The CyberWire Daily Briefing 8.30.18

Summary

By The CyberWire Staff

Automated Twitter accounts have turned up in Sweden, according to a study by that country's defense research establishment. The bots, of unknown provenance, appear to be interested in the election, where they seem likelier to favor the country's third largest party, the Sweden Democrats, whose nationalist and anti-immigrant line appears positioned to make a run at overtaking the opposition Moderate party for second place behind the governing Social Democrats.

The US FBI says that it doesn't have much evidence supporting recent reports (and Presidential tweets) that Chinese intelligence compromised former Secretary of State Clinton's insecure private server. Observers say that doing so would represent a departure for Chinese espionage, which has specialized in intellectual property theft. Chinese information operations have tended to focus on sponsoring think tanks and cultural centers—a kind of malign version of Germany's benign Goethe Institut.

A criminal is selling data belonging to 130 million guests who've stayed at hotels belonging to China's Huazhu Group. Several security companies reporting finding the offering in a dark web souk: the hacker wants 8 Bitcoin (about $56,000) for the whole shebang.

Manufacturers of two medical devices, Qualcomm's Life Capsule Datacaptor Terminal Server and Becton Dickinson's Alaris TIVA Syringe Pump, disclosed through ICS-CERT that their devices allow remote unauthenticated access. Patches and upgrades are available; hospitals are urged to apply them.

A young man has been charged in connection with the creation of the Satori botnet, but observers wonder if he really had the technical chops to do the crime.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, Germany, Israel, Japan, Russia, Saudi Arabia, Switzerland, Turkey, United Kingdom, United States

Find out what solutions are emerging, peaking and working for cyber risk managers.

In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.

On the Podcast

In today's podcast, we speak with our partners at CenturyLink, as Mike Benjamin gives us an update on the Necurs botnet. Our guest is Gilad Peleg from SecBI with thoughts on the challenges of developing and using secure BYOD policies.

Hacking Humans is also up: this week's theme is, "red-teaming starts with research." Joe describes an Office 365 phishing campaign. Dave warns of dangerous USB cables. A listener shares a fax from the UK. And Joe interviews security consultant and pen tester Justin White.

Sponsored Events

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Seven Australian universities targeted in global hacking campaign (ARN) At least seven Australian universities have been attacked by cyber criminals in a global action targeting researchers.

Swedish study notes surge in automated Twitter accounts (AP News) A Swedish government study says there's been a recent surge in the number of automated Twitter accounts ahead of the Sept. 9 election, noting that 40 pe

This Is How Russian Propaganda Actually Works In The 21st Century (BuzzFeed News) Skype logs and other documents obtained by BuzzFeed News offer a rare glimpse into the inner workings of the Kremlin’s propaganda machine.

Analysis | The Cybersecurity 202: President Trump is wrong about the way Chinese hackers target Americans (Washington Post) Beijing doesn't tend to weaponize the information it gleans.

Exploiting Decades-Old Telephone Tech to Break Into Android Devices (WIRED) So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.

Remote Mac Exploitation Via Custom URL Schemes (Objective-See) a cyber-espionage campaign infects macs with a novel infection mechanism

Hacked stalking app reveals victims’ photos, texts and location info (Naked Security) Another mobile stalking app has been hacked, endangering both its customers and the victims that they spy on.

How Instagram accounts are hijacked, according to Kaspersky Lab (Back End News) (Image from Pixabay) Instagram (IG) is one of the most popular social networking sites today with one billion monthly users. With the sheer number of accounts, it has become a playground for cyberc…

Yahoo still scans your emails for ads — even if its rivals won’t (TechCrunch) You’re not the only one reading your emails. A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email-scanning program analyzes over 200 mill…

Yahoo woos advertisers with email scanning for targeted ad delivery (Help Net Security) Oath, Verizon's subsidiary that manages AOL and Yahoo and its webmail offerings, will continue with the practice of email scanning for data for advertisers.

Why Yahoo scanning user email is no cause for panic (Naked Security) The Wall Street Journal yesterday published an unsettling report that the owner of Yahoo, Verizon subsidiary Oath, has been quietly analysing the emails of its 200 million users to sell to advertis…

BusyGasper Malware Packs a Simple but Potent Punch (Threatpost) BusyGasper is rudimentary spyware with a bevy of novel twists that is highly effective at collecting and exfiltrating data from Android phones.

Hackers faked Cosmos backend to hoodwink bank out of $13.5m (Register) Researchers dissect methods behind Indian cyber-heist

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety (Threatpost) The Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication.

Wireless Infusion Pumps Could Increase Cybersecurity Vulnerability (HealthITSecurity) Wirelessly connecting infusion pumps to point-of-care medication systems and EHRs improves healthcare delivery but also increases cybersecurity vulnerability.

WhatsApp warns that Google Drive backups are not encrypted (Help Net Security) Android users will soon be able to store their unencrypted WhatsApp backups on Google Drive without the backup being counted toward its storage quota.

Air Canada resets 1.7 million accounts after app breach (Naked Security) Air Canada has been forced to issue a password reset for all 1.7 million users of its Android, iOS and BlackBerry mobile app after up to 20,000 accounts were compromised by hackers last week.

Alaska Airlines Case Study In Managing A Cyber Attack (Defense Daily Network) Alaska Airlines closed its acquisition of Virgin America in December of 2016. The next month, the Seattle-based airline had been hacked.Alaska discovered a

Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum (BleepingComputer) A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum.

Website of Rapper Cardi B Littered with Spam (Infosecurity Magazine) Soccer-fan spammers target Cardi B’s website with fake videos, links, and photos.

And you you thought you were safe behind your laptop screen… (Naked Security) Modern LCD screens don’t spew out electronic emissions like the old “tube” displays – but apparently they make telltale noises instead.

Mapbox CEO says the map calling New York City ‘Jewtropolis’ has been 100% fixed, was ‘human vandalism’ (TechCrunch) Mapbox, the mapping startup that competes with the likes of Google Maps and Here to power location services on apps like Snapchat and Foursquare, says that a version of its New York map calling the city ‘Jewtropolis’ was an act of human vandalism that has now been removed across the hun…

Google Blames Users For Renaming Senate Office Building After John McCain (Motherboard) The Russell Senate Office Building appeared as the McCain Senate Office Building on Google Maps Wednesday.

Security Patches, Mitigations, and Software Updates

Instagram’s New Security Tools are a Welcome Step, But Not Enough (KrebsOnSecurity) Instagram users should soon have more secure options for protecting their accounts against Internet bad guys.

Cyber Trends

Firms Failing on Crucial Machine Identity Management (Infosecurity Magazine) Venafi warns of a coming security storm

The State of IoT Security (Dark Cubed) The threat of in-home smart (IoT) devices – like smart light bulbs, thermostats, power outlets, and security cameras – being hacked and controlled by botnets has been researched and documented extensively, but we wanted to explore the level of risk they pose during their everyday operations, as designed and delivered out of the box.

Trend Micro Report Reveals Criminals Increasingly Drawn To Low-Profile Attacks (Financial Post) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released its Midyear Security Roundup 2018, revealing that cybercriminals are moving away…

Do Executives and Cybersecurity Pros Agree on Today’s Biggest Cyber Threats? (Varonis Blog) Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity? We asked 345 C-Suite executives and cybersecurity/IT pros in the U.S., U.K., France and Germany some questions to find out. Dreading Data Loss: What are Executives’ Top 3 Cybersecurity Concerns? Corporate executives share the same concerns…

Report: Nearly Half of Security Professionals Think They Could Execute a Successful Insider Attack on Their Organization (Blog | Imperva) As potential threats and entry points into organizations’ databases keep growing, so does the amount of money folks are throwing at detecting and actioning insider threats.

Protecting blind spots — or, the search for security's next big thing (SC Media US) Blind Spots, or unseen dangers, are an inevitable fact of life. This is particularly true in the cybersecurity industry. This is because it's simply imposs

Few Execs Believe Healthcare IT Security Tech Will Be Disruptive (HealthITSecurity) Only 7 percent of executives surveyed by Reaction Data believe that healthcare IT security technology will have a significant disruptive impact on healthcare.

New research shows impact of GDPR on global spam levels (Silicon Republic) Many security researchers feared that the advent of GDPR would create a spam deluge, but has this really happened?

Former UK Cyber Boss: Big Change Unlikely Before ‘Highly Destructive Attack’ (MeriTak) John Noble, former director of the National Cyber Security Centre in the United Kingdom, took a pessimistic view on the future of cybersecurity during a BeyondTrust webinar on Wednesday.

4 Benefits of a World with Less Privacy (Dark Reading) The privacy issue is a problem for a lot of people. I see it differently.

Marketplace

Google denies Trump’s claim that it did not promote his State of the Union address (TechCrunch) Google is pushing back against a claim by Donald Trump that the search engine stopped promoting State of the Union livestreams on its homepage after his presidency began. Trump’s claim came in the form of a tweeted video, which was still pinned to the top of his profile when this post was published…

ZTE Back in the Game, Seeking Trust & 5G Deals (Light Reading) But the road ahead looks steep, despite domestic support and opportunities.

Could Japan Also Bar Huawei, ZTE? (Light Reading) Or are we into FUD territory?

Huawei requests FTC hearing to fight U.S. national security ban (VentureBeat) Banned by the United States and Australian governments with a similar lockout looming in South Korea, embattled Chinese 5G hardware maker Huawei has asked the U.S. Federal Trade Commission (FTC) fo…

VMware Pledges to Reduce Cybersecurity Costs (Security Boulevard) VMware, at this week's VMworld 2018 conference, signaled its intention to reduce dramatically the number of products and technologies required to secure VMware has signaled its intention to reduce dramatically the number of products and technologies required to secure an IT environment.

Check Point gets a fifth-generation snub from Wikipedia (iTWire) Security companies regularly hype the dangers of operating online in order to scare the bejesus out of ordinary people – that's nothing new. But when...

Defense contractor Booz Allen Hamilton to add 200 jobs in Cumberland (WRAL.com) National defense contractor Booz Allen Hamilton Inc. plans to expand its operations to Cumberland County over the next five years, adding more than 208 jobs to the Fayetteville area in exchange for more than $2 million in state and local incentives.

Products, Services, and Solutions

SnapLogic eXtreme accelerates cloud data lake initiatives (Help Net Security) SnapLogic eXtreme provides a serverless, cloud-based runtime environment for data transformations to enterprise customers.

Veeam Intelligent Data Management combines with Cisco HyperFlex to deliver new Availability solution (Help Net Security) Veeam Availability Platform on Cisco HyperFlex provides scalability, ease of management, and support for multi-cloud environments.

Managed Methods Partners With Cylance for Enhanced Endpoint Protection for Cloud Applications (PRNewswire) Managed Methods Inc., the leader in API-based cloud application security solutions, today announced a product partnership with Cylance, the global provider of AI-driven, prevention-first security solutions.

In a Push to Enter IoT Market, Check Point Develops a Mini-Firewall (CTECH) CEO Gil Shwed has repeatedly stated that the next generation of cyber attacks—and consequently, the next demand for security products—will focus on Internet of Things

Data61 uses IBM Blockchain for Australian smart legal contracts network (ZDNet) The Australian National Blockchain will allow local companies to use digitised contracts, exchange data, and confirm the authenticity and status of legal contracts.

This is Google’s Titan security key (TechCrunch) Google isn’t one to shy away from bold claims. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told TechCrunch. And it’s probably true. Think of a security key as like a two-factor authentication code that&#…

Technologies, Techniques, and Standards

The Army is testing deceptive cyber technology despite past struggles (Fifth Domain) The Army is testing methods to trick attackers into believing that they have compromised a network, but experts both inside and outside government warn that the idea has struggled to go from concept to reality.

ARCYBER Chief Seeks Convergence Between Cyber, Electronic Warfare (Executive Gov) Lt. Gen. Stephen Fogarty, commander of U.S. Army Cyber Command, has said he wants to rename ARCYBER

Why You Need a Physical Vault to Secure a Virtual Currency (WIRED) Cryptocurrency exchange Coinbase stores its customers' bitcoin offline, using an elaborate process that breaks apart encryption codes and stores them on paper.

Fostering A Culture Of Cybersecurity (Forbes) There are a few key principles to keep in mind when attempting to effectively promote a cybersecurity culture at your company.

How to improve security without treating your users like criminals (TechRepublic) Strong security controls will protect your organization, but they may also hinder or annoy users. Here's how to walk the line between security and user accessibility.

Design and Innovation

Listening Watch sounds out security idea with websites that listen (Naked Security) Listening Watch, a project based on earlier work by researchers Prakash Shrestha and Nitesh Saxena, uses the power of sound to log you into your favourite websites.

Research and Development

Germany, seeking independence from U.S., pushes cyber security... (Reuters) Germany announced a new agency on Wednesday to fund research on cyber security and to end its reliance on digital technologies from the United States, China and other countries.

Raytheon developing system that lets artificial intelligence explain itself (Yahoo) Under the Defense Research Project Agency's (DARPA) Explainable Artificial Intelligence program (XAI), Raytheon (RTN) BBN Technologies is developing a first of its kind neural network that explains itself. The XAI program aims to create a suite of

FBI Looking For Tech to Foil Fingerprint Obliteration (Nextgov.com) The FBI wants artificial intelligence tools that can ID people with burnt, cut or otherwise altered fingerprints.

Academia

Cornell offers more crypto classes than any other top university in the world (Quartz) The Ivy League university runs 28 courses on cryptography, cryptocurrencies, or blockchain.

Legislation, Policy and Regulation

Trump’s Secret Order on Pulling the Cyber Trigger (Lawfare) Decision Responsibility, Legal Secrecy, and Congress’s Options.

The cyber Cold War: Russian and US security systems draw new lines on the map (Army Technology) Splinternet. Cyber-balkanisation. Military digital complex. Unprecedented scenarios demand new language to describe them. So it is with the battle for...

What went wrong with Israel's cybersecurity agency (Haaretz) More than three years after it was established, former key officials and other sources describe a government body has lost its focus

Aussie channel reacts to leadership change at the top (ARN) Scott Morrison was sworn in last week but days of politically instability leading to his appointment has created uncertainty among businesses.

Not having a dedicated cyber minister is ‘foolhardy’: Forcepoint boss (CIO) The Australian government cannot underestimate the importance of cyber security threats and it would be ‘foolhardy’ not to appoint a cyber tsar at some point, says Forcepoint’s US-based CEO, Matthew Moynahan.

How the Saudis made Canada the loneliest country in the world (Haaretz) Western leaders wooing Saudi money aren’t going to nag the crown prince about Riyadh’s executions of human rights activists

Opinion | Is Saudi Arabia Really So Angry at Canada Over a Tweet? (New York Times) Crown Prince Mohammed bin Salman is attempting to transform his country. The West shouldn’t undermine him.

DHS Official: NRMC Is ‘Long Game’ in U.S. Cyber Defense (MeriTalk) Matthew Travis, deputy undersecretary of the Department of Homeland Security’s National Programs and Protection Directorate (NPPD), said today that DHS’s recently-established National Risk Management Center (NRMC) represents the agency’s plan to play “the long game” in defending U.S. critical infrastructure sectors from attacks.

NPPD builds on reorg momentum in renewed pitch for name change (FederalNewsRadio.com) Building off the momentum of launching its National Risk Management Center last month, the Department of Homeland Security has renewed its pitch to Congress to approve an agency reorganization that would streamline DHS' cybersecurity functions.

US Government Takes Steps to Bolster CVE Program (BleepingComputer) The US government is taking steps to fix the Common Vulnerabilities and Exposures (CVE) system that's been plagued by various problems in recent years.

Secure Elections Act sponsors say bill is 'moving,' but its destination remains uncertain (Inside Cybersecurity) The future of the bipartisan Secure Elections Act remains unclear, as its Senate sponsors insist the bill is “moving” and Rules Committee members say they continue to discuss ways to improve it -- a week after the indefinite postponement of a markup seemed to doom the measure for the year.

The agency created to protect elections is broken (Yahoo News) The mission of the Election Assistance Commission — the nation’s first federal agency created to oversee elections at every level of government — has never been clear, and more than 15 years later, critics say the agency has succumbed to the whims of partisan operatives.

4 ways Trump could go after Google (Washington Post) Trump has policy options, but they're all rather limited.

Why Google Is the Perfect Target for Trump (WIRED) A line-by-line breakdown of the president's recent tweets reveal why Google is his most convenient target.

Why It Is Time For a U.S. Cyber Force (Center for International Maritime Security) By Dave Schroeder and Travis Howard The proposal to create a U.S. Space Force has cyber professionals wondering about the government’s national security

How should we regulate facial recognition? We asked the experts (The Verge) Facial recognition is everywhere — airports, police stations, and built into the largest cloud platforms in the world — but there are few federal rules about how it can be used. Is it time to change that?

Congressman Ro Khanna’s cyber security roundtable - streaming link and observations (Control Global) August 27th, 2018, I participated in US Congressman Ro Khanna’s Cybersecurity Roundtable. The panel was originally to be focused on cyber hygiene. After meeting with Congressman Khanna Sunday morning August 26th, critical infrastructure was added to the agenda. The streaming link for the roundtable is available.

Why pushback on the CCPA is wrong (Help Net Security) Since GDPR was implemented on May 25th, 2018 one big question has been lurking in the U.S.: When will the U.S. Federal Government follow suit?

Litigation, Investigation, and Enforcement

What Europe Can do to Catch Dark Web Criminals (Infosecurity Magazine) Could the Europol dark web investigation team succeed in pinning down underground attackers?

FBI refutes Trump claim that Clinton’s private email server was hacked by China (Ars Technica) After Trump says China "hacked" Clinton's server, FBI says no evidence suggests that.

Cyber attack allegations nothing new: FM (Global Times) China's Foreign Ministry, asked on Wednesday about US President Donald Trump's claim that China hacked the emails of 2016 Democratic presidential candidate Hillary Clinton, said such allegations were nothing new.

Facebook and Twitter executives to testify to Congress next week (Washington Post) Facebook’s Sheryl Sandberg and Twitter’s Jack Dorsey are set to face a fresh grilling on Capitol Hill next week as lawmakers probe Silicon Valley’s efforts to police content online, from political speech to suspected Russian propaganda.

Ex-CIA officer running for Congress says GOP obtained her unredacted personnel file with sensitive information (Washington Post) Republicans say they obtained it through a standard Freedom of Information Act request.

CIA Analyst Turned Candidate Fears She’ll Get Doxxed Next (The Daily Beast) At least 34 intelligence and military veterans are running for House or Senate seats in 2018. And now, there’s a very real risk that their private lives could be exposed.

State Department Visa Analysis System Wasn’t Patched or Scanned for Viruses, Audit Finds (Nextgov.com) Department officials also weren’t tracking who used the system or if they were sharing passwords.

Newbie Hacker Fingered for Monster Botnet (The Daily Beast) Federal prosecutors quietly indicted this 20-year-old, and rival hackers say he’s behind a king-sized botnet. But did he really have the skills to pull it off?

Hacker of celebrity photos gets 8 months in prison (AP News) A Connecticut man who hacked into more than 200 iCloud accounts of Hollywood stars and other people has been sentenced to eight months in prison.

Soldier to Plead Guilty in Trying to Help ISIS (Military.com) A soldier based in Hawaii who is accused of pledging allegiance to ISIS planned to plead guilty Wednesday.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Florida Cyber Conference 2018 (Tampa, Florida, USA, October 10 - 11, 2018) The Florida Cyber Conference has quickly become the “can’t miss” networking event for Florida’s stakeholders in cybersecurity, bringing together a diverse audience from multiple sectors to encourage dialogue, share information, address emerging threats and trends, and promote collaboration. Exhibiting at Florida Cyber Conference 2018 is your opportunity to connect with leaders from across Florida’s cybersecurity community. Meet industry CISOs, CFOs, and CEOs; representatives from government and defense; students; and researchers.

Wild West Hackin’ Fest (Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event even better! As with last year, this IT Security conference promises to be the most hands-on, activity-driven con you can attend! We want this conference to be the most hands-on, activity-driven con you’ve been to yet! Never worked with a JTAG? You will. Never done a single thing with Software Defined Radio? You will. We will be having an SDR village and a hardware hacking village, among some other great events. The skills you learn here will be directly applicable to your job immediately when you get back to work… or home. We listened to your feedback and this year we’re adding even more lab time, so you can go to as many talks as you can fit AND also do all the activities. This Year’s Theme: Mining.

upcoming Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will include five plenary sessions, where senior leaders from the intelligence and national security communities will discuss top priorities, challenges, and assessments of key threats, as well as nine breakout sessions that will examine issues of vital importance to our national wellbeing and the readiness of the intelligence and national security workforce.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community, connections and change. IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes. If you are interested in contributing to the event, your company can sponsor one of the exclusive innovation categories. Contact Sponsors@IncidentResponse.com for more information.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses within government and the private sector. This year's summit, like the previous eight, will bring together leaders from government and industry for a comprehenive look at the challenges of cybersecurity.

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy and security. The conference has a keynote track with top international speakers, and a technical track with cutting edge exploits, demos and presentations. There will be a hacker village, vendor expo, contests, t-shirts, food drinks and a great after party. There is also a Saturday kids' hacker camp running alongside the conference. "A little DEFCON in a corn field!"

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they come together to discuss the impact ISAOs have had on the nation’s security, share lessons learned, and discover the latest in cybersecurity policy. Attendees will gain the knowledge needed to learn how to improve information sharing with keynote addresses by industry experts, senior government, and international thought leaders, presentations on key topics and panel discussions of interest to the Information Sharing community, technology demonstrations from service providers and vendors addressing information sharing challenges. There will be many networking opportunities and exhibits.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.