The CyberWire Daily Briefing 11.9.17

Summary

By The CyberWire Staff

Microsoft has warned of macro-less malware that exploits a recently discovered vulnerability in the company's Dynamic Data Exchange (DDE) protocol. Even if users take the precaution of not enabling macros, exploitation of DDE can still affect them through Word documents, Excel spreadsheets, or Outlook files. One threat actor using this attack vector in the wild is Fancy Bear (Russia's GRU).

There's no honor among thieves, and sometimes that's a bad thing for the rest of us. Researchers at NewSky Security discovered one hacker who realized that hype and fear surrounding the Reaper botnet (which still seems not to have done much, by the way) would lead poorly-skilled crooks to look for ways of riding the Reaper train. So he put a backdoored PHP script out to attract skids looking for vulnerable IoT devices. The effect was to enable the skids to create their own Reaper-like botnet, but one that was incorporated into the code author's own Kaiten botnet.

Concerns about the vulnerability of transportation modalities rise. A team of researchers has demonstrated the possibility ("in a non-laboratory environment") of hacking a Boeing 757 airliner. They were able to establish remote presence in non-cooperating avionics. In the maritime shipping sector, many now believe that Maersk's experience with NotPetya demonstrate merchant vessels' vulnerability to cyberattack.

The electrical power industry raises another alarm about the threat of cyberattack. Attribution remains as difficult as ever.

Accidental code deletion has rendered a lot of ether digital currency—about £214 million—inaccessible, perhaps frozen, perhaps gone.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Azerbaijan, China, NATO/OTAN, Russia, United Kingdom, United States

Two notes to our readers: Tomorrow is the annual Veterans Day observance, and we won't be publishing. We'll be back as usual Monday with the regular Daily News Briefing and Podcast. In the meantime, Research Saturday and the Week that Was will be out as usual on Saturday and Sunday. And, most importantly, thanks to all veterans out there; you're in our thoughts.
And our coverage of CyCon US 2017 is available here. More will be added over the next several days, so watch the site.

What do AI and machine learning mean for cybersecurity?

We hear about them everywhere in cybersecurity. They sound cutting-edge, but what do they mean? And what value do they add? Find out exactly how significant AI and machine learning are, and how small nuances in their use can make a big difference.

On the Podcast

In today's podcast, we talk with Justin Harvey from our partners at Accenture. His evergreen (and important) topic is the importance of not failing the basics. Our guest is David Barzilai from Karamba Security, who talks to us about the security of embedded systems in automated cars.

Sponsored Events

Earn a master’s degree in cybersecurity from SANS (Online, November 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, November 21st, at 1:00pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Selected Reading

Dateline

Washington DC - SINET (SINET) SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.

2017 SINET 16 Winners Announced (BusinessWire) The winners of the annual SINET 16 innovation competition were selected from a pool of over 130 applicants from nine different countries.

Cyber Attacks, Threats, and Vulnerabilities

Microsoft issues advisory to users after macro-less malware attacks (The State of Security) Hackers have been found exploiting a freshly-uncovered vulnerability in Microsoft's software to install malware on business computers.

Hacker Wannabes Fooled by Backdoored IP Scanner (BleepingComputer) Wannabe hackers looking to create their very own Reaper botnet might have gotten more than they asked when they downloaded an IP scanner over the past few weeks.

Hundreds of Millions in Digital Currency Remains Frozen (Threatpost) Between $150 million and $300 million in digital currency called ether remains inaccessible today after a user said he “accidentally” triggered a vulnerability that froze the funds in the popular Parity wallet.

£214 million in Ethereum crypto-currency virtually gone after code deletion (SC Magazine) Around one million Ethereum digital coins (approximately £214 million) have become inaccessible to users following the accidental deletion of code.

Cryptojacking craze that drains your CPU now done by 2,500 sites (Ars Technica) Android apps with millions of Google Play downloads also crash the party.

Cryptojacking Craze: Malwarebytes Says It Blocks 8 Million Requests per Day (BleepingComputer) The in-browser cryptojacking craze that has taken over the Internet is getting worse by the day and more and more sites are implementing such systems, intentionally or after getting hacked.

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says (Avionics) A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. “We got the airplane on Sept. 19, 2016. Two days later, I …

Did the Maersk cyber attack reveal an industry dangerously unprepared? (Ship Technology) A recent survey by Futurenautics found that shipping companies are still largely unprotected from potential cyber attacks, even after the...Read More...

Smart grids ‘at risk of cyber attack’ (Institution of Mechanical Engineers) Connected power grids will democratise electricity supply, but they could be more vulnerable to cyber attacks, according to experts.

Electricity industry on alert for ‘cyber sabotage’ (Financial Times) State-sponsored hackers are developing the capability to disable power grids

A recent event demonstrates the lack of grid resiliency and the inability to clearly identify cyber attacks (Control Global) A recent cyber incident demonstrates the inability to unambiguously identify an event as being a cyber attack while affecting grid resiliency.

He Perfected a Password-Hacking Tool—Then the Russians Came Calling (WIRED) How a program called Mimikatz became one of the world's most widespread and powerful hacking tools.

A Dark Web hacker is offering services to track anyone anywhere (HackRead) Would you not like to track the traveling patterns of your friends or foes if given a chance? Of course, you would. A majority of us would want to find out

The Emerging Threat of Cybercriminal AI (MIT Technology Review) Shuman Ghosemajumder, CTO of Shape Security and MIT Technolog Review’s Martin Giles discuss responsibilities that companies have towards protecting the sensitive personal information they hold about us.

1M People Duped By Fake WhatsApp (PYMNTS.com) Google’s app store was infiltrated by a fake WhatsApp application late last week that more than 1 million people downloaded. According to a news report in Forbes, citing security researchers who have been warning for years about the prevalence of fake apps in Google’s app store, there have been many apps that look similar to […]

Privacy Clouds Form Over Mantistek Gaming Keyboard (Threatpost) Questions brew over whether Mantistek GK2 Mechanical Gaming Keyboard is snooping on users as they type.

Widespread usage of admin rights leaving organisations vulnerable to cyber attacks (TEISS) Organisations are allowing too many employees to enjoy admin rights to promote efficiency and convenience, but are, in the process, making themselves vulnerable to insider threats, phishing attacks, and ransomware infections.

Forrester: Expect POS Ransomware Outages in 2018 (Infosecurity Magazine) Forrester: Expect POS Ransomware Outages in 2018. Analyst also warns firms of IoT attacks and attempts to hack midterms

Kaspersky Lab reveals number of corporate users subjected to cyber attacks in Azerbaijan (Trend.Az) During the ten months of 2017, 5,500 corporate users in Azerbaijan were subjected to cyber attacks

2017's Most Prolific Email Prankster Is Calling It Quits (BuzzFeed) The man behind @Sinon_Reborn has email pranked a who's who of 2017 notable figures including Harvey Weinstein, Anthony Scaramucci, Eric Trump, and Ann Coulter. But after some sloppy security meas

Security Patches, Mitigations, and Software Updates

Google Patches KRACK Vulnerability in Android (Threatpost | The first stop for security news) Google this week finally addressed the KRACK vulnerability in Android, three weeks after the WPA2 protocol flaw was publicly disclosed.

Chrome Will Stop Sketchy Sites From Bouncing You to Ads (WIRED) With its latest update, Chrome's going to quash the junky redirects that turn the web into a house or horror.

Google Adds New Features in Chrome to Fight Malvertising (BleepingComputer) Google announced plans today for three new Chrome security features that will block websites from sneakily redirecting users to new URLs without the user or website owner's consent. One of these features has the potential to stop malvertising attacks.

Cyber Trends

NodeSource and Sqreen Survey: Fewer Than a Quarter of Node.js Developers Use Any Form of Real-Time Protection Against Attacks (BusinessWire) NodeSource, the Node.js® company, and Sqreen, a SaaS security monitoring and protection solution, today announced the results of a joint developer

Training for Artificial Intelligence in Warfare (US News) How soon will the 'killer robots' come to life? Experts say we shouldn't worry.

Americans worry about cybercrime more than they worry about car theft (SC Media US) American's are worrying more about becoming victims of cybercrime far more than they are worrying about becoming victims of conventional crimes.

Majority of Consumers Aware of Online Phishing Scams, Yet Still May Fall Victim This Cyber Monday (Business Insider) DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today released the findings of its 2017 Cyber Monday Phishing Survey.

Ponemon Study Re Breach Impacts On Consumers & Stock Price; Gallup Poll Pegs Cybercrime As America's Top Crime Worry (Information Security Buzz) A new study by the Ponemon Institute quantifies “The Impact of Data Breaches on Reputation and Share Value” and a new Gallup Poll finds that cybercrime tops America’s crime concerns. IT security experts commented below. Atiq Raza, CEO at Virsec Systems: “Far too many businesses have been marketing a “don’t worry, be happy” message about cyber security, that flies in the face …

Marketplace

Cryptocurrency Mania Fuels Hype and Fear at Venture Firms (WIRED) Even as VCs race to invest in cryptocurrency companies, the novelty of the field poses legal, administrative, and PR challenges.

WatchGuard Files For $75 Million U.S. IPO - First Look (Seeking Alpha) WatchGuard wants to raise $75 million in a U.S. IPO. The firm sells in-car and body-worn video recording systems to law enforcement and security providers. Watc

Cisco: What Matters Most Ahead Of Earnings (Seeking Alpha) Some might wonder if CSCO can maintain its momentum and justify the recent wave of optimism priced into the stock. I prefer to look at the company's prospects w

Risk & Repeat: Sale of Symantec Website Security completed (TechTarget) DigiCert Inc.'s acquisition of Symantec Website Security was completed last week, but concerns in the browser community still remain about Symantec's SSL certificates.

Merlin goes on a cyber win streak (Washington Technology) Merlin International has won $80 million in new cyber work at the VA during the last quarter but the success was years in the making.

Skybox Security Appoints Ron Davidson to Lead Global Research and Development for the Company’s Cybersecurity Management Platform (Globe Newswire) Skybox™ Security, a global leader in security management, announced today that Ron Davidson has joined the company as Chief Technology Officer (CTO) and Vice President of Research and Development. Davidson is a 30-year cybersecurity veteran. He will lead Skybox’s long-term technology vision, focusing on product evolution for the company’s core solution areas — attack surface visibility, vulnerability and threat management, and firewall and security policy management.

PE-backed NetSPI appoints president and COO (PE Hub) Minnesota-based NetSPI, a provider of enterprise security testing and vulnerability correlation software, has named Aaron Shilts as president and chief operating officer. Prior to joining NetSPI, Shilts led worldwide services for Optiv and FishNet Security. NetSPI is backed by Sunstone Partners.

Mimecast Welcomes Gerri Elliott to Board of Directors (GlobeNewswire News Room) Mimecast Limited (NASDAQ:MIME), a leading email and data security company, today announced Geraldine (Gerri) Elliott has joined its Board of Directors.

Products, Services, and Solutions

Mocana, Xilinx, Avnet, Infineon and Microsoft Join Forces to Secure Industrial Control and IoT Devices (GlobeNewswire News Room) Industry Leaders to Introduce an Integrated, High-Assurance Industrial Edge-to-Cloud System

Point3 Security Inc. Partners with Cybrary for the Early Release and Launch of Escalate™ (PRWeb) Challenge-based online assessment available to consumers for enhanced learning experience

Avast Launches Security Pro and Cleanup Pro for Mac (BusinessWire) Avast, the global leader in digital security products, today released its 2018 Security Pro and Cleanup Pro to address the latest security and pe

Vectra and Phantom Partner to Detect, Prioritize and Stop Hidden Cyber Attacks Faster (PRNewswire) Vectra®, the leader in automating the hunt for in-progress...

Bitdefender to Deliver Cross-Platform Cyber Security to Enterprises (PRNewswire) Bitdefender, a leading global cybersecurity technology company...

Businesses switch to Gmail for ransomware, spear-phishing protection (CSO Online) Gmail's built-in phishing detection and ransomware defense lures business users to switch email platforms.

Siemens Teams Up with Tenable (Dark Reading) ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.

Technologies, Techniques, and Standards

Microsoft introduces new secure firmware spec via the Open Compute Project (ZDNet) Microsoft is tackling the security piece of datacenter hardware with the latest phase of its OCP 'Project Olympus' efforts.

Spending wisely to fight cyberattacks can save your company millions (TechRepublic) An average enterprise suffers 130 successful cyberattacks annually, costing an average of $12 million. Fighting back cost-effectively requires a comprehensive policy.

Protect IoT data, not IoT devices, says Verizon (Internet of Business) Securing IoT implementations may involve concentrating on protecting data rather than devices, according to Verizon.

Report: DevOps has gone mainstream, but DevOps security hasn't followed suit (TechRepublic) DevOps may be the new paradigm in app development, but a report out from CyberArk reveals that widespread adoption of that approach has become a security nightmare.

The IoT Blindspot (Dark Reading) Confusion over whether IT staff or line of business professions are responsible for IoT management and security plays big role in a lack of visibility into those devices.

Don't Go It Alone: Sharing Threat Intelligence for the Common Good (Security Intelligence) Companies across all verticals can diminish the impact of widespread cyberthreats by forging collaborative partnerships and sharing threat intelligence.

Smart household devices may be your biggest security blindspot (ConsumerAffairs) New research from Parks Associates shows 41 percent of U.S. homes with wifi plan to purchase a smart appliance or other wifi-connected household device in

Data breached in translation (CSO Online) Online language translation software caused a data leak at Statoil. Use these best practices to keep translated information secure.

How Journalists Fought Back Against Crippling Email Bombs (WIRED) After ProPublica journalists wrote about hate groups, the trolls retaliated by signing them up for thousands of subscriptions. That was only the beginning.

Mozilla privacy guide lists holiday gifts that will spy on you (CSO Online) Mozilla's Privacy Not Included guide lists toys, gadgets and accessories that can spy on you and if those connected devices have privacy controls.

Design and Innovation

This Russian Has The Power To Turn 100,000 Android Phones Into Cryptocurrency Miners (Forbes) A "legal botnet" might seem like an oxymoronic statement. At best, it's risky phrasing. Most associate "botnets" with hordes of hacked computers controlled by a hidden botmaster with monstrous machinations, more often than not illicit profiteering.

Real Humans Will Review the Nudes You Send Facebook as Part of Its Anti Revenge-Porn Program (Motherboard) Facebook is testing a new feature in Australia to combat revenge porn on the platform. This is how it works.

Research and Development

What is quantum encryption? It’s no silver bullet, but could improve security (CSO Online) Quantum encryption, also called quantum cryptography, applies principles of quantum mechanics to encrypt messages in a way that it is never read by anyone outside of the intended recipient. It takes advantage of quantum’s multiple states, coupled with its "no change theory," which means it cannot be unknowingly interrupted.

Legislation, Policy and Regulation

Kim Jong Un’s North Korea is – cautiously – going online (The Republic) Kim Jong Un's North Korea, ever so cautiously, is going online

Why Trump is sticking with Obama's China hacking deal (POLITICO) There are recent signs that Beijing may be testing the limits of its 2015 promises.

NATO green lights plan to establish a new cyber command center (Stars and Stripes) The United States and its military allies in Europe agreed Wednesday to establish a new cyber command center that will allow NATO to incorporate electronic weaponry in its operational planning, the alliance’s top official said.

Government outlines cyber security plan (BBC News) Ministers say cyber attacks against public organisations "will continue to increase".

Is Vladimir Putin meddling in British politics? (Times) In America the battle against fake news is vast and pervasive. It involves a president, senators and tech companies on the stand and a creeping, growing, terrified suspicion that Russia might have...

Al Franken Just Gave the Speech Big Tech Has Been Dreading (WIRED) In talk to Washington think tank, Al Franken ties together complaints against Google, Facebook, and Amazon, and calls for more control over their market power.

Other Voices: Let's not rush to government regulation of social media (Longview News-Journal) It's clear that the government of Russia used the openness of social media giants Facebook and Twitter, as well as search engine behemoth Google, to ...

Compromise defense bill tells Trump to spell out cyberwarfare strategy (TheHill) Lawmakers have expressed frustration over lack of cyber policy from successive presidential administrations.

U.S. House panel advances bill aimed at limiting NSA spying program (Reuters) A U.S. House panel on Wednesday passed legislation seeking to overhaul some aspects of the National Security Agency's warrantless internet surveillance program, overcoming criticism from civil liberties advocates that it did not include enough safeguards to protect Americans' privacy.

Kirstjen Nielsen: US' next Homeland Security chief (Deutsche Welle) If confirmed by the Senate, Kirstjen Nielsen will oversee 240,000 employees at the Department of Homeland Security. DHS is responsible for immigration, border control and cyber-security, among other areas.

Army pushes recruiting and retaining cyber talent (Defense Systems) The Army is taking aggressive steps to strengthen its cyber workforce through a series of ongoing evaluations.

Scottish Government Launches Cyber Resilience Action Plan (Infosecurity Magazine) Scottish Government Launches Cyber Resilience Action Plan. Ambitious plan designed to promote best practice security

Litigation, Investigation, and Enforcement

Top former intelligence leaders dismayed over Pompeo meeting with conspiracy theorist (CNN) Two of the nation's former top intelligence officials expressed surprise and dismay Wednesday that President Donald Trump prevailed upon CIA Director Mike Pompeo to meet with a former National Security Agency employee turned whistleblower who denies Russia interfered in the US election.

He Solved The DNC Hack. Now He's Telling His Story For The First Time. (BuzzFeed) Less than a year before Marine Corps cyberwarrior Robert Johnston discovered that the Russians had hacked the Democratic National Committee, he found they had launched a similar attack at the Joint Ch

Former Yahoo!, Equifax CEOs Face Congressional Grilling Over Data Breaches (Infosecurity Magazine) “Companies that collect and store personal data on American citizens will face consequences without adequate cybersecurity.

Meet the Hacker Who Busts Child Pornographers on the Dark Net (Motherboard) Einar Otto Stangvik talks with us about online child pornography, self-developed hacking tools, the police who ran the abusive sites—and why he comes up with the best ideas while dreaming.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Southwest (Tucson, Arizona, USA, November 9, 2017) CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for training and education, for the region's core areas of Healthcare, Education, Government, Military, Intelligence, Law Enforcement, and Homeland Security.

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cyber security and cyber warfare from the military, government, private industry, and the public sector. Our panels are designed to provide attendees with thought leadership from a diverse group of experts who will share their experience and knowledge-base regarding topical cyber security issues.

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees can expect up to three days of professional skills training prior to the two-day main conference. All content will be delivered by some of the world's most knowledgeable and influential IT security experts in private, public, and research sectors.

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors.

Second Annual Federal IT Security Conference (FITSC)! (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape.

2017 Capital Cybersecurity Summit (Tysons Corner, Virginia, USA, November 14 - 15, 2017) Join cyber experts from the FBI, DHS, Palo Alto Networks, Distil, Google, AWS, Tenable and more at the 2017 Capital Cybersecurity Summit. FBI Cyber Division Deputy Assistant Director Howard Marshall and National Security Council Senior Director for Cybersecurity Policy Grant Schneider will provide keynote remarks and top speakers will share unique insights into topics like cloud security, attracting cyber talent, federal cyber acquisition and real-life breach response.

Cyber Security Opportunities in Mexico Webinar (Washington, DC, USA, November 15, 2017) Learn about the cyber security opportunities in Mexico. Mexico is ranked 28th out of 164 countries in the ITU's 2017 Global Cyber Security Index. Companies spend approximately 3.5% of their IT budgets on cyber security products and services. Currently, the cost to Mexico's overall economy imposed by cyber attacks is more than US$3 billion. The country is a manufacturing powerhouse and is increasingly implementing automated processes. It is also highly integrated with the global financial system.

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain and third party risk, incident response, integrating of cyber security and safety, IT and OT convergence, Security Operations Centres and much more as we further develop our collective insight in how we can mitigate risk and develop resilient end to end networks capable of delivering safety and value to all stakeholders.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity building. The fifth conference, planned to be the biggest in magnitude, shall take place at New Delhi, India on 23-24 November 2017.

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department, and real-life methods that you can use to shore up your own enterprise defenses. It will also feature some of the industries most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation. Use Promo Code CYBERWIRE100 for $100 off the current rate.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems. The conference will also promote essential collaboration between decision makers and technology experts, in order to streamline solutions to resist cyber threats and attacks.

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Los Angeles is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

cyberSecure (New York, New York, USA, December 4 - 5, 2017) cyberSecure is a unique cross-industry conference that moves beyond the technology of cyber risk management, data security and privacy. Unlike other cybersecurity events, cyberSecure brings together corporate leaders from multiple function areas who help shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook. This two day event is designed to educate in-house counsel, compliance and privacy officers, risk managers, and CIO/CISOs about the current cybersecurity challenges affecting your business continuity.

National Insider Threat Special Interest Group Meeting (Virginia Chapter) (Herndon, Virginia, USA, December 5, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce it has established a Virginia Chapter. NITSIG Members and others may attend meetings at no charge. Attendees will receive comprehensive guidance and best practices for establishing and managing an Insider Threat Program. Anyone concerned with employee threat identification and mitigation will gain valuable knowledge from attending meetings. This meeting will focus on human resources interaction with an insider threat program and behavioral indicators of insider threat.

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government and private sector decision makers, buyers, and influencers in order to meet and do business and to advance resilience against cyber attack.

Third International Conference on Information Security and Digital Forensics (ISDF 2017) (Thessaloniki, Greece, December 8 - 10, 2017) A 3 day event, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.