protocol proved vulnerable to KRACK attacks. IEEE standards, they say, aren't generally open to inspection and vetting by security researchers who might be able to discern flaws earlier. "IEEE working groups are a closed industry process," Johns Hopkins cryptographer Matthew Green told WIRED.

Cybercriminals follow a Willy-Suttonesque path of least resistance to where the money is. That path right now seems to lead to cryptocurrency mining. Some of the criminals seem garrulous and careless, and likely to receive a sabbatical courtesy of various police agencies. Bleeping Computer describes one such, a Russian-speaking hood whose nom de hack is 0pc0d3r. He's installing Monero miners via Grand Theft Auto gaming mods, and he can't seem to shut up about what he's up to.

Oracle's quarterly patch addresses 250 bugs. Other notable patches are out from BlackBerry, Lenovo, and PeopleSoft.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bermuda, European Union, India, Israel, Democratic Peoples Republic of Korea, Russia, Taiwan, United Kingdom, and United States.

Are your needs being addressed at every stage of the cyber attack cycle?

Security organizations face numerous challenges, from increasingly large volumes of data and lack of tools and trained staff to validate intelligence, to the inability to operationalize threat intelligence. Learn how the threat intelligence-as-a-service model can strengthen and complement security postures of varying maturity levels in a webinar with Intellyx’s Principal Analyst Charles Araujo and LookingGlass’ Doug Dangremond, Senior Vice President of Threat Intelligence Services. Thursday, November 9 @ 2PM ET. Sign up now.

On the Podcast

In today's podcast we hear from our partners at Lancaster University, as Awais Rashid discusses securing critical infrastructure. Our guest, PhishMe CTO Aaron Higbee, talks about the human factors involved in phishing.

Sponsored Events

SecurityWeek’s 2017 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 23 - 26, 2017) As the largest and longest-running cyber security-focused conference for the ICS/SCADA sector, SecurityWeek’s ICS Cyber Security Conference caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military.

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Taiwan Bank Heist Linked to North Korean Hackers (Security Week) A recent cyber-heist that targeted a bank in Taiwan has been linked by security researchers to an infamous threat group believed to be operating out of North Korea.

India Home to Hackers Working for North Korea, Claims NYT Report (The Quint) Citing a report by the Recorded Future, NYT said nearly a fifth of the Pyongang’s attacks originate from India.

Threat Spotlight: Opening Hacker’s Door (Cylance) ‘Hacker's Door’ is an old Chinese backdoor that recently resurfaced during an APT investigation, with new updates. Employing a rootkit, the backdoor is highly surreptitious and contains a novel covert communication channel.

Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware (TrendLabs Security Intelligence Blog) A new ransomware is being distributed by the Magnitude exploit kit: Magniber, which we found targeting South Korea via malvertisements.

Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable (Malwarebytes Labs) A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws in the Wi-Fi standard, not some specific hardware.

Why the Krack Wi-Fi Mess Will Take Decades to Clean Up (WIRED) The Krack Wi-Fi vulnerability exposes just how deeply broken IoT security really is—and just how limited the options are to repair it.

Why KRACK could hit your smart home's Wi-Fi the hardest (CNET) Wi-Fi connected devices and appliances are ideal targets for hackers, thanks to the KRACK exploit.

The Flawed System Behind the Krack Wi-Fi Meltdown (WIRED) When software standards aren't open and available for researchers to vet, bad things happen. Just look at Krack.

WaterMiner Malware Author Can't Keep His Mouth Shut on Social Media (BleepingComputer) A Russian-speaking malware author is currently busy spreading a Monero miner hidden inside gaming mods. The crook is using different usernames to spread the malware on forums for Russian-speaking users.

Mining Malware: Signals of a Shift in Cybercrime (Recorded Future) New threat intelligence from the Insikt Group has identified malicious cryptocurrency mining as a long-term, low-velocity revenue source for threat actors.

How cyber attackers almost stole a unique chance from Australian astrophysicists (ABC News) Just after astrophysicists at WA's Zadko telescope learn about the detection of a monumental deep space event involving two neutron stars colliding, they come under sustained cyber attack.

Simple Social Login for Users and Attackers (Infosecurity Magazine) Social logins are a growing source of abuse as attackers figure out ways to hack these authentication mechanisms.

Your Board Of Directors Is Exposing You To Risk (Forbes) It’s commonly accepted that your users are the weakest link in your security chain. That is actually not true in a lot of cases, though. The reality is that your true Achilles heel is probably your board of directors.

FTC urged to investigate ‘easy’ to hack smartwatches for kids (CSO Online) After a new report revealed significant security and privacy flaws in smartwatches for kids, U.S. watchdog groups asked the FTC to investigate.

P0rn and Swastikas Have Infiltrated 'Roblox' (Motherboard) Hackers have found ways to subvert parental controls in the children's computer game.

Security Patches, Mitigations, and Software Updates

Oracle Patches 250 Bugs in Quarterly Critical Patch Update (Threatpost) Three critical SQL injections vulnerabilities in Oracle's popular E-Business Suite make up a total of 250 bugs patched for the company's quarterly Critical Patch Update,

BlackBerry Patches Vulnerabilities in Workspaces Server (Security Week) Updates released by BlackBerry for some Workspaces Server components address two vulnerabilities, including a high severity flaw that can be exploited for arbitrary code execution.

Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk, Vibe Phones (Threatpost) Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices.

Critical Code Execution Flaw Patched in PeopleSoft Core Engine (Threatpost) Companies running PeopleSoft exposed to the internet should pay attention to a remote code execution vulnerability patched in the Oracle Critical Patch Update.

Cyber Trends

One Identity Research Exposes Major Problem with Employees Snooping on the Corporate Network (Marketwired) Global survey of over 900 IT security professionals indicates that employees are seeking out, and finding, information that is irrelevant to their jobs.

Aqua Security’s ‘Container Security in The Enterprise’ Survey Finds Perception and Governance Gaps Amongst DevOps and Security Teams (Aqua) Findings highlight differences in security focus and ownership based on respondents’ roles, experience with containers, and maturity of deployment…

Study: 61 Percent of Organizations Have Minimal Control of SSH Privileged Access (Venafi) Only 35 percent rotate SSH keys as an automated process when administrators leave or are reassigned

RiskIQ | Top UK Organisations Still Too Exposed to Cyber Threats According to New RiskIQ Research (RealWire) Unpatched web infrastructure and de-centralised web management practices are leaving UK organisations vulnerable to cyber-attacks and high profile data breaches.

The pervasive risk of vulnerable open source components (Help Net Security) Fewer than 28 percent of companies conduct regular composition analysis to understand which components are built into their applications.

PwC: UK Firms in the Dark Over Cyber-Attacks (Infosecurity Magazine) PwC: UK Firms in the Dark Over Cyber-Attacks. Latest study reveals woefully inadequate response to growing threat

Marketplace

2017 SINET 16 Winners Announced (BusinessWire) The winners of the annual SINET 16 innovation competition were selected from a pool of over 130 applicants from nine different countries.

Kaspersky Lab has launched a Talent Discovery Program to address Security Experts shortage (Innov8tiv) Experts are needed across all industries and we are proud of the pool of experts we have. But we also believe that it is part of our mission to find more

5 Creative Ways to Overcome the Cybersecurity Talent Shortage (Bricata) Zero percent. That’s the unemployment rate among cybersecurity professionals.

Survey Says: Soft Skills Highly Valued by Security Team (Tripwire: the State of Security) Continuing the discussion around the skills gap our industry is facing, I’m excited the share our final set of results from the Tripwire skills gap survey

Cloudflare, Crowdstrike CEOs Spar Over Future of Cybersecurity Business (Fox Business) Two prominent executives in the cybersecurity industry on Tuesday debated whether the field is a long-term business -- or instead will be blended into the array of services tech giants offer customers.

Splunk acquires SignalSense, beefs up machine learning, security expertise (ZDNet) SignalSense will give Splunk more technology and machine learning expertise for its security tools.

Proofpoint: Getting Ahead Of Itself (Seeking Alpha) Proofpoint has gotten ahead of itself after the recent rally bumped up its relative valuation. This is yet another cybersecurity play whose valuation is being d

IBM beats revenue estimates; hints at sales growth (Yahoo! Finance) IBM has been focusing on cloud, cybersecurity and data analytics, or what the company calls its "strategic imperatives", to counter a slowdown in its legacy hardware and software businesses.

Thycotic Achieves Most Successful Quarter in Company History (Sys-Con Media) Company's strong performance continues in Q3 2017 with 50 percent sales growth and addition of more than 190 customers

Trend Micro positioned to take on enterprise security leaders (CSO Online) Trend Micro has the products, ecosystem and strategy to become an enterprise security leader. Now it needs to improve market visibility and get on CISOs’ radar.

Radware Receives 2017 Cloud Computing Security Excellence Award (GlobeNewswire News Room) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, announced today that TMC, a global, integrated media company, has named Radware’s Cloud Security Services as a 2017 Cloud Computing Security Excellence Award winner.

Products, Services, and Solutions

Camelot ITLab joins SAP’s brand-new initiative to boost Blockchain and IoT (Camelot - Innovative Technologies Lab) With the SAP Blockchain and IoT Co-Innovation Program SAP customers get the opportunity to identify, discover and implement applications to capture various events in blockchain, from the design and development of products to production and logistics up to product tracking.

LGS Innovations and ALE Announce JITC Certification of Scalable Enterprise Switching (BusinessWire) LGS Innovations and ALE, operating under the Alcatel-Lucent Enterprise brand, today announced that the Joint Interoperability Test Command (JITC) has

Optiv Security’s New Comprehensive Approach Helps Enterprises Clarify and Satisfy All Cyber Security Requirements of General Data Protection Regulation (GDPR) (Optiv) Company’s Offerings Assist Organizations with Minimizing Breach Risk for GDPR Compliance while Optimizing Existing Security Investments

NIST National Cybersecurity Center of Excellence to Demonstrate CyberX Platform (PRNewswire) Collaboration aims to prevent operational disruption in ICS/SCADA manufacturing environments by accelerating adoption of behavioral anomaly detection technology

Interos Wins Contract From OSD to Improve Supply Chain Risk Management at the Department of Defense (Interos) The Office of the Secretary of Defense (OSD) has awarded a contract to LMI and Interos Solutions to improve supply chain risk management processes at the Department of Defense (DOD).

Local Government Needs Two Minutes, Instead of Two Hours, to Investigate Potential Threats (Netwrix) Netwrix Auditor enables the IT department of Johnson County, Kansas, to improve its security posture

Artificial Intelligence [AI] : Protecting online dating users from fraud (SaucyDates) Cyber crime and dating fraud is a growing business for criminals. Hundreds of millions of dollars is stolen each year.

Google to Offer Stepped-up Security For 'High Risk' Users (Security Week) Google said Tuesday it would offer stronger online security for "high risk" users who may be frequent targets of online attacks.

Comodo Internet Security Pro 10 Review: It works well, but read every install screen closely (PCWorld) Comodo Internet Security Pro 10 will do the job inexpensively, but its free trial has a few aggravating habits.

Ixia Test Solution Helps Corsa Technology Validate Design of Network Security Enforcement Device (BusinessWire) Ixia Test Solution Helps Corsa Technology Validate Design of Network Security Enforcement Device

Centripetal Networks Selects Webroot BrightCloud® IP Reputation Service (PRNewswire) Webroot, a leader in endpoint security, network security, and threat...

QuoVadis Accredited as eIDAS Qualified Trust Service Provider (NASDAQ.com) WISeKey International Holding SA / QuoVadis Accredited as eIDAS Qualified Trust Service Provider . Processed and transmitted by Nasdaq Corporate Solutions. The issuer is solely responsible for the content of this announcement.

Secucloud | Makedonski Telekom chooses cloud-based security from Secucloud (RealWire) A further subsidiary of the Deutsche Telekom Group is now working with the German security specialistHamburg, Germany. 17 October 2017 – Starting in October Makedonski Telekom, as a part of Deut

AsTech Offers $1 Million Breach Defense Guarantee With Managed Qualys Offering (MSP Mentor) AsTech Vigilance – announced Monday – is being billed as the first guarantee for implementing, configuring and managing Qualys’ cloud-based security and compliance solutions.

Corero Network Security Expands Product Family to Include Real-Time Virtualized DDoS Protection (BusinessWire) Corero expands product family to include real-time virtualized DDoS protection enabling greater flexibility for deploying automatic mitigation.

Technologies, Techniques, and Standards

What's Next After HTTPS: A Fully Encrypted Web? (Dark Reading) As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.

Fake News: Determining the Truth Via Critical Thinking (CyberDB) There is an increased focus on fake news, particularly in light of Russia’s alleged involvement in the 2016 presidential election.

The fix is in for hackable voting machines: use paper (Naked Security) There should be a paper trail for every vote

Design and Innovation

Top 10 Hot Data Security And Privacy Technologies (Forbes) Almost 60% of the adult population in the U.S. found out recently that their personal data—names, social security numbers, birth dates, addresses, driver's license numbers—could be in the hands of criminals.

Microsoft: Why identity protection is the key to corporate security (IT Pro Portal) With organisations needing to deal with bigger and more complex data sets, the future of security is set to be increasingly identity-driven, Microsoft tells ITProPortal.

Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way (Dark Reading) Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.

Research and Development

How Google’s Quantum Computer Could Change the World (Wall Street Journal) The ultra-powerful machine has the potential to disrupt everything from science and medicine to national security—assuming it works

Is the U.S. ready for a quantum leap in computing? (FCW) While widespread use of quantum computing is likely still years away, experts stress that government should ramp up preparations for a future that could disrupt the underpinnings of conventional encryption.

Think tank launches new center to study information warfare (Fifth Domain) The Institute for Critical Infrastructure Technology, a Washington, D.C., nonpartisan think tank, announced it is establishing the Center for Cyber-Influence Operations Studies.

Legislation, Policy and Regulation

EU uses Privacy Shield review to press for reform of U.S. foreign surveillance law (TechCrunch) A one-year-old data transfer mechanism that's used by thousands of companies to authorize transfers of personal data between the European Union and the U.S...

Digital India: Cybersecurity cess coming? Why this will be a bad idea (The Financial Express) At the same time, CERT-In advisories show, the digital payments infrastructure is increasingly coming under attack. Globally, too, the past few weeks have been painful from a cyber security point of view.

Cybersecurity rules to impact island firms (The Royal Gazette) Bermuda financial-services companies with offices in the US will be need to be prepared for new cybersecurity regulations within the next four months.

Trump team's leaks about Israel's hack of Kaspersky Lab could further "damage" ties (Newsweek) Government officials once again disclosed information about Israeli operations that aid Washington.

Not just money and talent: Five ways the government can get better at cybersecurity (Fedscoop) Federal agencies have made positive strides in how they approach protecting information systems in the past few years, experts said Tuesday at a D.C. CyberWeek event, but the government’s cybersecurity efforts have room for improvement in several areas.

Whistleblower Protections in USA Liberty Act Not Enough (Electronic Frontier Foundation) The USA Liberty Act fails to safeguard whistleblowers—both as federal employees and contractors—because of a total lack of protection from criminal prosecution.

Senate confirms DoD policy No. 2 (Defense News) The Senate confirmed David Trachtenberg to be the principal deputy undersecretary of defense for policy by a 79-19 vote Tuesday.

Litigation, Investigation, and Enforcement

U.S. senator probes Pentagon on Russian source code reviews (Reuters) A U.S. senator on Tuesday asked the Defense Department to explain how it manages the risks when it uses software that has been scrutinized by foreign governments, saying the practice may represent a national security threat.

Spicer interviewed by Mueller's team (POLITICO) The former press secretary met with prosecutors in the Russia probe on Monday.

Russia probe: Senate asks Mike Flynn's son for documents, testimony (NBC News) The Senate Intelligence Committee is interested in Michael G. Flynn’s work as his father’s aide and travel companion with Flynn Intel Group.

Robert Mueller spoke to cybersecurity expert who claims he was recruited to collude with the Russians: Report (Washington Examiner) The House Intelligence Committee, conducting its own Russia probe, has also interviewed the expert.

Comey drafted his statement ending the Clinton email investigation months in advance, the FBI confirms (Newsweek) Transcripts the Senate Judiciary Committee obtained had previously indicated that Comey drafted the statement.

FBI uncovered Russian bribery plot before Obama administration approved controversial nuclear deal with Moscow (TheHill) Before the Obama administration approved a controversial deal in 2010 giving Moscow control of a large swath of American uranium, the FBI had gathered substantial evidence that Russian nuclear industry officials were engaged in bribery, kickbacks, extortion and money laundering designed to grow Vladimir Putin's atomic energy business inside the United States, according to government documents and interviews.

You Can’t Buy the Presidency for $100,000 (Wall Street Journal) Russia didn’t win Trump the White House any more than China re-elected Bill Clinton in 1996.

Obama EPA did not do background checks on hundreds of cyber-contractors, watchdog warns (Fox News) Hundreds of contractors holding important information security jobs at the U.S. Environmental Protection Agency have for years been working as high-level operators of its computer systems without the appropriate security background checks — a situation the agency is still scrambling to correct.

Are you sharing the same IP address as a criminal? Law enforcement call for the end of Carrier Grade NAT (CGN) to increase accountability online (Europol) On 13 October 2017, the Estonian Presidency of the Council of the EU and Europol held a workshop attended by 35 EU policy-makers and law enforcement officials, to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet.

IRS Cybercrime Agent Lurks Dark Web Subreddit Looking For Hackers (Motherboard) Even the taxman lurks on r/DarkNetMarkets.

StrikeForce Technologies Announces that the United States Patent and Trademark Office Denied Two Petitions for Inter Partes Review of StrikeForce’s U.S. Patent No. 8,484,698 (GlobeNewswire News Room) StrikeForce Technologies, Inc. (OTC PINK:SFOR) announced today that the Patent Trial and Appeal Board (“PTAB”) of the United States Patent and Trademark Office denied two petitions for inter partes review

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Finding threats by converging location, people, & logical data (McLean, Virginia, USA, October 19, 2017) This group involves talks/discussions focused on cyber security topics (e.g., UEBA, threat analysis, compromised endpoints, insider threats, etc.) so that we may all share knowledge and benefit. Also, how can we use what we learn to construct computational models (or, learn it from data) to construct systems capable of being deployed in production environments.

upcoming Events

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event showcases the SINET 16, the annual list of the most innovative young companies in the industry.

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program brings together healthcare, medical device and security experts to offer a unique complete end-to-end perspective on the cybersecurity environment – from the economics and motivations of ransomware authors to the needs of the patient. Supporting organizations of the Summit include the American College of Clinical Engineering, INCOSE and The Society for Participatory Medicine. Keynote speakers include Ron Williams, IBM Security Systems and Matthew Green, PhD, Johns Hopkins University.

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information exchange across the cyber community, and includes participation from military, government, academia, and industry from around the world. The conference promotes security initiatives and furthers research on cyber threats and opportunities. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of engaging sessions and intense networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer. POC has been making a history with sincere staffs, hackers from the world, and sponsors since2006. POC will be a unique conference.

Exploring Health IT Innovation and Cybersecurity in the Digital Era (Kalamzoo, MIchigan, USA, November 2 - 3, 2017) Government, industry and academic leaders in health information technology and cybersecurity will headline a conference focused on "Exploring Health IT Innovation and Cybersecurity in the Digital Era" at Western Michigan University. The joint Western Michigan IT Forum and International Conference on Health IT Advancement will be held at WMU's Fetzer Center with sessions for industry, academic and student participants.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Lazarus Group robs Taiwan bank? Magnitude EK distributing Maniber ransomware. IEEE standards-setting questioned in KRACK affair. Criminals mine coin. Patch notes.