The CyberWire Daily Briefing 11.8.17

Summary

By The CyberWire Staff

Volexity is tracking a Vietnamese threat group the company says is running an ongoing cyberespionage campaign against ASEAN neighbors. The researchers are coy about attribution, but they identify the group with APT32, a.k.a. OceanLotus, which FireEye described in May. APT32 is currently engaged in surveillance of ASEAN meetings convened in Manila.

Symantec finds espionage group "Sowbug," known since 2015, still quietly active with its Felismus malware. Sowbug's targets have principally been in Latin America, but it's recently expanded its interests to include Asia. It looks like nation-state sponsored activity with an interest in diplomatic intelligence, but which nation might be running Sowbug is unknown.

Appleby, the Bermuda off-shore specialist law firm, says it was hacked, and it wasn't an inside job: some outsider stole and leaked the Paradise Papers.

McAfee notes that Fancy Bear (Russia's GRU), after having phished CyCon with little evident success, continues to tune its activities. It's seeking to take advantage of a recently demonstrated Microsoft Office vulnerability (the Dynamic Data Exchange can be exploited to install malware) and it's baiting its phish hooks with fears surrounding the recent terror attack in New York City.

Misconfigured AWS S3 buckets continue to make trouble (Accenture recently narrowly escaped what observers believe might have been a significant breach). Amazon is trying to give its AWS customers easier ways of avoiding missteps in the cloud.

Shipping giant Maersk estimates its losses to NotPetya at something north of $300 million.

The New York Times says Avast is preparing for an IPO.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Bermuda, Canada, China, Estonia, European Union, India, Israel, Republic of Korea, NATO/OTAN, Philippines, Russia, United Kingdom, United States and Vietnam

What do AI and machine learning mean for cybersecurity?

We hear about them everywhere in cybersecurity. They sound cutting-edge, but what do they mean? And what value do they add? Find out exactly how significant AI and machine learning are, and how small nuances in their use can make a big difference.

On the Podcast

In today's podcast we hear from Joe Carrigan, representing our partners at the Johns Hopkins University's Information Security Institute. He explains why reporting vulnerabilities can be more difficult than one might think. Our guest is Robert Rodriguez from SINET, who talks about this year's SINET 16, and what a look at the winners can teach us about trends in cybersecurity.

Sponsored Events

Insider Threat - How to Unlock the Full Potential of Your Insider Threat Tools (Webinar, November 9, 2017) Insider threats continue to be a growing concern for security professionals. During this webinar, cybersecurity experts will discuss how to implement a holistic monitoring and detection solution to maximize your insider threat capabilities to improve your security posture.

Earn a master’s degree in cybersecurity from SANS (Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Selected Reading

Dateline

Army wants cyber contract times to decrease with acquisition revamp (FederalNewsRadio.com) The Army has its eyes set on closing the gap between technology life cycles and acquisition cycles as it reorganizes its procurement office.

Cyber Brigade Soldiers Excel in All-Army CyberStakes Competition (DVIDS) Soldiers from U.S. Army Cyber Command’s 780th Military Intelligence (MI) Brigade (Cyber) and the Cyber Protection Brigade harvested both individual and unit honors in the All-Army CyberStakes (AACS) award presentation at the 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.), Ronald Reagan Building, Nov. 7.

Cyber Attacks, Threats, and Vulnerabilities

Shadowy cyber-espionage group 'Sowbug' has been hacking diplomatic secrets for years (International Business Times) Mysterious group hits South America and south east Asia with 'Felismus' software.

Vietnam's neighbors, ASEAN, targeted by hackers: report (Reuters) A hacking group previously linked to the Vietnamese government or working on its behalf has broken into the computers of neighboring countries as well as a grouping of Southeast Asian nations, according to cybersecurity company Volexity.

Russia's 'Fancy Bear' Hackers Exploit a Microsoft Office Flaw—and NYC Terrorism Fears (WIRED) Kremlin hackers are adapting their phishing tactics with both the latest software vulnerabilities and the latest news, new McAfee findings show.

Feds have eye on cybersecurity issues Tuesday (CNN) As voters head to the polls on Tuesday, state and local officials are working with the federal government to monitor any potential cybersecurity concerns

Paradise Papers were not an inside job, says leaky offshore law firm (Gears of Biz) Appleby condemns ‘criminal act’ and ‘politically driven’ reporting

The Devious Netflix Phish That Just Won't Die (WIRED) That Netflix phishing scheme has been around for months—and it's clever enough to stick around.

Researcher Details New Windows Code Injection Technique Named PROPagate (BleepingComputer) A security researcher has discovered a new code injection technique that works on all recent Windows versions and allows miscreants to inject malicious code into other applications undetected.

Android security triple-whammy: New attack combines phishing, malware, and data theft | ZDNet (ZDNet) Attacks on three fronts ensure attackers have all the information they need to steal banking details in the latest evolution of the Marcher malware, warn researchers.

Fake WhatsApp app fooled million Android users on Google Play: Did you fall for it? (ZDNet) Fraudsters are managing to get fake WhatsApp apps published on the Play Store.

Linux Has a USB Driver Security Problem (BleepingComputer) USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users' computers.

Report: New Technologies Raise Cyber Threat for Aviation (Aviation International News) The Atlantic Council calls for a clear vision to address cyber threats, as technologies such as ADS-B and electronic flight bags may be vulnerable.

Unknown User Triggers Bug That Freezes $285Mil Inside Ethereum Wallets (BleepingComputer) On Monday, November 6, an unknown user triggered a bug in the source code of the Parity Ethereum wallet that has permanently locked funds inside users' accounts.

Google’s Halloween lock-out caused by false positive (Naked Security) We now know why Google Docs users started finding themselves blocked from opening or editing files

Cyber security consultancy firm Accenture narrowly avoided a massive data breach (TEISS) Accenture narrowly avoided a massive data breach after it was revealed that the firm stored bundles of sensitive data containing decryption keys and customer information on four cloud servers without protecting them with passwords.

Maersk cuts profit guidance in wake of cyber attack (Financial Times) Danish conglomerate’s shares fall after higher fuel costs weigh on performance

Marketplace

Exclusive: Avast Owners Hire Rothschild for $4 Billion Software IPO-Sources (New York Times) The owners of Avast Software have hired Rothschild to prepare the business for a share sale which could value one of the world's most used providers of computer antivirus software at as much as $4 billion, four sources familiar with the matter told Reuters.

Proofpoint acquires Cloudmark for $110M in cybersecurity consolidation play (TechCrunch) As malicious groups continue to become more sophisticated in their hacking techniques, cybersecurity efforts are attempting to expand in their reach, and that..

Warburg Pincus offers to buy control of cybersecurity co Cyren (Globes) The US private equity firm has invested $19.6 million for a 21.3% stake in the Israeli company and offered to buy a 75% stake.

Container Security Startup NeuVector Raises $7 Million (eSecurity Planet) The container firewall specialist will use the funds to bulk up its engineering and sales operations amid intensifying demand for its solution.

Co-Founder of Surveillance Company NSO Starts New Cyber Startup (CTECH) Omri Lavie unveiled Orchestra, a cybersecurity startup offering a system-wide defense

SnoopWall, Inc. Officially Renamed to NETSHIELD™ Corporation (PRNewswire) NETSHIELD™ Corporation (formerly SnoopWall, Inc.) officially unveiled its...

CyberSeek™ Details Supply and Demand of U.S. Cybersecurity Workers (Business Insider) The demand for cybersecurity professionals remains strong across the United States, new data from CyberSeek™ released here today at the National Initiative for Cybersecurity Education Conference & Expo 2017 reveals.

Why IBM wants to hire employees who don’t have a 4-year college degree (CNBC) The company intends to hire 6,000 employees by the end of 2017.

Department of Homeland Security Awards Leidos $34 Million Task Order (Leidos) Company to provide scientific, engineering and technical assistance under the GSA OASIS vehicle

A look at MobileIron’s Zimperium partnership and IoT plans (BrianMadden.com) MobileIron's earnings call revealed new details about their IoT plans: The company will focus on use cases that can be addressed with EMM technology.

Virtru Expands Data Protection Offerings for Microsoft Office 365, Azure Platform, Joins Microsoft AcceleratorNew Product Offerings Will Bring Surprising Ease of Use and Cross-Platform Control to... (markets.businessinsider.com) Virtru, a trusted provider of data protection and data privacy solutions to more than 7,000 organizations announced today that it is expanding support for the Microsoft ecosystem and that it was selected for the prestigious Microsoft Accelerator.

CrowdStrike outlines expansion plans in APAC (ComputerWeekly.com) The endpoint security expert plans to double its workforce in the region next year on the back of triple-digit growth in sales and bookings since it opened its Sydney regional headquarters last June

CrowdStrike Announces Establishment of the CrowdStrike Foundation (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the establishment of the CrowdStrike Foundation. The CrowdSt

Shift from Security to Civilian Market behind NICE Systems’ Growth (CTECH) Israel-based NICE Systems used to sell surveillance software to governments. Now it provides technology for call centers

Symantec: The Case Of The Disappearing Guide-Down (Seeking Alpha) Symantec reported the results of its fiscal Q2 last week. The results were a beat on revenues and a miss in terms of reported EPS, primarily driven by one-time

Siemens inks deal to help utilities avoid cyberattacks (Orlando Sentinel) Siemens puts focus on helping utilities deter cyberattacks

Big companies bring in the cyber bounty hunters (Financial Times) Carmakers are among the businesses offering payouts to hackers who can discover flaws.

Ann Arbor cements its status as a tech hub to watch with first unicorn (VentureBeat) Last month, Ann Arbor-based startup Duo Security announced that it had raised a new $70 million round, valuing the company at $1.17 billion.

Centrify Bolsters Senior Marketing Leadership Team with Two Industry Veterans to Accelerate Brand and Customer Adoption (BusinessWire) Centrify today announced two prominent technology industry leaders have joined the company's senior marketing leadership team.

MITRE Hires Sam Visner as New Leader for National Cyber Center (WashingtonExec) The MITRE Corp. has named Samuel Visner as the new head of the National Cybersecurity Federally Funded Research and Development Center. Visner, who most re

NetSPI Announces Senior Leadership Appointments to Catapult Growth (Business Insider) NetSPI LLC (NetSPI), the leading provider of enterprise security testing and vulnerability correlation software, announced leadership appointments and restructuring initiatives today to accelerate product innovation and strategic growth.

Worcester firm receives Queen's award (Worcester News) A CYBER security software specialist based in the city has been celebrating being awarded a Queen's Award for Enterprise in Innovation.

Products, Services, and Solutions

AWS bolsters S3 security following massive info leaks (iTnews) Adds five new features.

The 5 Best-Selling Network Security Brands In Q3 2017 (CRN) Cisco, SonicWall and Palo Alto Networks sold the most network security devices through the channel during the third quarter of 2017, according to The NPD Group. See how many units were sold and who else cracked the top five.

Threat intelligence platform adds analyst assessments to machine learning (BetaNews) Companies are increasingly turning to AI and machine learning solutions to combat cyber threats, but sometimes there is no substitute for the insight that comes with human analysis.

ThreatConnect Now Provides One Place to Visualize Your Intelligence and Operations (BusinessWire) In an effort to provide its customers with the most efficient way to gain insight into, and situational awareness of their security and intelligence,

Forcepoint's Human-Centric Security Helps Financial Services Firm Protect Critical Customer and Business Data in Hybrid Clouds (Business Insider) Global cybersecurity leader Forcepoint today announced the company's human-centric, real-time security technology has been deployed by Simplicity Credit Union to protect the financial services firm's 23,000 members...

Forcepoint's Human-Centric Security Helps Financial Services Firm Protect Critical Customer and Business Data in Hybrid Clouds (Business Insider) null

Northrop's BluVector spinoff brings DNA approach to cyber defense (Washington Technology) Once part of Northrop Grumman, BluVector's platform uses machine learning and a software genome to attack and adapt to cyber threats.

Akamai tackles bots, web performance in new releases (IPT Net) Company's content delivery network tools to be made available in the IBM Cloud.

A10 Networks Introduces Software Subscription Model for Consumption of Secure App Services Across On-Premise, Cloud and Hybrid Environments (BusinessWire) A10 Networks (NYSE: ATEN), a Secure Application Services™ company, today announced A10 FlexPool, a software subscription model that provides ent

VIPRE® Outperforms Webroot in Head-To-Head Comparison (GlobeNewswire News Room) Endpoint Security Cloud Edition achieves perfect protection rate, while visibility, speed and ease of analysis prove superior in AV-Comparatives’ independent testing

Shape Security introduces Blackfish artificial intelligence system to protect consumers whose passwords have been stolen in data breaches (Business Insider) New technology detects and prevents the use of compromised...

WatchGuard Adds Autotask Integration to Simplify Managed Security Services (PRNewswire) \WatchGuard® Technologies, a leader in advanced network security solutions,...

WatchGuard's New Tabletop UTM Appliances Deliver Speed and Security for Small and Distributed Offices (PRNewswire) WatchGuard® Technologies, a leader in advanced network security solutions,...

Darktrace drafts in machine learning for infrastructure cybersecurity (Computer Business Review) With critical infrastructure increasingly becoming the target of withering cyberattacks, Darktrace launches new machine learning security business unit.

NATO Selects CloudMask as a Supplier to Help Protect Sensitive Information (PRNewswire) CloudMask is honored to be nominated by Canada and approved by NATO's...

Technologies, Techniques, and Standards

Can a new model for cyber come from an existing consumer protection effort? (FederalNewsRadio.com) Here are some of the top takeaways from the Executive Leadership Conference, sponsored by ACT-IAC, which had some interesting discussions and news tidbits.

Charities unprepared for cyber attack risk (Financial Times) Online donations make organisations vulnerable but simple measures can help

Study Says: Most People Aren't Using This Critical Security Feature (Fortune) Don't be the next John Podesta.

The measurability riddle: How much money should you put in cyber security? (The Economic Times) Today, there is much fear-mongering on cyber security. Do you really need it? Not all companies need to have the highest levels of cyber security.

Big Wind Capital Inc.: Hill Top Security to Collaborate with FIX on Cryptocurrency Security Standards (Marketwired) Hill Top Security Inc, ("HTSI" or the "Company") and Big Wind Capital Inc. (CSE:BWC)(CSE:BWC.CN)(CNSX:BWC) announces that Hill Top has agreed to collaborate with the FIX Trading Community, to develop standards for cryptocurrency, particularly related to security

Design and Innovation

How these lava lamps are securing the internet (Boing Boing) How these lava lamps are securing the internet

How the iPhone earned its security record (Financial Times) Facial recognition is the latest in a complex arsenal of defences

Academia

Norwich University Applied Research Institutes announces $2.3M FEMA grant for cybersecurity consortium (Vermont Digger) Norwich University Applied Research Institutes (NUARI) has been awarded a Federal Emergency Management Agency (FEMA) training grant for $2,267,000 for cybersecurity training for first responders.

Top 10 US colleges battle at National Collegiate Penetration Testing Competition (Monroe County Post) The nation’s top cybersecurity college students traveled to Rochester to test their hacking skills in the annual National Collegiate Penetration Testing Competition.

Students learn to 'think like a hacker' in UC Berkeley experimental course (EdScoop) Through a partnership with HackerOne's bug bounty platform, computer science students are gaining real-world cyberwar experience.

Legislation, Policy and Regulation

Estonia's rise into a digital nation (IT PRO) Former president Toomas Ilves talks about the country's digital roots

Tweeter-in-chief ready to confront China's 'great firewall' (News Tribune) President Donald Trump's arrival in Beijing on Wednesday will serve as a test of reach for his preferred 140-character communications tool: The tweeter-in-chief will face off against China's 'great firewall.'.

Chinese Telecom Threatens U.S. Security (Wall Street Journal) Giving Huawei the green light would allow Beijing to spy on Americans.

Full implementation of DoD's Cyber Excepted Service still a year away (FederalNewsRadio.com) The Defense Department is planning a three-phase rollout of a new personnel system for its cyber workforce, which is still a year away.

Litigation, Investigation, and Enforcement

Ex-defense minister grilled over online smear campaign (Korea JoongAng Daily) Former National Defense Minister Kim Kwan-jin appeared at the Seoul Central District Prosecutors’ Office on Tuesday to face questions about his alleged involvement in the military’s illegal cyber operations during the Lee Myung-bak administration...

Book: Hackers pursued Democrats into last days of election (San Francisco Chronicle) Hackers hounded the Democratic Party into the final days of the 2016 election, breaking into a server carrying critical voter data, according to a book published Tuesday.

CIA Director Met Advocate of Disputed DNC Hack Theory — at Trump’s Request (The Intercept) Mike Pompeo sought “facts” from NSA whistleblower William Binney, who says the 2016 theft of DNC emails was an inside job, not a Russian hack.

Top Democrat on House Oversight panel demands answers about latest Hillary Clinton investigation (USA TODAY) Rep. Elijah Cummings wants access to a "confidential informant" that Republicans claim to have.

Devin Patrick Kelley Phone: FBI Having Trouble Accessing Texas Church Shooter's Smartphone (International Business Times) The FBI reportedly cannot yet crack the encrypted phone of Devin Patrick Kelley, the shooter who killed 26 people in a church in Sutherland Springs, Texas.

Former Yahoo CEO Marissa Mayer to testify to Congress on the 2013 security breach (Recode) So she’ll testify at a Tuesday hearing after all!

Canadian police frustration over cyber crime shows at conference (IT World Canada) Police frustration of dealing with the ever-increasing amount cyber crime businesses and citizens face compared with limited law enforcement resources

MHA will have two new units to fight cyber criminals, jihadis (The Times of India) With radicalisation, mostly online, and cyber crimes emerging as major security challenges, the Modi government has decided to create two new divisions in the home ministry to shape up policy and response to these new-age threats.

Feds raid Youngsville business for possible sex, cyber crimes (ABC11 Raleigh-Durham) The U.S. Department of Homeland Security is confirming a daytime raid on a Franklin County-based company on Tuesday, executing a warrant on alleged "cross-border illegal activity."

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event showcases the SINET 16, the annual list of the most innovative young companies in the industry.

Cyber Southwest (Tucson, Arizona, USA, November 9, 2017) CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for training and education, for the region's core areas of Healthcare, Education, Government, Military, Intelligence, Law Enforcement, and Homeland Security.

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Second Annual Federal IT Security Conference (FITSC)! (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

2017 Capital Cybersecurity Summit (Tysons Corner, Virginia, USA, November 14 - 15, 2017) Join cyber experts from the FBI, DHS, Palo Alto Networks, Distil, Google, AWS, Tenable and more at the 2017 Capital Cybersecurity Summit. FBI Cyber Division Deputy Assistant Director Howard Marshall and National Security Council Senior Director for Cybersecurity Policy Grant Schneider will provide keynote remarks and top speakers will share unique insights into topics like cloud security, attracting cyber talent, federal cyber acquisition and real-life breach response.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate leaders from multiple function areas who help shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook. This two day event is designed to educate in-house counsel, compliance and privacy officers, risk managers, and CIO/CISOs about the current cybersecurity challenges affecting your business continuity.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.