The CyberWire Daily Briefing 9.21.18

Summary

By The CyberWire Staff

The US has released its national cyber strategy. It puts an emphasis on deterrence, and domestically it's been generally well-received, with favorable comment by experts who worked in the previous Administration: they and others see both continuity and evolution toward a clearer, more active policy in cyberspace. The strategy has four "pillars": "Protect the American People, the Homeland, and the American Way of Life;" " Promote American Prosperity;" " Preserve Peace through Strength;" and "Advance American Influence." Each pillar is explained in terms of specific measures.

The Ministry of Defence and GCHQ are establishing a 4000-person unit to protect the UK against Russian cyber operations.

Tech Bureau Corp disclosed that roughly $60 million in cryptocurrency had been looted from its Tokyo exchange. The hack occurred over two hours on September 14th, was detected on September 17th, and was confirmed and reported to authorities on the 18th. The company had been under some regulatory pressure to improve security; a new investment round, it says, will help it reimburse those who lost alt-coin and tighten safeguards against theft.

Google confirmed yesterday that it had notified some Senators that their Gmail accounts and those belonging to their staffers had been targeted by foreign intelligence services. There's been no public attribution of which intelligence services were involved, but the warning has prompted several Senators to complain that the Office of the Sergeant at Arms has said helping secure personal email accounts (like Gmail accounts) isn't within the scope of its responsibilities. Government accounts, sure, Gmail, no.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Denmark, Estonia, European Union, Germany, Ireland, Japan, Democratic Peoples Republic of Korea, Romania, Russia, Turkey, United Kingdom, United States

Yesterday’s Scorecard Won’t Protect Your From Tomorrow’s Breach

With 56% of global organizations experiencing third party breaches, it’s no surprise that third party risk is the hottest cybersecurity topic. Threat actors will continue to target third parties as long as their vulnerabilities go unchecked. You need a 24x7x365 monitoring solution. Read LookingGlass’ eBook to learn how to build a successful third party risk program, so your organization isn’t left relying on old data to protect your employees, customers, and brand.

On the Podcast

In today's podcast, we speak with our partners at Terbium Labs, as Emily Wilson describes Dark Web exit scamming. Our guest is Tanya Janca from Microsoft, and she tells us about her OWASP DevSlop project.

Sponsored Events

Cyber Security Summits: September 25 in NYC on October 16 in Phoenix (New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Foreign government hackers target US senators, aides’ Gmail (Fifth Domain) On Thursday, Google spokesman Aaron Stein confirmed that his company had notified the Senate targets.

China is a bigger cyber threat than Russia: CrowdStrike CTO (Fox Business) CrowdStrike CTO Dmitri Alperovitch argues every major sector of the economy is being targeted by China.

Thanks NSA! Surveillance Agency Exploit Increases Illegal Bitcoin Mining by 459% (Sputnik) Illegal cryptocurrency mining has increased 459 percent year-on-year in 2018, a report has revealed - and much of the surge is down to software flaws originally identified and exploited by the National Security Agency (NSA).

Magecart claims another victim in Newegg merchant data theft (ZDNet) Updated: Researchers have found another example of Magecart's covert activities only 24 hours after the last incident concerning the prolific hacking group.

New Magecart victims ABS-CBN and Newegg are just the tip of the iceberg (Help Net Security) After Ticketmaster, British Airways and Feedify, two new Magecart victims have been identified: the broadcasting giant ABS-CBN and online retailer Newegg.

Japan hit by another cryptocurrency heist, $60 million stolen (Reuters) Japanese cryptocurrency firm Tech Bureau Corp said about $60 million in digital cur...

Account Takeover Attacks Widespread, Lead to More Efficient Phishing (TechNadu) Account Takecover Attacks are becoming widespread and the victims' emails are then used for spreading phishing campaigns, Barracuda Networks study shows.

Warning issued as Netflix subscribers hit by phishing attack (Naked Security) Netflix phishing scammers are at it again, sending emails that try to steal sensitive details from subscribers.

Multiple Malware Threats for Visitors to Pirate Websites (Informatics from Technology Networks) Over 4 000 files containing malware or potentially unwanted programmes were retrieved from more than 1 000 websites suspected of sharing illegally protected content in an EU-wide research project carried out by the European Union Intellectual Property Office (EUIPO).

Western Digital goes quiet on unpatched MyCloud flaw (Naked Security) Western Digital has failed to patch a serious security vulnerability in its MyCloud NAS drives that it was told about more than a year ago, researchers have alleged.

Unwiped Drives and Servers from NCIX Retailer for Sale on Craigslist (BleepingComputer) Servers and storage disks filled with millions of unencrypted confidential records of employees, customers and business partners of computer retailer NCIX turned up for sale via a Craigslist advertisement.

Bitcoin flaw could have allowed dreaded 51% takeover (Naked Security) The scenario was always hypothetical but the fact such a thing was even possible until this week has left some in the Bitcoin community feeling alarmed.

Unusual IoT Botnet Removes Cryptomining Malware from Devices (Security Boulevard) Security researchers have come across an unusual new botnet that infects Android devices over the debugging interface then searches for and removes Security researchers have come across an unusual new botnet that infects Android devices and then removes cryptocurrency malware.

New Vigilante Botnet Tracks Down and Destroys Crypto Mining Malware (Toshi Times) Botnets in the crypto sphere are almost always associated with illicit activities. The unsuspecting punters usually catch them by visiting shady websites or clicking on a link in a phishing email, which allows the malware to gain entry into the computer. Once inside, the malware hijacks the PC to do some dirty deed, like attacking …

New Documents Reveal Yet Another California Democratic Cyberattack (Rolling Stone) A third California congressional campaign was the subject of a successful hack earlier this year

Cyber Trends

Security data reveals worldwide malicious login attempts are on the rise (Help Net Security) According to the Akamai 2018 State of the Internet / Security Credential Stuffing Attacks report, worldwide malicious login attempts are on the rise.

Security priorities are shifting in response to increased cybersecurity complexity (Help Net Security) The increased complexity of the IT environment is causing organizations to invest more money in cybersecurity and start to focus on security priorities.

Analysis | The Cybersecurity 202: Is the U.S. prepared for another Russia hack? An interview with Greg Miller on his new book (Washington Post) The Post journalist has penned a narrative history of Moscow’s interference in the 2016 election.

Healthcare Workers Uninformed About Cybersecurity Best Practices (HealthITSecurity) Forty percent of healthcare workers would allow a colleague to use their work computer, displaying a disturbing lack of knowledge about cybersecurity best practices.

Triaging modern medicine’s cybersecurity issues (The Parallax) As technology has become the lifeblood of the health care industry, hospitals and patient care clinics are often ill-equipped to confront a Hydra-headed cybersecurity monstrosity.

Marketplace

Air Force Busts Out Credit Cards To Buy High Tech Gear (Breaking Defense) The Air Force can be an “angel investor” for some startups, said Will Roper, the service’s top acquisition official.

Google Says It Continues to Allow Apps to Scan Data From Gmail Accounts (Wall Street Journal) Google said it continues to allow other companies to scan and share data from Gmail accounts, responding to questions on Capitol Hill about privacy and potential misuse of information in users’ emails.

Google Workers Discussed Tweaking Search Function to Counter Travel Ban (Wall Street Journal) Days after the Trump administration instituted a controversial travel ban in January 2017, Google employees discussed how they could tweak the company’s search-related functions to show users how to contribute to pro-immigration organizations and contact lawmakers and government agencies, according to internal company emails.

Moss Adams combines with AsTech to expand cybersecurity consulting services (Moss Adams) Moss Adams announces its combination with AsTech Consulting, a cyberrisk management firm that specializes in application and network security.

ObserveIT Announces Several Deals over $1 Million with Fortune 500 Brands; Names Industry Veteran Dave DeWalt as Vice Chairman of the Board (Odessa American) ObserveIT, the leading insider threat management provider with more than 1,800 customers around the world, today announced continued success as global organizations seek to mitigate the risk posed by insiders. Recent momentum includes several significant Fortune 500 deals and the appointment of NightDragon Security Founder Dave DeWalt as vice chairman of the board of directors.

PacketViper appoints Don Gray as Chief Technology Officer (Help Net Security) In his new role, Gray will be responsible for the development of the PacketViper technology roadmap to help enterprises meet their security requirements.

Alert Logic Names Christopher Rajiah as Senior Vice President of Worldwide Alliances and Partnerships (GlobeNewswire News Room) Rajiah Brings Extensive Partner Experience to Expand Alert Logic’s Global Footprint

Products, Services, and Solutions

New infosec products of the week: September 21, 2018 (Help Net Security) Symantec makes elections more secure with free service to ‘spoof proof’ candidates websites Attracting users to fake websites that contain differences

wolfSSL Announces the First Commercial Release of TLS 1.3 (PRWeb) wolfSSL, a leading provider of TLS cryptography announces the world’s first commercial release of TLS 1.3. With the imminent finalization of the TLS 1.3 draft

CrowdStrike Falcon Receives FedRAMP Authorization (CrowdStrike) The CrowdStrike Falcon on GovCloud is now FedRAMP authorized to streamline the process of delivering comprehensive endpoint protection to federal entities via the cloud.

McAfee expands support for Amazon Web Services with new MVISION ePO on AWS (Help Net Security) McAfee automates management capabilities to identify and respond to threats through its new McAfee MVISION ePolicy Orchestrator on AWS.

Inside the Search Engine That Spots Traffickers, Terrorists and Money Launderers (Nextgov.com) Rooted in DARPA research, the tool shines light on the darkest corners of the internet.

Comodo PositiveSSL – A low cost HTTPS SSL certificate (Tapscape) Did you ever imagine, a one small security negligence may cause a big loss to your online business (Biggest loss $4 Billion – Source). There are many giant companies in the world, who face a significant penalty because of neglecting the importance of online data security. So, what loss these...

Disk Encryption is Smooth and Speedy in BestCrypt By Jetico (BusinessWire) Jetico releases superior disk encryption in BestCrypt Volume Encryption v4 with smoother interface and faster performance to encrypt hard drives.

NSFOCUS Introduces All-in-One Cloud Security Service for Regional Service Providers (Odessa American) NSFOCUS, a leader in holistic hybrid security solutions, announced today its newest cloud security service, Cloud-in-a-Box (CiaB), designed specifically for local and regional service providers across the globe. CiaB enables service providers to quickly deploy cloud security services with minimal expertise and without the upfront costs typically associated with creating a cloud service infrastructure.

SolarWinds Building Two-Tier MSSP to MSP Cybersecurity Partner Ecosystem (ChannelE2E) SolarWinds MSP begins to identify, recruit and empower MSSP partners that can offer threat management and SOC (security operations center) services to smaller MSPs. A two-tier security channel may emerge. Here's how.

Barracuda bundles email security offerings (CRN Australia) Total Email Protection bundle combines three products into a single SKU.

KnowBe4 Ransomware Simulator Now Includes Crypto Mining (GlobeNewswire News Room) Crypto Mining Infection Simulation Added to Show if a Workstation is Vulnerable to Infection

Veristor Partners with Mimecast to Secure Business Email and Data (PRNewswire) Companies Partner to Protect Organizations from the Threat of Email-Based Attacks

WatchGuard Unveils Trusted Wireless Environment Framework to Help Businesses Build Fast, Scalable and Secure Wi-Fi Networks (CSO) New independent report from Miercom reveals most top Wi-Fi solutions can’t automatically detect and prevent all six wireless threat categories

Thales announces advanced security for automotive, FinTech and IoT with new light-weight cryptographic curve support in nShield HSMs (Markets Insider) Thales, a leader in critical information systems, cybersecurity and data security, announces its nShield ha...

Technologies, Techniques, and Standards

AGMA Identifies Digital Authentication as Key Tool in High-Tech Industry’s Fight against Counterfeiting (GlobeNewswire News Room) More Advanced Product Marking Methods Help Even Playing Field with Fraudsters

Why identity verification needs to be a part of your digital transformation strategy (Help Net Security) Smartphones and tablets are an indispensable part of daily life, and consumers expect nothing less than a streamlined mobile experience. With this in

Why does Chrome flag Emsisoft Anti-Malware as incompatible? (Security Boulevard) After Chrome crashes, you may see a popup box warning you that Emsisoft Anti-Malware is an “incompatible application”. Why does this happen and what should you do? The post Why does Chrome flag Emsisoft Anti-Malware as incompatible? appeared first on Emsisoft | Security Blog.

First county buys voting machines under new state standards (AP News) Susquehanna County is the first Pennsylvania county to buy a voting system under new security standards by Gov. Tom Wolf's administration.

Research and Development

DARPA contract aims to design circuits in months, not years (C4ISRNET) DARPA wants to change the game for high-efficiency circuitry.

Academia

Create a safer digital world with a degree in cybersecurity (Study International) Picture a world without the internet. No websites to order our groceries, no way to instantly contact loved ones while away from home, no online banking to

iTWire - Six researchers boycott Dutch conf due to Palantir's sponsorship (iTWire) Two researchers from DATACTIVE, a University of Amsterdam project that examines the politics of big data, and four from the University of Cardiff's Da...

Legislation, Policy and Regulation

German intelligence mulls putting largest Turkish-Islamic group under surveillance (Deutsche Welle) German intelligence is reportedly examining whether to put the Turkish-Islamic umbrella group DITIB under surveillance. The Turkish-state backed DITIB has been at the center of multiple controversies.

Britain to create 2,000-strong cyber force to tackle Russia threat (Sky News) The near four-fold increase in manpower will provide a means of "deterring states that wish to do us harm", say experts.

Protecting process infrastructure from cyber attack (Engineer Live) Some thoughts on what techniques can be employed to improve security

How the EU is building a robust and secure digital environment (Parliament Magazine) Cybersecurity poses a real, serious threat that must be addressed at EU level, says Mariya Gabriel.

National Cyber Strategy of the United States (The White House) My fellow Americans: Protecting America’s national security and promoting the prosperity of the American people are my top priorities.

White House Confirms It Has Relaxed Rules on U.S. Use of Cyberweapons (Wall Street Journal) The White House said Thursday it had rescinded a classified Obama-era memorandum dictating when the U.S. government can deploy cyber weaponry against its adversaries, acknowledging the move for the first time.

John Bolton warns of offensive cyberattacks under new Trump policy (Washington Examiner) President Trump has signed a new National Cyber Strategy document authorizing offensive cyberattacks against foreign targets, the White House announced Thursday.

White House authorizes ‘offensive cyber operations’ to deter foreign adversaries (Washington Post) John Bolton’s remarks come amid mounting concern about attacks on U.S. networks.

Trump’s new strategy calls for more cyber attacks (Fifth Domain) President Donald Trump announced a new national cyber policy that promises more offensive operations, but an expert warns it could have unintended consequences.

Defending Forward: The 2018 Cyber Strategy Is Here (War on the Rocks) Great-power strategic competition, defend forward, and prepare for war: These are the three central tenets of the newly released summary of the 2018

Analysis | The Cybersecurity 202: Trump administration seeks to project tougher stance in cyberspace with new strategy (Washington Post) But some lawmakers note it contains few specifics.

Watchdog worries Trump’s cyber strategy is not cohesive (Fifth Domain) Despite a recent flurry of strategy documents and executive orders, the Trump administration does not have a cohesive national or global cyber strategy, according to a government report.

Applying America’s Superpowers: How the U.S. Should Respond to China’s Informatization Strategy (War on the Rocks) Centuries ago, China led the world in technology innovation. It invented papermaking, printing, the compass, and gunpowder. Yet China failed to exploit

Democrat pushes changes to protect senators’ personal accounts from continued threats (Washington Post) Sen. Ron Wyden (D-Ore.) is trying to expand the Senate Sergeant at Arms’ mandate to provide protection for senators’ and staffers’ personal accounts and devices, as well as their official ones.

Senate can’t protect senators, staff from cyber attacks, Wyden warns (Ars Technica) Senate IT doesn't have authority to protect senators and staffers.

Shanahan: cybersecurity will become new measure for industry (Fifth Domain) The deputy secretary of defense says industry needs to take responsibility for their own information security.

DelBene Introduces Legislation to Regulate Consumer Privacy (U.S. Congresswoman Suzan Delbene) Today, Congresswoman Suzan DelBene introduced a bill that would change the way consumers' personal, private information is protected. Her legislation has received valuable input from both consumer advocacy groups and tech companies, and is cosponsored by Congressman Hakeem Jeffries (D-NY).

California may ban terrible default passwords on connected devices (Engadget) A proposed law could force smart device manufacturers to shore up security.

SEC: Christopher Hetner, Senior Advisor To The Chairman For Cybersecurity Policy, To Leave The Agency (Mondo Visione) The Securities and Exchange Commission today announced that Christopher R. Hetner, Senior Advisor to Chairman Jay Clayton for Cybersecurity Policy, plans to leave the agency. Mr. Hetner will remain in the Chairman's Office during the identification of and transition to his successor.

Litigation, Investigation, and Enforcement

U.S. Blacklists 33 Russians, Companies Linked To Military, Intelligence Agencies (RadioFreeEurope/RadioLiberty) The U.S. State Department said it was blacklisting nearly three dozen Russian people and companies with ties to military and intelligence agencies, in its latest effort to punish Moscow for “malign activities.”

Moscow Criticizes New U.S. Sanctions On Firms Linked To Russian Military, Intelligence (RadioFreeEurope/RadioLiberty) Russia's Deputy Foreign Minister Sergei Ryabkov has criticized the latest sanctions imposed against Russian firms and individuals by the United States, saying the move has increased tensions between Moscow and Washington and has "thoughtlessly" stirred up "global instability."

U.N. Report Details How North Korea Evades Sanctions (Foreign Policy) But a feud between Russia and the U.S. has kept the document from being published.

Abandoned IT Integration Linked to Danske Bank Failures (Wall Street Journal) The billions that flowed through the Estonian branch of Denmark’s largest bank may have slipped past risk analysts in part because the lender in 2008 dropped plans to integrate the branch into its group-level information technology platforms.

ICO levels first ever GDPR fine against AggregateIQ (Computing) The company has 30 days to audit its data practises, or face the maximum £17 million fine

NSA curbs spying after security breach (POLITICO) Feds ask for eight-year sentence for ex-NSA computer engineer who worked in unit targeting foreign computers.

NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO (Dark Reading) Suit underscores longtime battle between vendors and labs over control of security testing protocols.

NSS Labs Sues CrowdStrike, Symantec, ESET, AMTSO for Alleged Testing Conspiracy (BleepingComputer) NSS Labs has filed an anti-trust law suit against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization (AMTSO) over an alleged conspiracy to prevent independent testing companies from performing unbiased reviews of security software.

Silk Road suspect Gary Davis in talks with US prosecutors over plea deal (Times) An Irish man being held in New York accused of helping to run Silk Road, the dark web black market, has begun negotiations with prosecutors on a plea deal. Gary Davis, 29, was extradited to the...

Romanian woman pleads guilty in D.C. police camera ransomware attack before 2017 Trump inauguration (Washington Post) Attack on police servers exposed Romanian financial and computer fraud ring

Man who shared Deadpool movie on Facebook faces 6 months in jail (Naked Security) US government recommended six months behind bars. That’s one month for every million people that viewed a part of the pirated movie, apparently.

Algorithms in the justice system: Should computers decide our fate? (Computing) James Kitching, Solicitor - Corporate, Coffin Mew, examines the phenomenon of decisions being made by machines in the justice system

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique needs and current challenges faced by enterprise cyber security leaders. A CISO’s role requires hands-on technical knowledge and understanding of security tools, techniques, and procedures combined with the need to manage up, down, and across the organization. This summit is the perfect platform for leaders to share information, gain insight and develop next-level strategy. Information security executives from across the country will come together for 2 days of peer breakouts and networking to answer the toughest questions facing them today.

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX education program led by ASIS, InfraGard, and ISSA subject matter experts consists of 300+ sessions, each designed to deliver valuable, actionable takeaways to help shape your security strategy—today and in the future.

Merging of Cyber Criminal and Nation State Techniques: A Look at the Lazarus Group (Loudon, Virginia, USA, September 24, 2018) This presentation on North Korea's Lazarus Group as a case study of the convergence of organized cyber crime and nation-state intelligence services will be led by Allan Liska, a solutions architect at Recorded Future. Allan has more than 15 years experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address the unlimited risks surrounding billions connected “things”, Connect Security World 2018 unites Digital Security experts and IoT developers to securely develop, deploy and manage devices & services at IoT scale. In its 7th edition, this technical conference will cover the latest secure technologies stemming from cryptography to strategies and methods to minimize risks and enable successful implementations of end-to-end security – knowing that security is never perfect and no unique security solution (HW, SW…) can fit all levels of protection.

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to discuss network and capability modernization efforts aimed at combating the diverse cyber threats to US National Security. The agenda will focus on defensive and offensive cyber operations as well as the technological capabilities needed by our forces to ensure they can defend American interests in all domains. Lastly, the event will feature two panels: one on protecting our Nation’s intricate critical infrastructure and one on securing the DoDIN.

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout industrial infrastructure and have many military applications. Recent high-profile attacks on these systems have demonstrated ICS’ vulnerabilities and inspired debate about the practical and political means of defending the industrial base against malicious actors. Hack the Capitol will include demonstrations, hands-on learning, and policy conversations tailored toward a non-technical audience. Interact with ICS, including Human Machine Interfaces and Actuators and learn about the threats these components face. The event will provide hands-on education and awareness to members of the public, as well as to Congress, think tanks, and the press. This is a truly unique event that will raise awareness of our nation’s challenges with critical infrastructure and provide kinesthetic learning at multiple levels.

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content is strictly prohibited and there is no vendor exhibition to distract from opportunities, allowing delegates to focus on professional innovation.

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows the Standard of Practice approach in addressing issues surrounding influence operations, infrastructure protection, and surveillance.

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first two days of the summit. These courses offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts. The guest keynote, on economy and cybersecurity in the 21st Century, will be delivered by former US Secretary of State Madeleine K. Albright.

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference is organized by R-CISC, the retail ISAC.

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO which incorporates Cyber Security X, Developer X, AI-Analytics X, Internet of Things X and Blockchain X.

Borderless Cyber USA 2018 (Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across the globe will gather at Borderless Cyber to exchange ideas and learn about cybersecurity strategies that work. Conference attendees will be provided the opportunity to network with cyber leaders, compare experiences and learn about the latest threat intelligence sharing tools and techniques.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.