The CyberWire Daily Briefing 8.15.18

Summary

By The CyberWire Staff

A new speculative execution issue is identified in Intel central processing units. The small set of flaws, collectively called "Foreshadow," are being mitigated, and in any case seem unlikely to be readily exploitable.

Microsoft addressed sixty flaws, two zero-days among them, in August's Patch Tuesday. Among the vulnerabilities attracting the most attention is one discovered by researchers at Okta, a security bypass exploit enabled by Active Directory Federation Services (ADFS) mishandling of multi-factor authentication requests.

Adobe also patched, fixing eleven problems in Flash Player, Creative Cloud Desktop Application, Experience Manager, and Acrobat Reader.

Regional influence and economic advantage appear to drive renewed Chinese cyberespionage against Malaysian companies and governmental organizations.

A United Nations report suggests increasing Iranian prominence in al Qaeda networks.

The AP talks with various academic experts in communications and marketing and concludes that the Facebook pages the social medium recently expunged follow typical advertising playbooks, with affinity marketing supplemented with a moralistic dose of aversion. So nothing new here, but the skill shown by the presumably Russian persuaders is striking.

Sputnik, slugging as is apparently its wont on behalf of the little guy, accuses the BBC of committing fake news by "cherry-picking" encryption experts who will toe Her Majesty's Government's pro-snooping line.

In a generally well-reviewed move, the FBI appoints Amy Hess Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch. Hess, a veteran of the FBI's science and technology side, is among other things regarded as a crypto-wars dove, at least by Bureau standards.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Iran, Israel, Malaysia, Russia, Syria, and United States.

Don’t let threats SOC you where it counts.

Protecting your organization from an attack involves much more than the traditional “block & tackle” tactics of the past. A good boxer doesn’t just block the punch they see coming, they move against the next anticipated punch. The modern Security Operations Center (SOC) requires a combination of automation and human tradecraft to successfully repel the adversary. Learn more about the modern SOC in LookingGlass’ webinar featuring guest IDC, August 29 @ 2pm ET.

On the Podcast

In today's podcast we speak with our partners at RSA, as Zulfikar Ramzan talks about SOCs and the Internet of Things. Our guest is Dimitris Maniatis from Upstream with some insight into Android ad-fraud malware.

Sponsored Events

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

China-linked cyberattacks likely as Malaysia reviews projects:... (Reuters) Chinese state-sponsored hackers may be targeting companies and state agencies in Malaysia as it looks to review several major projects linked to China's Belt and Road Initiative, cyber security firm FireEye Inc. said on Wednesday.

UN: Iran-based leaders 'have grown more prominent' in al Qaeda's global networ (FDD's Long War Journal) A report by the United Nations includes new details concerning the dispute between Hay'at Tahrir al-Sham (HTS) and al Qaeda's senior leaders, including the role played by two veteran operatives living in Iran. The UN's member states say that HTS is still in "contact" with al Qaeda's leadership despite their heated disagreements, and that al Qaeda has even reinforced HTS with "military and explosives experts" sent from Afghanistan.

Using common social media tactics to subvert US elections (AP News) The latest efforts to disrupt the U.S. midterm elections through Facebook manipulation seem to be following a persuasion playbook refined by legitimate companies a

BBC Caught Cherry-Picking Anti-Privacy Computer Scientists for Segment (Sputnik) The BBC was caught red-handed engaging in manipulation after it declined to invite a potential guest for a segment on computer security, turning the expert down because he refused to state why it would be a good idea to put “back-doors” into cryptographic systems.

Research shows gap in House, Senate candidates' website security (Cyberscoop) Nearly 30 percent of House of Representatives candidates have significant security issues in their websites compared to less than 5 percent of Senate candidates, according to new research.

DNC official: We all need to get serious about election security. You too, Republicans. (USA TODAY) From candidates to voters, we're vulnerable to cyber attacks. Here are ways you can make it harder for foreign adversaries to disrupt US elections.

Intel confirms new chip security flaw affecting Core and Xeon CPUs (Computing) Foreshadow attack devised by KU Leuven can compromise Intel's Software Guard Extensions (SGX) technology

New Office 365 phishing attack uses malicious links in SharePoint documents (Help Net Security) Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ.

Vulnerability Could Allow Insider to Bypass CEO's Multi-Factor Authentication (SecurityWeek) A vulnerability in Microsoft's Active Directory Federation Services (ADFS) allows any attacker in the same organization with a valid second factor to access any other user's account if they can obtain that user's credentials.

Multi-Factor Mixup: Who Were You Again? (Okta) A weakness in the Microsoft ADFS protocol for integration with MFA products allows a second factor for one account to be used for second-factor authentication to all other accounts in an organization.

Microsoft Cortana Allows Browser Navigation Without Login: CVE-2018-8253 (McAfee Blogs) A locked Windows 10 device with Cortana enabled on the lock screen allows an attacker with physical access to the device to do two kinds of unauthorized browsing.

Are your Android apps listening to you? (Naked Security) This simple setup will help you discover if your apps are listening in on you.

Blockchain update: The danger posed by smart contracts (Computing) Incorruptible programs are great until they get hacked

Instagram users are reporting the same bizarre hack (Mashable) A hack is leaving users locked out of their accounts.

VORACLE Attack Can Recover HTTP Data From VPN Connections (BleepingComputer) A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions.

Cosmos Bank loses $13.5 million in cyber attack (Yahoo News) Cyber criminals hacked the systems of India's Cosmos Bank and siphoned off nearly 944 million rupees ($13.5 million) through simultaneous withdrawals across 28 countries over the weekend, the bank has told police. The co-operative bank said unidentified hackers stole customer information through

FBI warns of choreographed ATM drainage (Naked Security) This type of multinational ATM cashout could drain cash machines of millions within the span of hours.

Video: FBI warns of major cyber attack in ATMs across globe (Business Today) ATMs across the globe under major threat from a cyber attack; Reliance JioGigaFiber registrations to go live from August 15; Xiaomi, Samsung battle it out for the top spot in Indian smartphone market. Watch this episode of Daily Tech Wrap with Danny D'Cru

Twitter finally suspended Alex Jones’ account—but only for one week (Quartz) It's about time.

Crypto Jacking Threat Lurks in Online Games, Trend Micro Warns (Cryptovest) An IT security expert has warned that Filipino online gamers are exposed to the risk of criminals using breaching computers to mine cryptocurrency without the consent of the owners.

Under the hoodie: why money, power, and ego drive hackers to cybercrime (Malwarebytes Labs) We know what cybercriminals do. We know how they do it. Now we ask: why? This in-depth profile examines what makes hackers turn to cybercrime, and what could change their minds.

Where Chicken Little meets information security (CSO Online) Outside of a movie theater, your plane won’t be hacked out of the sky.

Caesars' Palace security room checks rattle Def Con attendees, conference SecOps head offers resignation (SC Media US) Def Con attendees complained the Las Vegas hotel violated their privacy and made them feel unsafe by spotchecking the room of guests who've rejected housekeeping services.

Putting Stickers On Your Laptop Is Probably a Bad Security Idea (Motherboard) From border crossings to hacking conferences, that Bitcoin or political sticker may be worth leaving on a case at home.

Security Patches, Mitigations, and Software Updates

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days (BleepingComputer) Microsoft's monthly Patch Tuesday security updates are out, and for August 2018, the Redmond-based OS maker has fixed 60 security flaws, including two zero-days under active attacks.

Microsoft ADFS Vulnerability Lets Attackers Bypass MFA (Dark Reading) The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.

Foreshadow: New Speculative Execution Flaws Found in Intel CPUs (SecurityWeek) Researchers discover three more speculative execution vulnerabilities in Intel CPUs. The flaws are tracked as Foreshadow and L1TF and several tech giants have already released advisories, updates and mitigations

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs (BleepingComputer) Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs.

Adobe Patches 11 Flaws Across Four Products (SecurityWeek) Adobe patches nearly a dozen vulnerabilities in Flash Player, the Creative Cloud Desktop Application, Experience Manager, and Acrobat and Reader

Oracle releases patch for 'critical' database vulnerability (Computing) CVE-2018-3110 is easy to exploit with possibly severe consequences

Cyber Trends

Cyber arms race looms as digital connectivity takes hold (The Business Times) AS DIGITAL connectivity ramps up worldwide, an arms race awaits in cyberspace, industry experts have said. Read more at The Business Times.

The Data Arms Race Is No Excuse for Abandoning Privacy (Foreign Policy) Tech competition is being used to push a dangerous corporate agenda.

FireMon's Annual State of the Firewall Report Finds Chronic Deficiencies in Basic Firewall Hygiene (NEWSTAGE) FireMon, a global leader in network security policy management, today released its 2018

Cybersecurity trends in 2018: What should you be worried about? (Silicon Republic) Accenture has released a research report detailing the five cybersecurity trends every CIO should be aware of.

Atlanta, Orlando, and Denver Have the Highest Malware Infection Rates Among Major Cities in the U.S. During First Half of 2018 (EnigmaSoft Ltd) Atlanta, Orlando, and Denver top the list of the most malware-infected cities in the U.S.

Indian banks inadequately prepared for cyber attacks: Experts (The Economic Times) The preparedness of Indian banks has come into question after the massive security breach.

Marketplace

A Look into the Rapidly Growing World of Cyber Insurance (techindc.com) CyberCube, a leading provider of cyber risk analytics for the insurance industry, today announced the addition of Admiral (Ret.) Michael S Rogers to its Board of Directors.

Israel launches three-year program to boost cyber industry (Reuters) The Israeli government said on Wednesday it is investing 90 million shekels ($24 million) to shore up the country's cyber security industry as a global leader.

Orange acquires Basefarm Holding to support its cloud computing strategy (Help Net Security) By acquiring Basefarm Holding, Orange extends existing catalogue of offers and brings a new source of expertise and multi-cloud services.

Could Check Point Be Looking At Improving Momentum? (Seeking Alpha) Check Point is still struggling with weak growth in revenue, billings, and profits, but some sales metrics seem to be improving and there could be some product cycle help.

How Oxford BioChronometrics Could Be a Pivotal Player to Secure Blockchain ICOs (Equities.com) ICOs have become a multi-billion-dollar market. With that growth comes the need for much more advanced security measures.

Products, Services, and Solutions

Defending Democracy (Skyhigh) Skyhigh helps enterprises embrace cloud services with necessary levels of security, compliance, and governance. Learn more on our Defending Democracy page.

Lockpath Partners with RapidRatings to Increase Third-Party Risk Visibility (PRNewswire) Technology Integration Will Bring Together Integrated Risk Management and Financial Health Ratings

IntSights Cyber Intelligence Launches Threat Intelligence Trade-up Program (PRNewswire) Cyber Threat Intelligence Provider Finds 62% of Enterprise Threat Intelligence Customers Unsatisfied with Their Existing TIP and DRP Solutions and Services

Technologies, Techniques, and Standards

It's official: TLS 1.3 approved as standard while spies weep (Register) Now all you lot have to actually implement it

The Secret to Securing Smart Buildings (SecurityWeek) Building owners, suppliers and managers need to act to ensure the security of buildings and the private data they hold, and the safety of those within them.

A new generation of intelligence collaborative tools is coming (C4ISRNET) Building on successes of previous years, the intelligence community CIO articulated a

Does the US have what it takes to be No. 1 in electronic warfare? (C4ISRNET) According to one top U.S. general, the capabilities are there, they just need to be practiced on a more consistent basis. Others, however, are worried about the EW race.

Google Tracks You Even If Location History's Off. Here's How to Stop It (WIRED) A new report shows that Google still tracks your location even if you thought you opted out.

Penetration Testing Mini-Report (SecureAuth) Decision Analyst conducted an online survey among 202 IT decision makers across the U.S.An online survey was conducted between February 12 and February 19, 2018.

Legislation, Policy and Regulation

Key Cyber Provisions of the National Defense Authorization Act (SIGNAL) Congress’ NDAA Fiscal Year 2019 appropriation authorizations include important cyber measures among military and defense activities.

The U.S. Needs a Cyber Force More Than a Space Force (Bloomberg.com) Trump shouldn’t be ridiculed for looking to the heavens, but a more urgent threat looms.

You’ve Got Mail: NLRB Requests Briefing on Standard for Employee Use of Employer Owned Electronic Communication Systems | Labor Relations Update (Labor Relations Update) In what could signify the beginning of the end for Purple Communications, Inc., 361 NLRB 1050 (2014) and guaranteed employee access to Employer computer systems for union organizing purposes, the NLRB issued a notice on August 1 inviting the filing of briefs on whether the Board should uphold, modify or overrule the decision.

FBI Announces Executive Appointments (Federal Bureau of Investigation) FBI Director Christopher Wray announced leadership appointments in the Criminal, Cyber, Response, and Services Branch; the Cyber Division; the Weapons of Mass Destruction Directorate; the IT Applications and Data Division; and the Information Management Division.

Litigation, Investigation, and Enforcement

Mueller Probe Seen Pushing Past Trump-Demanded September 1 Deadline (Bloomberg.com) Special Counsel Robert Mueller doesn’t have to shut down his Russia investigation in the weeks before November’s congressional elections despite claims by President Donald Trump’s lawyers that he faces a Sept. 1 deadline, according to current and former U.S. officials.

Don’t expect Russia to admit to election interference, Rand Paul says, lamenting ‘partisan hysteria’ (Washington Post) Sen. Rand Paul (R-Ky.) held private meetings with Russian officials during his recent trip to Moscow and Saint Petersburg.

Bill Nelson goes silent amid charges of fabricating Russian hacking claim (The Washington Times) With early voting beginning Monday in some Florida counties, the Senate race there was jolted as Republican Gov. Rick Scott kept up the pressure on Sen. Bill Nelson’s thus-far unsubstantiated claims that Russian operatives have already compromised Florida elections.

Sen. Nelson: Foolish to deny Russia targeting Florida (AP News) MONTICELLO, Fla. (AP) — U.S. Sen. Bill Nelson, under fire from Florida's Republican governor, isn't backing down from comments that Russian operatives have penetrated some of his

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain (Kiev, Ukraine, October 8, 2018) The 4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain will be held October 8 – 11, CEC Parkovy, Kyiv, Ukraine. The annual Hacken Cup – the onsite bug bounty marathon – happens on October 8, with 20 top white hat hackers finding critical vulnerabilities in your client’s or company’s web and mobile applications. Developer teams can exchange experience with top security researchers, receive a day of offline bug bounty and cybersecurity consulting at the Hacken Cup and one month of online bug bounty at the HackenProof platform. Also includes a press conference with media and three tickets to the HackIT forum and VIP afterparty..

5th Annual Women in Cyber Security Reception (Washington, DC, United States, October 18, 2018) This annual networking event highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships and build new ones.

upcoming Events

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection of Air Force IT experts, prominent IT academics, and some of America’s top cyber security companies, the AFITC offers a full of slate events and activities, with 3 days of speakers, expanded education/training opportunities, and an exhibitor-driven trade show that all revolves around the ways we can better defend America from cyber-attacks, advanced persistent threats, and proactively lead in this in this increasingly digital world.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland Security (CHHS); Ira Kolmaister, Network Alarm Corporation; Yossi Applebaum, SEPIO Systems; Ken Stalder, Sherpas Cyber Security Group; Moderator: Ellen Cornelius, University of MD CHHS. Panel discussion with questions and answers from 3:30- 5:00pm, with a networking reception to follow. More information and RSVP at the link.

FutureTech Expo (Dallas, Texas, USA, September 14 - 16, 2018) With over 2,000 expected attendees, 70 top-notch speakers and 100+ exhibitors from the Blockchain & Bitcoin, Artificial Intelligence, Cyber Security / Hacking, Quantum Computing, 3D Printing, and Virtual / Augmented Reality worlds, and talks from ICOs and blockchain startups and more, this Expo is going to be a diverse, wonderful, and potentially profitable experience for all who attend.

Insider Threat Program Development-Management Training Course (San Antonio, Texas, USA, September 17 - 18, 2018) Insider Threat Defense will hold its highly sought-after Insider Threat Program Development-Management Training Course, in San Antonio, Texas, on September 17-18, 2018. This two-day training course will provide the Insider Threat Program (ITP) Manager, Facility Security Officer, and others (CIO, CSO, CISO, Human Resources, IT, Network Security, Etc.) supporting an ITP, with the knowledge and resources (Templates, Checklits, Etc.) to develop, manage, or enhance an ITP. This training covers, and goes beyond compliance regulations for an ITP (National Insider Threat Policy, NISPOM Conforming Change 2). Insider Threat Defense is one of the few ITP training vendors to offer a guarantee with their training. Insider Threat Defense has provided training and services (In Over 14 U.S. States) to an impressive list of 540+business-organizations / 680+ security professionals.

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational imperatives needed to attract and develop minority cybersecurity practitioners. By providing a combination of thought leadership, awareness and engagement, the 3rd Annual National Conference will seek to break from the norm of day-long sessions of talking-heads through interactive “decode sessions” intended to include conference attendees in helping to devise innovative strategies to tackling cybersecurity’s diversity challenges.

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring addresses from recognized leaders in your Air Force will give you drive for taking your career to the next level. You can do all of this and more at AFA’s annual Air, Space & Cyber Conference (ASC).

Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) Advancing global collaboration and innovation. SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place September 18-19, 2018. SINET’s collaborative forum brings together a notable group of senior level industry and government cybersecurity professionals. The event, supported by Her Majesty’s Government and the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T), will be held at The British Museum in London.SINET GCIS will provide exclusive opportunities for attendees to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. The events are recognized among technology companies as a unique and exclusive opportunity for sponsors to schedule 1:1 meetings with top-level decision makers. These 15-minute meetings grant technology companies the opportunity to introduce their solution to high-level executives within targeted industries and source feedback from knowledgeable buyers.

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the industrial control supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and technical use cases, to explore more deeply the need for security in our connected world. Timely and relevant seminar topics to include a focus on the Internet-of-Things (consumer, industrial and enterprise), identification and authentication, payment and value-added services, premium content protection, device trust, and certification. And, as always, delegates will be able to witness ‘real world’ solutions from our sponsoring/exhibiting member organizations.

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community, private sector, and academia to discuss the most pressing problem sets concerning cyberspace and national security. This year's theme is "decision making in cyberspace". Cyber Beacon V will be held on Wednesday 19 and Thursday 20 September 2018 at the NDU campus on Fort McNair in Washington, DC.

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique needs and current challenges faced by enterprise cyber security leaders. A CISO’s role requires hands-on technical knowledge and understanding of security tools, techniques, and procedures combined with the need to manage up, down, and across the organization. This summit is the perfect platform for leaders to share information, gain insight and develop next-level strategy. Information security executives from across the country will come together for 2 days of peer breakouts and networking to answer the toughest questions facing them today.

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX education program led by ASIS, InfraGard, and ISSA subject matter experts consists of 300+ sessions, each designed to deliver valuable, actionable takeaways to help shape your security strategy—today and in the future.

Merging of Cyber Criminal and Nation State Techniques: A Look at the Lazarus Group (Loudon, Virginia, USA, September 24, 2018) This presentation on North Korea's Lazarus Group as a case study of the convergence of organized cyber crime and nation-state intelligence services will be led by Allan Liska, a solutions architect at Recorded Future. Allan has more than 15 years experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address the unlimited risks surrounding billions connected “things”, Connect Security World 2018 unites Digital Security experts and IoT developers to securely develop, deploy and manage devices & services at IoT scale. In its 7th edition, this technical conference will cover the latest secure technologies stemming from cryptography to strategies and methods to minimize risks and enable successful implementations of end-to-end security – knowing that security is never perfect and no unique security solution (HW, SW…) can fit all levels of protection.

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to discuss network and capability modernization efforts aimed at combating the diverse cyber threats to US National Security. The agenda will focus on defensive and offensive cyber operations as well as the technological capabilities needed by our forces to ensure they can defend American interests in all domains. Lastly, the event will feature two panels: one on protecting our Nation’s intricate critical infrastructure and one on securing the DoDIN.

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout industrial infrastructure and have many military applications. Recent high-profile attacks on these systems have demonstrated ICS’ vulnerabilities and inspired debate about the practical and political means of defending the industrial base against malicious actors. Hack the Capitol will include demonstrations, hands-on learning, and policy conversations tailored toward a non-technical audience. Interact with ICS, including Human Machine Interfaces and Actuators and learn about the threats these components face. The event will provide hands-on education and awareness to members of the public, as well as to Congress, think tanks, and the press. This is a truly unique event that will raise awareness of our nation’s challenges with critical infrastructure and provide kinesthetic learning at multiple levels.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Foreshadow, a new speculative execution issue. Patch Tuesday. Influence ops and marketing. Crypto wars notes.