The CyberWire Daily Briefing 8.6.18

Summary

By The CyberWire Staff

Late Friday Taiwan Semiconductor Manufacturing Company (TSMC) shut down operations after it was hit by what's been vaguely characterized as "a virus." More information is expected this week. TSMC is a major supplier of chips to Apple.

Salesforce has warned customers that a leaky API may have inadvertently exposed their data.

TCM Bank, which provides about seven-hundred-fifty community banks in the US with an option to offer bank-branded credit cards, disclosed that a misconfigured website exposed data on card applicants between March 2017 and July of this year. The information includes names, addresses, dates of birth and Social Security numbers.

A few healthcare IT systems in Hong Kong have been infected with cryptoransomware.

The hood who's (apparently) behind GrandCrab ransomware is sore at Ahn Labs, who developed a "vaccine" against his malware. He's retaliated by sending Bleeping Computer an alleged zero-day for an Ahn product.

With data drawing commercial, criminal, and intelligence service attention the way meat draws flies, the US Census Bureau is working to secure its 2020 census—the first one to be "fully digital"—against data theft.

The attraction of data, and the pull toward the monetization of information, would seem so strong as to be virtually irresistible. Unless Facebook, as Talleyrand is supposed to have said of France's restored Bourbon monarchy, "has forgotten nothing and learned nothing," there's an example of that pull in the social media giant's recently disclosed approach to banks. They'd like ways of gaining access to customer financial information through their platform.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, India, Israel, Russia, Singapore, Switzerland, Taiwan, United Kingdom, United States

We're off the Las Vegas tonight for Black Hat. We'll have periodic reports from the conference over the course of the week.

Don’t let threats SOC you where it counts.

Protecting your organization from an attack involves much more than the traditional “block & tackle” tactics of the past. A good boxer doesn’t just block the punch they see coming, they move against the next anticipated punch. The modern Security Operations Center (SOC) requires a combination of automation and human tradecraft to successfully repel the adversary. Learn more about the modern SOC in LookingGlass’ webinar featuring guest IDC, August 29 @ 2pm ET.

On the Podcast

In today's podcast we hear from our partners at Palo Alto Networks, as Rick Howard explores the notion of superforecasting.

Sponsored Events

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Selected Reading

Dateline

Autonomy and connectivity: transformative, beneficial, and risky. (The CyberWire) The participants in the 2nd Billington Automotive Cybersecurity Summit agreed that autonomy and connectivity were coming, should be transformative, and would bring tremendous benefits. But the advance is a risky one: many fear that a single cybersecurity failure could put it on indefinite hold.

All-in on transformation, but carefully, carefully. (The CyberWire) Industry veterans, security experts, and policy makers agree that cars and trucks are about to be transformed by autonomy and connectivity, and that this will be a very good thing indeed. But they also agree that mishandling or misfortune could set the industry firmly back.

Cybersecurity—The Cornerstone of Autonomous and Connected Vehicle Safety. (General Motors (posted by the CyberWire)) Prepared remarks by Dan Ammann, President, General Motors, at the Billington Automotive Cybersecurity Summit, Detroit, Michigan, August 3, 2018.

Hackers hired on to debug GM cars (NWADG.com) Highly computerized cars increase the likelihood that consumers' data are vulnerable or that driver safety is endangered if car companies aren't prepared to cut off at the pass any data breach or threat to cybersecurity.

Sec. Michael Chertoff keynote: Reclaiming our Cybersecurity in the Digital Age. (Billington Automotive CyberSecurity Summit) Former DHS Sec. Michael Chertoff, author of Exploding Data - Reclaiming Our Cyber Security in the Digital Age, delivered a keynote at the Billington Automotive Cybersecurity Summit Aug. 3, 2018, Detroit.

GM's Dan Ammann, keynote: Cybersecurity–The Cornerstone of Autonomous and Connected Vehicle Safety (Billington Automotive CyberSecurity Summit) General Motors President Dan Ammann, delivered a keynote on cybersecurity and the automobile industry at the Billiington Automotive Cybersecurity Summit Aug. 3, 2018 in Detroit.

NHTSA's Heidi King keynote: Is Cybersecurity Standing in the Way of Public Confidence? (Billington Automotive CyberSecurity Summit) Deputy Administrator King brought the National Highway Traffic Safety Administration's perspective to automotive cybersecurity at the Billington Automotive Cybersecurity Summit Aug. 3, 2018.

Sen. Gary Peters keynote: Congressional View on Auto Cybersecurity (Billington Automotive CyberSecurity Summit) Sen. Gary Peters, D-MI, provided the Washington perspective at the 2nd Billington Automotive Cybersecurity Summit in Detroit, Aug. 3, 2018. He was also the winner of the First Billington Automotive Cybersecurity Leadership Award.

Cyber Attacks, Threats, and Vulnerabilities

Analysis | The Cybersecurity 202: The 2020 census could be a prime target for hackers (Washington Post) Officials are trying to secure their systems, but critics aren't satisfied.

Virus shuts down factories of major iPhone component manufacturer TSMC (TechCrunch) Apple touts the cybersecurity of its iPhone, but less can be said for the exclusive manufacturer who makes the processor for the iPhone. Semiconductor foundry TSMC, or Taiwan Semiconductor Manufacturing Company, was hit by a virus late Friday night, which forced it to shut down several factories ac…

Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months (KrebsOnSecurity) TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.

Salesforce API error may have caused data leak (Computing) The leak could have exposed Salesforce clients' CRM data, including customer contact details and sales prospects

Duo Security Analyzes 88 Million Twitter Accounts to Reveal Inner Workings of Botnets (Duo Security) Duo Security today published technical research and methodology detailing how to identify automated Twitter accounts, known as bots, at a mass scale. Using machine learning algorithms to identify bot accounts across their dataset, Duo Labs researchers also unraveled a sophisticated cryptocurrency scam botnet consisting of at least 15,000 bots, and identified tactics used by malicious bots to appear legitimate and avoid detection, among other findings.

Huawei criticised for potentially compromising UK infrastructure with old third-party software (Computing) Huawei is using software that will be unsupported from 2020, in hardware that will be used for years to come

Reddit Should Tell Us More About How it Got Hacked (Motherboard) It really sounds like Reddit employees got SIM hijacked. If that’s the case, the company should be more transparent. Everyone gets hacked: It's how you disclose it, and deal with it, that distinguishes you and makes a difference.

‘Unhackable’ Bitfi hardware rooted within a week (Naked Security) Getting root access and patching firmware doesn’t count as successful hacking, apparently.

John McAfee's 'unhackable' crypto-wallet allegedly hacked a week after challenge (CNET) The hackers claim Bitfi won't pay the $250,000 bounty, but McAfee disagrees that the hack was a success.

Hong Kong Health Department Computers Hit By Cyber Attack (Latest Hacking News) Recently, three of the Hong Kong Health Department computers suffered cyber attack that encrypted all files in the computer. No ransom demanded yet.

Southern Baptist mission board reports data breach (Baptist News Global) A data breach at the Southern Baptist Convention International Mission Board may have unlocked personal information about thousands of current and former employees, volunteers and applicants.

Democratic Sen. Kamala Harris' office keeps finding Facebook accounts impersonating the senator (The Week) Sen. Kamala Harris (D-Calif.) has joined the increasingly political list of cyberattack victims.

Hackers gain access to thousands of Swiss email accounts (SWI swissinfo.ch) An investigation by the SonntagsZeitung newspaper has found that the accounts of some 15,000 employees of federal-related bodies are concerned.

GandCrab Ransomware Author Bitter After Security Vendor Releases Vaccine App (BleepingComputer) The author of the GandCrab ransomware is a little bit bitter at South Korean security vendor AhnLab after the security firm released a vaccine for the GandCrab ransomware.

Security Patches, Mitigations, and Software Updates

Windows 10 updates under fire from unhappy security admins (Naked Security) Windows 10 is on track to be the most popular Microsoft OS but some security professionals aren’t happy.

Microsoft Edge Flaw Lets Hackers Steal Local Files (BleepingComputer) Microsoft has fixed a vulnerability in the Edge browser that could be abused against older versions to steal local files from a user's computer.

Microsoft Releases Remote "Push to Install" Feature in Windows 10 Store App (BleepingComputer) Microsoft has brought their remote app install feature to the Windows 10 Microsoft Store app and has officially called it "Push to Install".

Google Removes 145 Malware-Laden Apps From Play Store (eWEEK) Palo Alto Networks alerted Google to the presence of 145 malicious Apps on the Play story, but puzzlingly the malware was designed to infect Windows computers and was harmless to Android devices.

Avast pulls CCleaner version that lacked privacy options (CSO Online) Avast-owned Piriform reverted to a previous version of CCleaner in response to user outrage over its new data collection policy that had no privacy options.

Cyber Trends

As SOCs Redefine Missions, Staff Retention Is Key: Results of a SANS Survey (PRNewswire) SOCs Face Staffing Issues; Cloud, Mobile and IoT Drive SOC Evolution

Password Security Report: 83% of Users Surveyed Use the Same Password for Multiple Sites (Cyclonis) It's estimated that people will have to manage as many as 300 billion passwords by the year 2020.

Is security fatigue keeping companies from being secure? (Marketplace) This weekend in Las Vegas, the huge cybersecurity event Black Hat USA kicks off, followed immediately by the other big cybersecurity event of the year, Def Con.

Rise in email impersonation attacks makes companies re-assess their security efforts (Help Net Security) 80% of respondents are very concerned about the state of their companies’ ability to reduce email-based threats, as well as email impersonation attacks.

BDO Cyber Threat Insights - 2nd quarter report (BDO) Special focus: recent cyber events in the healthcare industry

Marketplace

Facebook to Banks: Give Us Your Data, We’ll Give You Our Users (Wall Street Journal) Facebook has asked large U.S. banks to share detailed financial information about customers, including card transactions and checking account balances, as it seeks to boost user engagement.

The Emergence of a Blockchain-Based Token Economy (Wall Street Journal) The internet was designed to move information, but it’s lacked the necessary trust, security and privacy safeguards to move assets of value, CIO Journal Columnist Irving Wladawsky-Berger writes. With blockchain, we’re now seeing the emergence of such an internet of value.

Blockchain update: Is the bubble about to burst? (Computing) Forrester reports that many blockchain pilot projects are being wound down

Alion Science inks deal for Macaulay-Brown (Washington Technology) Alion Science and Technology agrees to acquire MacAulay Brown to gain a greater presence in technology services for national security agencies.

Microsoft Pours Millions into Startup that Nails Cybercriminals (Fortune) Microsoft is leading a multimillion-dollar investment in Hyas, an information security startup that identifies and helps take down cybercriminals.

The DNC tells Democrats not to buy Huawei or ZTE devices ever (The Verge) "It’s very important that party and campaign workers not use ZTE or Huawei devices, even if the price is low or free"

Opinion: ZTE Must Split Up and Rebrand to Survive (Caixing) To remain in U.S., firm needs structural changes that include separating its mobile-device business

Cisco Cybersecurity Acquisition Sends Up Shares In Rival Okta (Investor's Business Daily) Cisco Systems (CSCO) on Thursday said it would acquire privately held Duo Security for $2.35 billion, marking its biggest cybersecurity acquisition since its purchase of Sourcefire.

Okta: Building A Moat In A Crowded Industry (Seeking Alpha) Okta operates in a small niche in the cloud industry.

Cybersecurity stocks savaged for a second week as Symantec results disappoint (MarketWatch) Cybersecurity stocks fall for a second week in a row as earnings beats and raised outlooks did little to boost prices in a competitive sector that some believe is overpriced.

Symantec to cut more than 1,000 jobs following fall in enterprise security sales (Computing) Symantec's enterprise sales fell by 14 per cent in the first quarter due to longer sales cycles, according to CEO Greg Clark

Capgemini Australia ponders acquisitions to accelerate growth (CRN Australia) Needs more ‘people who don’t wear socks’ for digital push.

Recent M&A Deals Highlight Israel's Cybersecurity Prowess (CTECH) A string of recent acquisitions of Israeli cybersecurity startups by public pure-play cyber companies solidifies Israel’s position on the global cybersecurity map

AustCyber turning away Cyber Week delegates as cybersecurity interest passes “tipping point” (CSO) Interest in cybersecurity carers has surged so quickly that The Australian Cyber Security Growth Network (AustCyber) had to turn students away from the speed-networking event it threw with industry supporters during this week’s Cyber Week festivities.

ERP Maestro Extends Executive Team with Key Leadership Appointments (PFNewswire) ERP Maestro, provider of automated and cloud-based controls for access, security and GRC, announced today the extension of its executive management team by introducing Joe Gruttadauria, Chief Revenue Officer, and Michael Marks, Vice President of Product and Customer Success.

Juniper Networks Appoints New Chief Customer Officer (Nasdaq) Pierre-Paul Allard to Lead Strategic Sales and Field Operations Globally for the Company

ProtectWise Appoints Art Coviello, Former RSA Executive Chairman and CEO, to Advisory Board (Markets Insider) ProtectWiseTM, the leader in Cloud-Delivered Network Detection and Response (NDR), today announced it has appoint...

Leidos executive to depart (InsideDefense.com) Leidos said today Timothy Reardon, the head of the company's defense and intelligence group, will leave the company.

Products, Services, and Solutions

Spirent Extends CyberFlood with Data Breach Emulation for Holistic and Hyper-Realistic Security Testing of Networks and Devices (BusinessWire) CyberFlood’s new data breach emulation technology provides hyper-realistic scenarios and assessments using the actual methodologies intruders follow.

CrowdStrike Expands its Endpoint Protection Platform with New Device Control Module and Support for Docker Containers (CrowdStrike) CrowdStrike announced new features and capabilities expanding the scope of the CrowdStrike Falcon platform as the most comprehensive endpoint protection solution available to customers.

CrowdStrike Further Expands Threat Intelligence Integration into the Falcon Endpoint Protection Platform (CrowdStrike) CrowdStrike announced that the company has expanded the capabilities of the Falcon X™ module by launching a Premium version.

Carbon Black introduces Cb LiveOps for real-time query and response, surpassing Tanium and CrowdStrike with its complete cloud-delivered security platform (CSO) Cb LiveOps is built on an industry-leading security platform that combines real-time query and response, next-generation antivirus, endpoint detection and response, and managed threat hunting services within a single console and from a single agent

Kapalya Launches Intelligent End-to-End Encryption Software (PRNewswire) Data protection solution focused on key management

ReversingLabs Previews Next Generation Advanced Malware Hunting at Black Hat USA 2018 (GlobeNewswire News Room) Showcasing a new paradigm to help organizations detect and defend against advanced attacks

Making a living scamming the scammers (Engadget) When you're so good at running rings around scammers, it becomes your job.

Technologies, Techniques, and Standards

Census teams up with DHS, intel community to address 2020 cyber threats (FederalNewsRadio.com) Two years out from the start of the first internet-driven population count, the Census Bureau is ramping up its cybersecurity focus, and has awarded the last of its major IT contracts.

How Colorado beat Russia at its election games (Colorado Springs Gazette) When Wayne Williams took office in 2015, secretaries of state didn’t talk much about hackers or, if at all, Russians. Now those topics dominate discussions among the sharpest minds and

The answer to military cyber may be robust networks (C4ISRNET) To bolster cyber defense, Defense Department leaders are exploring options to modernize military networks.

The internet of battlefield things will depend on modernized networks (C4ISRNET) The Department of Defense is eager to embrace nonstop actionable data on the battlefield, but current network infrastructure may not be able to support it.

To improve military networks, the Army looks to commercial solutions (C4ISRNET) Industry is making their case for modernizing military networks. The Defense Department appears to be listening.

Academia

Winners Announced for U.S. Cyber Challenge Hacker Competition at Western Regional Camp (US Cyber Challenge) Earlier today, a couple dozen elite hackers congregated in North Las Vegas to compete in the U.S. Cyber Challenge (USCC) Capture-the-Flag

Top bachelors and masters cybersecurity degree programs (ITworld) These are some of the best on-campus and online cybersecurity degree programs helping to meet the cybersecurity job demand.

Legislation, Policy and Regulation

How Weaker Nations Are Taking Cyber Warfare Advantage (The World Reporter) Cyber offensive technology (a malware that is employed for military use) gives clear asymmetric advantage which favours weaker states and non-state actors. They may pursue cyber technology in order to gain strength in pursuit of broader goal. This asymmetry is not something new and presents to be an effective tool to level the imbalance of […]

Here’s the full text of Mike Pence’s cybersecurity speech (Fifth Domain) At the first-ever National Cybersecurity Summit in New York City on July 31, Vice President Mike Pence gave an in-depth speech about what the Trump administration is doing, and what it says past administrations didn’t do, to address cybersecurity. The text below is from the official speech posted on the White House website.

U.S. Congress passes bill forcing tech companies to disclose... (Reuters) The U.S. Congress is sending President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.

U.S. Officials Push New Penalties for Hackers of Electrical Grid (Wall Street Journal) Top administration officials are devising new penalties to hit back more forcefully at state-sponsored hackers of critical infrastructure to deter attacks such as the successful penetration of U.S. utilities by Russian agents last year.

Two US senators criticise watered-down bill that allows ZTE to survive (South China Morning Post) A Republican and a Democratic senator said the failure to reinstate penalties on ZTE threatens US national security

Cyber Command chief prepared to conduct operations in response to election meddling (Fifth Domain) During a press conference at the White House August 2, Gen. Paul Nakasone said that he was tracking foreign adversaries and was prepared to conduct operations against those attempting to undermine the U.S. midterm elections.

Army Cyber Command Could Get New Name to Highlight Capability Range (Military.com) Lt. Gen. Stephen Fogarty said the U.S. should avoid the temptation to rely too heavily on cyber.

Can Cyber Command overcome its staffing shortage? (Fifth Domain) The Department of Defense’s 10-year-old cyber war-fighting outfit may need up to 1,000 new, highly specialized employees. As cyberthreats proliferate, can it find them in time?

Actor Steven Seagal to be Russian envoy (BBC News) The action film star, who was granted Russian citizenship in 2016, is to improve ties with the US.

Litigation, Investigation, and Enforcement

Singapore parliament holds hearings on health provider cyber-attack (Foreign Brief) Singapore’s parliament will hold hearings with its state health provider, SingHeath, over recent cyber-attacks on the provider’s patient records system.

Analysis | The Cybersecurity 202: The law doesn't protect ethical hackers. This new project could help close that gap. (Washington Post) Disclose.io can be used by anyone.

Why the Justice Department cared about chain restaurant hackers (Fifth Domain) The FIN7 group's brazen hacking campaign shows how simple fishing and social engineering tactics can have devastating consequences.

Trump associate socialized with alleged Russian agent Maria Butina in final weeks of 2016 campaign (Washington Post) Emails show Butina sought out J.D. Gordon, a former campaign national security aide, as he prepared to work on the presidential transition.

Feinstein had a Chinese spy connection she didn’t know about — her driver (San Francisco Chronicle) A staffer in U.S. Sen. Dianne Feinstein’s San Francisco office was fired a few years back after being linked to Chinese spying in the Bay Area. According to a Politico Magazine story on Silicon Valley espionage, the Feinstein staffer was suspected of providing political intelligence — but nothing classified — to his handlers, with one former intelligence official telling author Zach Dorfman that the suspected informant was “run” by officials based at the local Chinese Consulate. A local source who knew about the incident confirmed to us that the FBI showed up at Feinstein’s office in Washington, D.C.

Man arrested for blackmailing women with ... fakes (Naked Security) Police have arrested a man for blackmailing women through Facebook using digitally manipulated images of them.

Guilty! Court sinks children’s hospital attacker found stranded on a boat (Naked Security) Martin Gottesfeld set off DDoS attacks against hospitals in #opJustina, fled the country in a boat, and had to be rescued by a Disney ship.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

2018 ISSA International Conference (Atlanta, Georgia, USA, October 17 - 18, 2018) Join us for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today. Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional can become an expert on these dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and over 1,000 of your colleagues and peers in Atlanta as we discuss topics ranging from incident response, to emerging technologies, to business skills for the information security professional. Join us at the 2018 ISSA International Conference and we’ll help you prepare to Secure Tomorrow Today.

upcoming Events

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland Security (CHHS); Ira Kolmaister, Network Alarm Corporation; Yossi Applebaum, SEPIO Systems; Ken Stalder, Sherpas Cyber Security Group; Moderator: Ellen Cornelius, University of MD CHHS. Panel discussion with questions and answers from 3:30- 5:00pm, with a networking reception to follow. More information and RSVP at the link.

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual / Augmented Reality worlds, and talks from ICOs and blockchain startups and more, this Expo is going to be a diverse, wonderful, and potentially profitable experience for all who attend.

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will provide the Insider Threat Program (ITP) Manager, Facility Security Officer, and others (CIO, CSO, CISO, Human Resources, IT, Network Security, Etc.) supporting an ITP, with the knowledge and resources (Templates, Checklits, Etc.) to develop, manage, or enhance an ITP. This training covers, and goes beyond compliance regulations for an ITP (National Insider Threat Policy, NISPOM Conforming Change 2). Insider Threat Defense is one of the few ITP training vendors to offer a guarantee with their training. Insider Threat Defense has provided training and services (In Over 14 U.S. States) to an impressive list of 540+business-organizations / 680+ security professionals.

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational imperatives needed to attract and develop minority cybersecurity practitioners. By providing a combination of thought leadership, awareness and engagement, the 3rd Annual National Conference will seek to break from the norm of day-long sessions of talking-heads through interactive “decode sessions” intended to include conference attendees in helping to devise innovative strategies to tackling cybersecurity’s diversity challenges.

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring addresses from recognized leaders in your Air Force will give you drive for taking your career to the next level. You can do all of this and more at AFA’s annual Air, Space & Cyber Conference (ASC).

Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) Advancing global collaboration and innovation. SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place September 18-19, 2018. SINET’s collaborative forum brings together a notable group of senior level industry and government cybersecurity professionals. The event, supported by Her Majesty’s Government and the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T), will be held at The British Museum in London.SINET GCIS will provide exclusive opportunities for attendees to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. The events are recognized among technology companies as a unique and exclusive opportunity for sponsors to schedule 1:1 meetings with top-level decision makers. These 15-minute meetings grant technology companies the opportunity to introduce their solution to high-level executives within targeted industries and source feedback from knowledgeable buyers.

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the industrial control supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and technical use cases, to explore more deeply the need for security in our connected world. Timely and relevant seminar topics to include a focus on the Internet-of-Things (consumer, industrial and enterprise), identification and authentication, payment and value-added services, premium content protection, device trust, and certification. And, as always, delegates will be able to witness ‘real world’ solutions from our sponsoring/exhibiting member organizations.

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community, private sector, and academia to discuss the most pressing problem sets concerning cyberspace and national security. This year's theme is "decision making in cyberspace". Cyber Beacon V will be held on Wednesday 19 and Thursday 20 September 2018 at the NDU campus on Fort McNair in Washington, DC.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.