The CyberWire Daily Briefing 8.8.18

Summary

By The CyberWire Staff

Oracle warns that attacks in July sought to exploit the Border Gateway Protocol in an attempted DNS redirection attack against US payment processors Datawire, Vantiv, and Mercury Payment Systems.

German security services have been thinking through the problem, and they believe they now in fact have the legal authority to conduct retaliatory cyber operations in response to an attack.

Ukraine's President Poroshenko has directed the country's security services to undertake a serious push to deflect attempts at election influence operations.

US Defense Secretary Mattis, pointing out that the military is there to defend the Constitution, says that the Department of Defense certainly has a role to play in fending off attempts to subvert, influence, or otherwise compromise elections. The principal threat is perceived as Russia, also said to be after the power grid.

The US Government is working with Facebook to devise ways of countering foreign black propaganda online. The challenge is difficult, but Facebook's ongoing work on content moderation, painful and expensive as it's been, may hold long-term benefits. The more lawyers and money it throws at content moderation, the wider Facebook's moat becomes against upstart disruptors.

Some recent studies in the US suggest that viral political messaging may be less effective than political campaigns think, hope, or fear. Whether national espionage services will reach the same conclusion is an open question. The online operation Anonymous has just announced against QAnon may provide an interesting case study, although Anonymous ops have tended to fizzle over the last several years.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, European Union, Germany, Russia, Ukraine, and United States.

Don’t let threats SOC you where it counts.

Protecting your organization from an attack involves much more than the traditional “block & tackle” tactics of the past. A good boxer doesn’t just block the punch they see coming, they move against the next anticipated punch. The modern Security Operations Center (SOC) requires a combination of automation and human tradecraft to successfully repel the adversary. Learn more about the modern SOC in LookingGlass’ webinar featuring guest IDC, August 29 @ 2pm ET.

On the Podcast

In today's podcast, we speak with David Dufour from our partners at Webroot, who takes a look back at the year so far. Our guest is Travis Moore from TechCongress describing their fellowship programs.

Sponsored Events

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Selected Reading

Dateline

Black Hat USA 2018 Conference Focuses on Cyber Threats and Unique Solutions (InCyberDefense) The Black Hat USA 2018 Conference is the world's leading information security event, now taking place through August 9 in Las Vegas.

Comodo Cybersecurity Launches Zero-day Challenge to AV Industry (PRNewswire) Highlights vendor practices, shortcomings of detection and AI; calls for greater transparency

White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime. Survey Report: Global (Malwarebytes) Malwarebytes engaged Osterman Research to undertake an in-depth survey of security professionals in five countries.

White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime. Survey Report: US (Malwarebytes) Malwarebytes engaged Osterman Research to undertake an in-depth survey of security professionals in five countries: the United States, the United Kingdom, Germany, Australia and Singapore. This report focuses on the research that was conducted among organizations in the United States

Why small cyberattacks on power systems more likely than a long-running blackout (Fifth Domain) Attacks on American power systems are likely to be small and localized, casting doubt on the ability of a foreign power to take down broad swaths of U.S. electric systems at once.

Hackers targeted a fake power grid. Is the real one next? (Fifth Domain) A honey pot experiment showed how suspected criminals may try to hack into America's electric grid.

New bugs leave millions of phones vulnerable to hackers (Fifth Domain) Phones used by major carriers have underlying flaws giving hackers the ability “to escalate privileges and take over the device.”

Digital Guardian Releases New User and Entity Behavior Analytics Capability (Digital Guardian) Enables Effective Identification, Mitigation, and Communication of Enterprise Data Risk in Real-Time

Digital Guardian Releases New Managed Security Program for Endpoint Detection and Response (Digital Guardian) Industry Leader Combines State-of-the-Art EDR Technology with Global Security Experts for 24x7 Protection from Cyber Threats

Bugcrowd University Opens Its Doors to the Crowd (GlobeNewswire) First-of-its-kind global program to provide hands-on training for security researcher community as demand for crowdsourced security soars

Bomgar Exhibiting and Presenting Strategies for Securing Access and Identity Management at Black Hat USA 2018 (Odessa American) Bomgar, a leader in identity and access management solutions for privileged users, will be exhibiting its solutions at Black Hat USA 2018 in Las Vegas, Nevada, August 8-9. Located at booth No. 120, Bomgar will be showcasing its privileged access management (PAM) solutions that help organizations throughout the world secure their most critical systems and assets to mitigate against today’s constant cyber threats – all without sacrificing productivity.

Qualys and IBM X-Force Red to Help Organizations Identify, Prioritize and Fix Their Most Critical Vulnerabilities (PRNewswire) Qualys and X-Force Red deliver security accuracy, automation and cost-effective vulnerability management

Secure Channels Announces Beta Testing of New XFA Mail from the XOTIC Platform at Black Hat USA 2018 (Benzinga) XFA Adds Encryption and Secure Key Exchange without Additional Size to Email...

Cyber Attacks, Threats, and Vulnerabilities

Mattis says Russia sanctioned 2016 election meddling, outlines protections for midterms (Military Times) Mattis said troops have a part in defending the Constitution and US elections.

Russian threat bigger than Trump; they’re after our power grid, not just our elections [Editorial] (Houston Chronicle) States must share responsibility for preventing cyber attacks on electricity providers

Analysis | The Cybersecurity 202: The 2020 census could be a prime target for hackers (Washington Post) Officials are trying to secure their systems, but critics aren't satisfied.

Cybersecurity Firm Finds Way to Alter WhatsApp Messages (New York Times) The Facebook-owned messaging service says it is still safe, and what Check Point Software discovered was a system operating as it was intended.

US payment processors targeted in DNS server hijacking attacks, warns Oracle (Computing) Attack in July aimed at redirecting payment processors traffic to servers controlled by the hijackers

Honeypot Highlights Danger to ICS Systems From Criminal Hackers (SecurityWeek) Security firm Cybereason established a sophisticated honeypot masquerading as a power transmission substation to attract attackers and analyze how they operate against the energy sector of the critical infrastructure.

As the IoT grows, so do the risks (FCW) Agencies must rethink their security as both the logical and physical attack surfaces expand.

New Method Discovered for Cracking WPA2 Wi-Fi Passwords (SecurityWeek) Developers of the popular password cracking tool Hashcat discover a new and easier way to obtain WPA/WPA2 Wi-Fi passwords on certain networks

Third-party misconfiguration exposes TCM Bank consumer data (SC Media US) A third-party website misconfiguration resulted in the exposure of sensitive data by credit card issuer TCM Bank leaked applicant data for 16 months.

How the reddit security breach reminds us to be careful (App Developer Magazine) The reddit security breach is a reminder to everyone about what best security practices to take when logging into websites to protect your information..

Spear phishing -- threat vectors highlight new realities (Networks Asia) Not knowing when, where or how phishing and ransomware attacks might succeed in tricking end-users into downloading malware on to their endpoint devices and bypass perimeter defenses exacts a great toll on cybersecurity professionals.

GDPR-based extortion could be the next cybercrime trend (IDG Connect) Could the threat of reporting a company for GDPR noncompliance be a new revenue stream for cybercriminals?

#OpQAnon: Anonymous Declares War on QAnon (BleepingComputer) The hacktivist collective known for operations such as Project Chanology, the Westboro Baptist Church hack, OpISIS, anti-pedophile ops and Occupy Wallstreet announced, over the weekend, a declaration of war on QAnon.

Cyber Trends

New Research Reveals Intelligent Building Security Risks, Vulnerabilities and Mitigation Strategies (Security Industry Association) SIA, the ASIS Foundation and BOMA International released groundbreaking guidance for practitioners in security and building management.

Leadership, Culture and Business Savvy: 13 Big Cybersecurity Ideas... (Bricata) Leadership, culture and business savvy are just as important to the CISO as are technical aspects of the job. This roundup highlights some of the big cybersecurity ideas for the CISO by CISOs. #ciso #cybersecurity #leadership

Proofpoint Threat Report: Ransomware returns but banking Trojans keep the top spot in the second quarter of 2018 (Proofpoint) Proofpoint researchers provide a snapshot and analysis of the changing threat landscape in the second quarter of this year.

Cyber Villains and Heroes: the quest for a cyber-secure future. (Business News) The Cyber Security Review, led by the Department of the Prime Minister and Cabinet, found that cybercrime costs the Australian economy up to $1 billion annually.&

Where should companies focus as they begin their machine learning journey? (Help Net Security) Deploying machine learning in production and where companies should focus as they begin their journey of machine learning adoption.

Only 8% of orgs have effective DevSecOps practices (Help Net Security) 92 percent of organizations struggle to implement security into the entire DevOps process despite most saying they want to do so.

Marketplace

Silicon Valley’s Military Dilemma (The New Republic) Tech companies will be forced to choose whether they can continue preaching independence from big government while serving as its well-paid and compliant partners.

Why Facebook’s Thinning Profit Margins Are a Secret Asset (WIRED) Moderating content requires expensive lawyers, well-run operational teams, and a lot of money. But as Facebook builds these complex systems, it becomes harder for an upstart to replicate.

A CenturyLink Growth Engine That Nobody Talks About (Seeking Alpha) Market assessment and incumbent comparison. CenturyLink's moat and competitive sales edge. Thoughts on duration and scale of the opportunity.

Booz Allen to Help Air Force Develop Cyber Tech Platforms (ExecutiveBiz) Booz Allen Hamilton has won a potential five-year, $47.4 million contract from the U.S. Air Force to develop technology platforms to support the military service’s operational cyber resiliency initiatives. The Defense Department said Monday the company will help USAF build a system to address cyber assurance requirements and associated mission programs of the Air Force Research...

Salient CRGT Awarded $6.4M Subcontract to Provide U.S. Air Force Cyber Command IT Support Services (Markets Insider) Salient CRGT, Inc. announced the procurement of a $6.4 million award as a subcontractor to THE CENTECH GROUP, Inc...

General Motors Doubles Down On Bug Bounty Cybersecurity Effort (Forbes) Dan Ammann, President of General Motors, announced that the company will invite cybersecurity researchers to identify vulnerabilities in its products, and pay them a bug bounty in exchange.

Rapid7 Announces Proposed Private Offering of $175 Million of Convertible Senior Notes (Nasdaq) Rapid7, Inc. ("Rapid7") (Nasdaq:RPD) today announced that it intends to offer, subject to market conditions and other factors, $175.0 million aggregate principal amount of convertible senior notes due 2023 in a private placement to qualified institutional buyers...

Products, Services, and Solutions

Endgame and Red Canary Partner to Combine Industry-Leading Endpoint Sensor and Incident Response (GlobeNewswire News Room) Alliance combines deep endpoint visibility with configurable behavior-based blocking and precision response to allow every organization to detect and stop evolving adversaries

Proofpoint Launches Three People-centric Cybersecurity Innovations: TAP Isolation, Enhanced Threat Detection, and Threat Response Python Scripting (Proofpoint) Proofpoint, Inc. today announced three people-centric security innovations, including Targeted Attack Protection (TAP) Isolation for personal webmail and browsing defense, enhanced threat detection, and new Threat Response python scripting.

SparkCognition Partners with Siemens To Advance Industrial Market (Markets Insider) SparkCognition, a global artificial intelligence (AI) company, announced its collaboration with Siemens to deplo...

Netskope Selects Cylance to Enhance Netskope Security Cloud with AI-Powered Advanced Threat Protection (PRNewswire) Company's industry-leading approach to threat protection combined with Cylance's predictive capabilities provides end-to-end threat protection to Netskope customers

Digital security agency Gemalto install new virtual key management solution (Information Age) International digital security agency Gemalto have announced the development of new virtual key management solution SafeNet Virtual KeySecure.

Let's Encrypt Is Now Officially Trusted by All Major Root Programs (BleepingComputer) Let's Encrypt announced yesterday that they are now directly trusted by all major root certificate programs including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let's Encrypt is now directly trusted by all major browsers and operating systems.

NSS Labs Announces Industry's First SD-WAN Group Test Results (NSS Labs) Learn about our most recent research findings, news and information on the world of Cyber Security with NSS Labs' archive of press releases. Read more.

Perception Point Launches Anti-Malware Solution for Shared Drives (PRNewswire) Holistic technology targets the growing security blind spots caused by cloud storage apps like OneDrive, Google Drive and Dropbox

BlackBerry launches new ransomware recovery feature (Help Net Security) BlackBerry Workspaces helps organizations contain and limit the damage of ransomware attacks by freezing the accounts of affected users.

wolfSSL Announces the First Commercial Release of TLS 1.3 (PRWeb) wolfSSL, a leading provider of TLS cryptography announces the world’s first commercial release of TLS 1.3. With the imminent finalization of the TLS 1.3 draft

Acronis deeply integrates its data protection capabilities with Microsoft cloud services (Wire19) Acronis is teaming up with Microsoft to deeply integrate its data protection and backup services with Microsoft’s cloud services and products.

Meta Networks Joins Symantec Technology Integration Partner Program (NBC 2) Meta Networks Ltd., the technology leader in secure cloud-native networking, today announced the company has joined the Symantec Technology Integration Partner Program (TIPP), a global ecosystem composed of more than 100...

Twistlock adds automated cloud native forensics to its cybersecurity platform (Help Net Security) Twistlock 2.5 cloud native forensics feature provides automated forensic data collection and correlation across cloud native environments.

Verizon Didn’t Bother to Write a Privacy Policy for its ‘Privacy Protecting’ VPN (Motherboard) Verizon's 'Safe Wi-Fi' says it "protects your privacy and blocks ad-tracking," but its current privacy policy is a placeholder that says the exact opposite.

Deep Instinct Introduces New Analytical Capabilities for Superior Cyberattack Insights and Visibility (BusinessWire) Deep Instinct, the first company to apply deep learning to cybersecurity, has introduced new threat analysis services.

CrowdStrike Further Expands Threat Intelligence Integration into the Falcon Endpoint Protection Platform (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that the company has expanded the capabilities of the Falcon X ™

Ixia Introduces New Packet-Level Visibility Into Container Workloads (Best Enterprise Cloud Strategy Tools, Vendors, Managed Service Providers, MSP and Solutions) Keysight Technologies provides a collection of technology products, services, and solutions for a variety of verticals. One of their subsidiaries, Ixia offers a platform for testing, security, and …

Technologies, Techniques, and Standards

NSA Influences Commercial End-of-Life Data Security (SIGNAL) The eradication of data has new urgency.

Cyber-attack! Would your firm handle it better than this? (BBC News) There's a right way and a wrong way to deal with cyber-attack. How does this fictional company do?

The Importance of Access Control for IoT Devices (SecurityWeek) Access control solutions need to seamlessly synchronize with network and security controls to ensure that IoT devices are tracked and that policy enforcement is consistently enforced.

Viral Political Ads May Not Be As Persuasive As You Think (WIRED) Does more engagement mean your message is resonating with more people? For politicians campaigning on social media, focusing too much on shares and likes might be a mistake.

Bugcrowd CTO explains crowdsourced security benefits and challenges (TechTarget) In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges.

Design and Innovation

The security issues 3D printing should solve before going mainstream (Help Net Security) Most 3D printers are simply special purpose computers, and thus suffer the same potential security risks as any computer.

Research and Development

This could change everything: Bills would boost research into radically new way of computing (Dallas News) On university campuses across the country, scientists and engineers are scrambling to develop a radically new kind of computing - and computers --...

Legislation, Policy and Regulation

President instructs Security and Defense Council to hold meeting on countering interference in elections (Ukrinform) President Petro Poroshenko has instructed the National Security and Defense Council of Ukraine to hold a meeting on countering interference in the elections.

NATO’s tougher approach to cyberthreats is all about operationalization (Fifth Domain) A major shift has taken place in how NATO places cyber defense in its command structure and how it imposes costs upon attackers.

German cyberwarriors assert right to ‘hack back’ when attacked (Fifth Domain) Berlin's Defence Ministry strikes hawkish tones in explaining its defensive cyber plans.

Germany struggles to step up cyberdefense (Deutsche Welle) Germany is trying to boost cyberdefense with the Bundeswehr's Cyber and Information Domain Service (CIDS), against the background of rising numbers of cyberattacks as well as funding and recruitment challenges.

Trump administration coordinating with Facebook to combat disinformation (Fifth Domain) The Trump administration and Facebook are working together to counter foreign influence operations, but research suggests social media sites need to be more aggressive in taking false content off their platforms.

Analysis | The Cybersecurity 202: Trump team isn't doing enough to deter Russian cyberattacks, according to our panel of security experts (Washington Post) We surveyed more than 100 experts.

Trump administration preparing executive order to transfer security clearance program (FederalNewsRadio.com) The Trump administration is drafting an executive order to authorize the transfer of the governmentwide security clearance program from the Office of Personnel Management and National Background Investigations Bureau to the Pentagon.

'Time to change the rules' for the security clearance process, its leaders say (FederalNewsRadio.com) As part of the Trusted Workforce 2.0 initiative, intelligence and industry communities are preparing to deliver their plan to reimagine the security clearance to Congress by the end of the year.

Litigation, Investigation, and Enforcement

The FISA Court’s Essential Purpose - Foreign Policy Research Institute (Foreign Policy Research Institute) Although memories fade, there are still those of us who remember the remarkable congressional hearings in the 1970s revealing what seemed to be an endless parade of abuses conducted by the nation’s intelligence services at the direction of the president in the name of national security.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, USA, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

U.S. Department of Transportation Cybersecurity Symposium (Washington, DC, USA, October 9 - 10, 2018) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is 2 days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted by the Office of the DOT Chief Information Officer (CIO) and the Chief Information Security Officer (CISO), the symposium is open to all Federal agencies and will take place at the DOT Headquarters building, 1200 New Jersey Avenue SE, Washington, DC 20590.

upcoming Events

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days of technical Trainings (August 4 – 7) followed by the two-day main conference (August 8 – 9) featuring Briefings, Arsenal, Business Hall, and more.

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in Q2 2017 were focused on manufacturing. It's likely you have a cybersecurity program and team in place, but do you know how to assess your level of risk? Audit Your Digital Risk is designed for cybersecurity and audit professionals, risk managers, and others focused on protecting a company's people, assets, and IP.

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script kiddies. The only discount is for Goons and speakers, who get to work without paying for the privilege. We only accept cash - no checks, no money orders, no travelers checks. We don't want to be a target of any State or Federal fishing expeditions.

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland Security (CHHS); Ira Kolmaister, Network Alarm Corporation; Yossi Applebaum, SEPIO Systems; Ken Stalder, Sherpas Cyber Security Group; Moderator: Ellen Cornelius, University of MD CHHS. Panel discussion with questions and answers from 3:30- 5:00pm, with a networking reception to follow. More information and RSVP at the link.

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual / Augmented Reality worlds, and talks from ICOs and blockchain startups and more, this Expo is going to be a diverse, wonderful, and potentially profitable experience for all who attend.

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will provide the Insider Threat Program (ITP) Manager, Facility Security Officer, and others (CIO, CSO, CISO, Human Resources, IT, Network Security, Etc.) supporting an ITP, with the knowledge and resources (Templates, Checklits, Etc.) to develop, manage, or enhance an ITP. This training covers, and goes beyond compliance regulations for an ITP (National Insider Threat Policy, NISPOM Conforming Change 2). Insider Threat Defense is one of the few ITP training vendors to offer a guarantee with their training. Insider Threat Defense has provided training and services (In Over 14 U.S. States) to an impressive list of 540+business-organizations / 680+ security professionals.

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational imperatives needed to attract and develop minority cybersecurity practitioners. By providing a combination of thought leadership, awareness and engagement, the 3rd Annual National Conference will seek to break from the norm of day-long sessions of talking-heads through interactive “decode sessions” intended to include conference attendees in helping to devise innovative strategies to tackling cybersecurity’s diversity challenges.

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring addresses from recognized leaders in your Air Force will give you drive for taking your career to the next level. You can do all of this and more at AFA’s annual Air, Space & Cyber Conference (ASC).

Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) Advancing global collaboration and innovation. SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place September 18-19, 2018. SINET’s collaborative forum brings together a notable group of senior level industry and government cybersecurity professionals. The event, supported by Her Majesty’s Government and the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T), will be held at The British Museum in London.SINET GCIS will provide exclusive opportunities for attendees to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. The events are recognized among technology companies as a unique and exclusive opportunity for sponsors to schedule 1:1 meetings with top-level decision makers. These 15-minute meetings grant technology companies the opportunity to introduce their solution to high-level executives within targeted industries and source feedback from knowledgeable buyers.

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the industrial control supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and technical use cases, to explore more deeply the need for security in our connected world. Timely and relevant seminar topics to include a focus on the Internet-of-Things (consumer, industrial and enterprise), identification and authentication, payment and value-added services, premium content protection, device trust, and certification. And, as always, delegates will be able to witness ‘real world’ solutions from our sponsoring/exhibiting member organizations.

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community, private sector, and academia to discuss the most pressing problem sets concerning cyberspace and national security. This year's theme is "decision making in cyberspace". Cyber Beacon V will be held on Wednesday 19 and Thursday 20 September 2018 at the NDU campus on Fort McNair in Washington, DC.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Black Hat notes. Oracle warns of BGP exploitation against payment processors. Cyber conflict. Influence ops and hacktivism.