The CyberWire Daily Briefing 9.25.18

Summary

By The CyberWire Staff

According to reports in Deutsche Welle, Iran accused Saudi Arabia, the United Arab Emirates, and the United States of complicity in Saturday's terrorist attack on a military parade. The UAE called the allegations "baseless," the US said Iran should look to itself for the explanation, and Saudi Arabia said nothing.

The United Nations has suffered a data exposure incident. Last month a researcher found ways of accessing the UN's Trello tool, where he found ways into the UN's Google Docs and Jira pages. A range of sensitive information was exposed. The researcher disclosed his findings to the UN, but world body took notice only after the Intercept broke the story.

ESET found that the Kodi media platform is being successfully exploited by cryptojackers.

It's now six months since the city of Atlanta was hit with ransomware, and the city says the incident is now "over." But there's a sour taste in Georgia mouths—the local CBS affiliate reports that the city doesn't know who hit them, what they hit them with, or how much they've had to spend to fix things.

The SHEIN fashion retailer sustained a data breach in which records belonging to some 6.4 million customers were exposed. The incident happened in June, but SHEIN discovered it only late last month.

The US has announced a national strategy for "Quantum Information Science." Major companies meeting at the White House to discuss the strategy include JPMorgan Chase, IBM, and Google.

Mathematician Michael Atiyah says he's proved the Riemann hypothesis.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, European Union, Germany, Iran, Montenegro, Netherlands, Norway, Russia, Saudi Arabia, Switzerland, United Arab Emirates, United Kingdom, United Nations, United States

Is your company passionate about empowering women to succeed in the cyber security industry?

The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.

On the Podcast

In today's podcast, we speak with Johannes Ullrich from the SANS ISC Stormcast podcast with warnings of post-hurricane scams. Our UK correspondent Carole Theriault explores overly complex online terms and conditions, and speaks with AXEL, a company that’s chosen a different way. Their CMO Jeremy Forsberg discusses their approach.

And if you haven't checked out Recorded Future's podcast, produced in cooperation with the CyberWire, you may do so here. The current episode features another interview with Dr. Johannes Ullrich, Dean of Research at the SANS Institute. He's also the researcher behind the SANS Internet Stormcenter's Stormcast.

Sponsored Events

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

CyberMaryland Job Fair on October 9 in Baltimore, MD. (Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Iran threatens Saudi Arabia after Iran parade attack (Deutsche Welle) Tehran has blamed Saudi Arabia, the UAE and the US for acting from the shadows in the terror attack on a military parade in Ahvaz. Will Iran retaliate with military action as threatened — or is it just posturing?

US tells Iran to 'look in the mirror' after Rouhani blames it for Ahvaz attack (Deutsche Welle) The exchange follows threats from Iran's Revolutionary Guards to avenge the assault on a military parade. Iran-US ties have worsened after President Donald Trump renewed sanctions on Tehran over its nuclear program.

United Nations Accidentally Exposed Passwords and Sensitive Information to the Whole Internet (The Intercept) A security researcher discovered private data lurking on 60 Trello boards belonging to the United Nations. Sensitive information was also found in public Google documents.

United Nations WordPress Site Exposes Thousands of Resumes (BleepingComputer) Disclosure vulnerabilities in a web app from the United Nations leave open to public access CVs from job applicants and the organization failed to plug the leak despite receiving a private report on the issues.

U.N. security blunder left secret Trello boards, Google Docs exposed (Digital Trends) Secretive documents related to the United Nations were left vulnerable to unauthorized access by anyone who stumbled upon the right link, after Trello, Jira, and Google Docs accounts were left improperly configured by staffers.

Hacking for Cash (Australian Strategic Policy Institute) Is China still stealing Western IP?

How China is driving Australia and Trump into each other's arms (The Sydney Morning Herald) Before he announced Australia's decision to shut China out of its 5G network, Malcolm Turnbull wanted to tell Donald Trump.

New CVE-2018-8373 Exploit Spotted in the Wild (TrendLabs Security Intelligence Blog) We spotted another exploit, possibly in the wild, that uses the CVE-2018-8373 vulnerability. This exploit doesn't work on systems with updated Internet Explorer versions.

Cybercriminals Target Kodi Media Player for Malware Distribution (Threatpost) A recent cryptomining campaign shows criminal ingenuity.

Adwind Trojan circumvents antivirus software to infect your PC (ZDNet) A spam campaign spreading the RAT uses a number of tricks to fool signature-based antivirus solutions.

Apple MacOS Mojave zero-day privacy bypass vulnerability revealed (ZDNet) The latest update of the Mac operating system is expected to hit today -- potentially alongside a zero-day bug which circumvents OS privacy controls.

New Mozilla Firefox Attack Causes Desktop Version to Crash (BleepingComputer) A new attack has been created that can crash or freeze the Mozilla Firefox desktop browser simply by visiting a web page that contains an embedded JavaScript script.

How to Protect Your Paycheck: FBI Issues Credential Phishing Alert as Attackers Target Direct Deposits (Proofpoint) Last week the FBI issued an alert warning organizations that cybercriminals are actively using phishing emails to steal consumer log-in credentials for their online payroll accounts. At Proofpoint, we’ve seen this type of attack for a few years now, and unfortunately, all it takes is one credential phishing email to compromise an employee login.

SHEIN fashion retailer announces breach affecting 6.42 million users (ZDNet) Hack took place somewhere in June, but the company only discovered the breach in late August.

Reddit's Largest Pro-Trump Subreddit Appears To Have Been Targeted By Russian Propaganda For Years (BuzzFeed News) A handful of articles from websites with connections to Russia's infamous troll factory have been shared thousands of times on /r/The_Donald.

Fusion Center Report: US Midterm Elections 2018 Situational Awareness (EclecticIQ) The Midterm Elections in the US are due to take place on 6th November 2018. In light of allegations of interference in previous campaigns, this report will focus on risks and identified activity that may be occurring to influence the result of the elections.

Merrill: Voting machines secure, despite Russian interference (The CT Mirror) Connecticut’s secretary of the state and two U.S. senators said Monday that Russian attempts to influence U.S. elections are real, but that the state’s counting and reporting of results are conducted off line and therefore resistant to hacking.

Beware of Hurricane Florence Relief Scams (KrebsOnSecurity) If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.

AdGuard adblocker resets passwords after credential-stuffing attack (Naked Security) AdGuard has taken the decision to reset all user accounts after suffering a credential-stuffing and brute-force password attack.

Users fret over Chrome auto-login change (Naked Security) Users were complaining this week after discovering they’d been logged in to Google’s Chrome browser automatically, after logging into a Google website.

5 Notable Security Incidents that Recently Affected Federal Entities (Security Boulevard) Digital attackers have a history of targeting public sector organizations. For its 2018 Data Breach Investigations Report (DBIR), Verizon Enterprise tracked 22,788 security incidents that affected the public sector. Data disclosure occurred in 304 of those events; digital espionage via phishing or the use of a backdoor served as the most common pattern.

City of Atlanta: Cyber attack 'over' (WGCL-TV | CBS 46) Six months later we still don't know who hacked us, the final price, what safeguards have been implemented or what was permanently lost.

Security Patches, Mitigations, and Software Updates

Cisco: We've killed another critical hard-coded root password bug, patch urgently (TechRepublic) This time a 9.8/10-severity hardcoded password has been found in Cisco's video surveillance software.

Motorola Solutions adds new features to Ally cloud-based security software (Help Net Security) Motorola Solutions new features for Ally, its cloud-based security platform, enable communication and real-time information-sharing for security teams.

Cyber Trends

Why the market for zero-day vulnerabilities on the dark web is vanishing (Fifth Domain) The market for zero-day exploits on the dark web has all but dissipated in the past few years thanks to unexpected events.

2018 Payment Security Report (Verizon Enterprise Solutions) Don't let your payment security let down your customers. Read this year's report from Verizon for the insights you need to drive PCI compliance.

Extortion, the Cloud, and the Geopolitical Landscape - Black Hat 2018 Survey Results (AlienVault) At Black Hat 2018, we surveyed attendees on diverse topics ranging from how to react to extortion, what impact the geopolitical landscape is having on the industry, and whether the shiny veneer of the cloud is beginning to fade. Our Security Advocate, Javvad Malik, has put together an excellent report on the survey. The report is based on our survey at the AlienVault booth of 963 participants at Black Hat 2018 and interviews with security experts. Read the whole report by Javvad.

Smart homes, dumb devices: Making the IoT safe (Help Net Security) IoT devices are often left forgotten. Much like a rotten door somewhere on the furthest side of a big house, they become an easy entry point for hackers.

Marketplace

Former Symantec boss takes over the Defense Innovation Unit (Defense News) Michael Brown spent two decades running companies in Silicon Valley, eventually rising to CEO of Symantec, one of the largest software companies in the world, with annual revenues of $4 billion and more than 10,000 employees.

France records big jump in privacy complaints since GDPR (TechCrunch) Another European data protection agency has reported a sharp rise in the numbers of complaints since the EU updated its privacy framework four months ago, when GDPR came into force, updating regional data protection rules and introducing much higher penalties for privacy violations. France’s …

Instagram founders resign six years after $1bn Facebook sale (The Telegraph) The co-founders of Instagram have stepped down from the photo sharing app, six years after it was acquired by Facebook for $1bn (£760m).

Why Instagram’s founders are resigning: independence from Facebook weakened (TechCrunch) Facebook promised Instagram autonomy, but reduced it over time leading to today’s bombshell revelation. Eight years after launching Instagram and six years after selling it to Facebook, Instagram co-founders CEO Kevin Systrom and CTO Mike Krieger are leaving the company, according to The New …

Facebook’s plan to let companies it buys live independently is over (TechCrunch) Mark Zuckerberg was quick to realize that Facebook, the largest social network in the world, doesn’t have a monopoly on all users nor can it bank on holding its position as top dog forever. Thus he instituted a policy of buying up promising rivals and integrating them into the Facebook &#8216…

Raytheon wins cybersecurity contract in Mideast (Trade Arabia) US-based Raytheon, a technology and innovation leader, has been awarded a multi-year contract for cybersecurity solutions and training, knowledge transfer and operational and support with a new government customer in the Mena Region.

Snyk raises $22M on a $100M valuation to detect security vulnerabilities in open source code (TechCrunch) Open source software is now a $14 billion+ market and growing fast, in use in one way or another in 95 percent of all enterprises. But that expansion comes with a shadow: open source components can come with vulnerabilities, and so their widespread use in apps become a liability to a company’…

Canberra cybersecurity software vendor ArchTIS debuts on the ASX (CRN Australia) ArchTIS will trade under "AR9".

Sydney security vendor Covata's "frustrating and unrewarding" Cisco software licence agreement cut short (CRN Australia) Ending a "frustrating and unrewarding relationship" for Covata.

When and Why an Agency CISO Should Consider Parting Ways With a Cyber Contractor (Nextgov.com) Contractor turnover rate increasing—is it time for your agency to part ways too?

Cyber security legend Ken Xie slams Fortinet's rivals Cisco and Juniper's attempts to buy success (Financial Review) Ken Xie founded Fortinet in 2000, and the cyber security company is now worth $US14.5 billion. He says rivals like Cisco are trying to buy market share rather than innovate.

SlashNext Board Appoints Palo Alto Networks Co-Founder Dave Stevens as Executive Chairman | SlashNext (SlashNext) Security Industry Heavyweight & VC Investor Joins SlashNext from Previous Leadership Roles at Brocade and Nortel

Security Industry Veteran Pat Comunale to Receive 2018 George R. Lippert Memorial Award | Security Industry Association (Security Industry Association) SIA has selected Pat Comunale, former president of global security solutions at Anixter, as the 2018 recipient of the George R. Lippert Memorial Award.

So happy to join the StackRox Family · StackRox: Security built in (StackRox) Security industry veteran Kamal Shah joins StackRox as new CEO

Products, Services, and Solutions

Ivanti Patch for SCCM Reduces Data Breach Risks with Vendor-Agnostic Support for Vulnerability Management Solutions (Ivanti) Bridging the Gap Between Security and Operations Teams, Ivanti Patch for SCCM Reduces the Time Spent Finding, Prioritizing, and Patching System Vulnerabilities

LogPoint disrupts enterprise SIEM market with improved intelligence, cutting incident response times in half (LogPoint) LogPoint SIEM 6.5 with UEBA 2.0 leverages advanced analytics to significantly reduce analyst workload and improves overall operational efficiency

Barracuda bundles email security offerings (CRN Australia) Total Email Protection bundle combines three products into a single SKU.

Yubico launches YubiKey 5 Series, the multi-protocol security keys supporting FIDO2 (Help Net Security) The YubiKey 5 Series provides defense against phishing and account takeovers, enables compliance for authentication, and reduces IT costs.

Code42 Forensic File Search delivers visibility to file movement across cloud services (Help Net Security) Code42 has extended the investigation capabilities of its Code42 Forensic File Search product for Google Drive and Microsoft OneDrive.

ID R&D announces biometric authentication for messaging platforms (Help Net Security) ID R&D’s SafeMessage offers multi-layer authentication across messaging platforms without any impact to the user experience.

Verint strengthens fraud reduction and improves investigations for financial institutions (Help Net Security) Verint solutions help financial institutions proactively analyze fraud, expedite investigations and find solutions to resolve critical threats.

Verizon Digital Media Services adds managed security services to its Cloud Security Solution (Help Net Security) The managed cloud security component provides access to security professionals who monitor and take corrective action against the security threats.

empow Adds Native UEBA Functionality to Become First SIEM to Automatically Detect and Respond to Threats Across the Entire Cyber Kill Chain (empow) empow’s native artificial intelligence, natural language processing and cause-and-effect analytics now ingest user and account activity logs to correlate all data source types covering all stages of the attack lifecycle.

Alert Logic Report Reveals New Killchain Efficiencies and Cyber-Attack Automation that Give Attackers Unprecedented Advantage (Alert Logic) New Tactics Subvert Traditional Security Measures and Indiscriminately Strike Organizations of All Sizes

Ricoh Group enhances global security with Pulse Secure Enterprise Suite deployment (GlobeNewswire News Room) 97,000 employees across 200 countries benefit from Secure Access

How Bro IDS can Help Security Capture Institutional Knowledge for... (Bricata) A presentation at BroCon will demonstrate how Bro IDS can be used to capture institutional knowledge among security analysts while also providing better network traffic analysis and preparing for machine learning applications of the future. #bro #ids #opensource

Siemplify Harnesses Machine Learning for Smarter Security Operations (Siemplify) Siemplify security orchestration version 4.25 is here, harnessing machine learning for enhanced security operations management.

Qualys Introduces Assessment and Monitoring for the CIS Microsoft Azure Foundations Benchmark (Qualys) New extension of Qualys’ Cloud Security Assessment (CSA) helps organizations leveraging Microsoft Azure to build security into DevOps initiatives

Qualys Delivers Security Built into Microsoft Azure’s Hybrid Cloud (Qualys) Seamless integration delivers single-pane-of-glass view across Microsoft Azure and Azure Stack

Optiv Security Announces SecurePayment@Optiv to Drive Holistic and Risk-Centric Security Across the Entire Payment Lifecycle (Optiv Security) Optiv Security announced SecurePayment@Optiv, an integrated portfolio of services and technologies that enables organizations to move beyond basic Payment Card Industry Data Security Standard (PCI DSS) compliance so they can implement comprehensive, risk-centric security across the entire payment lifecycle.

Technologies, Techniques, and Standards

Are you ready? A good incident response plan can protect your organization (Help Net Security) It’s important to draw up the incident response plan in advance of any cybersecurity crisis and to maintain it over time to ensure it is properly updated.

In this election security drill, Massachusetts cops battle hackers to protect the vote - Cyberscoop (Cyberscoop) With just weeks until the midterm elections, police in Massachusetts gathered last Thursday to practice responding to cyberattacks from an adversary bent on disrupting the democratic process.

Let’s face it, users should never be the last line of defense in cybersecurity (The Next Web) Users have walked a very insecure tightrope for decades, clicking on links and opening untrusted attachments. It's time we removed users from the frontline.

Employers overlook a key ally in preventing cyberattacks: HR departments (Employee Benefit News) As the number of incidents rise, human resource managers can play a major role in helping prevent a breach.

There's No Longer Any Excuse For Not Using a Password Manager (Motherboard) Autofill passwords on Android and iOS 12 means that "I'm lazy" is no longer an excuse for not using LastPass or 1Password.

Which NFL Teams Have the Best Cyber Defense? (Panorays) With football season just around the corner, Panorays decided to test the strength of NFL teams’ cyber defenses.

Design and Innovation

White House launches strategy to lead world in quantum (CIO) The White House yesterday launched a national strategy for Quantum Information Science (QIS) in a bid to secure global leadership in “the next technological revolution”.

Google, JPMorgan Chase & Co, IBM, Other Key Companies To Attend White House Quantum Computing Meeting (The Inquisitr) Quantum computing ‘will enable us to predict and improve chemical reactions, new materials and their properties, as well as provide new understandings of spacetime and the emergence of our ...

Linux developers adopt proper Code of Conduct (CRN Australia) To replace brief, loose, ‘Code of Conflict’.

Microsoft punts passwords, LinkedIn contacts to Outlook (CRN Australia) New certification types coming soon too.

Why security products should be more actionable for users (Help Net Security) All security companies - whether they are just starting or are already entrenched - should strive to make their products more actionable for the users.

To attract developers, Navy looks to highlight its ‘cool’ problems (C4ISRNET) HACKtheMACHINE seeks to court non-traditional organizations to help solve Navy problems.

Research and Development

A Mathematician May Have Just Solved a 160-Year-Old, $1 Million Problem (Motherboard) This isn’t the first time Michael Atiyah has claimed to crack a big math problem and never followed up the claims with publication, however.

Artificial Intelligence Has a Strange New Muse: Our Sense of Smell (WIRED) The brain's way of processing smells is inspiring scientists to rethink how we design machine learning algorithms.

Researchers develop invisibly thin spray-on antennas (Help Net Security) Drexel researchers develop spray-on antennas that perform as well as those being used in mobile devices, wireless routers and portable transducers.

Academia

Naval Academy’s cybersecurity program receives accreditation (Navy Times) The U.S. Naval Academy’s cyber operations program has been formally accredited.

Legislation, Policy and Regulation

If it wants to keep secrets, the intelligence community needs a new vision for cyber (Fifth Domain) The posture seeks to better defend networks and craft more strategic and tactical responses.

Analysis | The Cybersecurity 202: Congress poised to allow DHS to take the lead on federal cybersecurity (Washington Post) "It would be a sea change," one expert said.

The CIA is returning its central focus to nation-state rivals, director says (Washington Post) The agency has been moving away from a consuming emphasis on terrorism.

Credit Freezes are Free: Let the Ice Age Begin (KrebsOnSecurity) It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.

Perspective | A thief stole my phone. Strong encryption saved me. (Washington Post) When we weaken encryption standards, we put the most vulnerable among us at risk.

Litigation, Investigation, and Enforcement

All over Europe, suspected Russian spies are getting busted (Washington Post) Another alleged Russian spy was arrested by Norwegian authorities last Friday, amid a string of expulsions and blunders.

UK issues first-ever GDPR notice in connection to Facebook data scandal (ZDNet) Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.

FCA proposes £30m fine over 2016 cyber attack (The Telegraph) The Financial Conduct Authority (FCA) has threatened to fine Tesco Bank up to £30mn after an "unprecedented and serious" cyber attack affected thousands of customers two years ago.

Rod Rosenstein to stay in job for now, will meet with Trump on Thursday, White House says (Washington Post) The White House announcement followed a morning of speculation that Rosenstein was resigning or being fired.

Even If Rosenstein Stays, the Mueller Investigation Status Quo Won't Last (WIRED) Much of the speculation around deputy attorney general Rod Rosenstein's fate misses how disruptive a post-midterms shake-up could be.

Google plans to send a top executive to Congress after facing criticism (Washington Post) Google CEO Sundar Pichai agreed to participate in the unscheduled hearing in response to a request from House Majority Leader Kevin McCarthy (Calif.), who like other Republicans has said Google silences right-leaning news, views and users.

Qualcomm Accuses Apple of Giving Its Intellectual Property to Intel (Wall Street Journal) Qualcomm accused Apple of funneling proprietary information about the chip supplier’s technology to rival Intel, broadening a long-running legal battle between two companies central to the smartphone industry.

Court ruling could change how SC votes. Will it stop elections from being hacked? (The State) A court ruling in Georgia could affect how you vote in S.C. The challenge to Georgia’s voting machines raise questions of election security and whether your vote can be hacked. What is S.C. doing?

Police accidentally tweet bookmarks that reveal surveilled groups (Naked Security) The Massachusetts State Police (MSP) accidentally spilled some of its opsec onto Twitter last week, uploading a screenshot that revealed browser bookmarks.

Command master chief fired for sliding into Facebook messages of another chief’s wife (Navy Times) Stephan J. Raniszewski was fired as the senior enlisted leader of the future warship Thomas Hudner this spring.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact on cyber security and creating a solid cyber security foundation for the organization. Join us and get the answers to different questions as how to make cybersecurity strategy more dynamic to keep up with threats or how to get the most value out of cybersecurity automation investments. You will discover the crucial elements of cyber risk oversight and innovative methods which could be implemented against the cybercrime.

API Security Summit (London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), FOG Computing, Block Chain and Artificial Intelligence will extend the benefits of cloud - but also create new attack vectors for ambitious and resourceful adversaries. Additionally, the compliance landscape continues to evolve creating new challenges in delivering, measuring, and communicating compliance through multitude of regulations across multiple jurisdictions. The Cloud Security Alliance and MIS Training Institute have partnered to host the 2018 Cloud Security Alliance Congress on December 10-12 at the Omni Orlando Resort in ChampionsGate, Florida. This year’s event welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.

upcoming Events

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique needs and current challenges faced by enterprise cyber security leaders. A CISO’s role requires hands-on technical knowledge and understanding of security tools, techniques, and procedures combined with the need to manage up, down, and across the organization. This summit is the perfect platform for leaders to share information, gain insight and develop next-level strategy. Information security executives from across the country will come together for 2 days of peer breakouts and networking to answer the toughest questions facing them today.

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX education program led by ASIS, InfraGard, and ISSA subject matter experts consists of 300+ sessions, each designed to deliver valuable, actionable takeaways to help shape your security strategy—today and in the future.

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address the unlimited risks surrounding billions connected “things”, Connect Security World 2018 unites Digital Security experts and IoT developers to securely develop, deploy and manage devices & services at IoT scale. In its 7th edition, this technical conference will cover the latest secure technologies stemming from cryptography to strategies and methods to minimize risks and enable successful implementations of end-to-end security – knowing that security is never perfect and no unique security solution (HW, SW…) can fit all levels of protection.

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to discuss network and capability modernization efforts aimed at combating the diverse cyber threats to US National Security. The agenda will focus on defensive and offensive cyber operations as well as the technological capabilities needed by our forces to ensure they can defend American interests in all domains. Lastly, the event will feature two panels: one on protecting our Nation’s intricate critical infrastructure and one on securing the DoDIN.

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout industrial infrastructure and have many military applications. Recent high-profile attacks on these systems have demonstrated ICS’ vulnerabilities and inspired debate about the practical and political means of defending the industrial base against malicious actors. Hack the Capitol will include demonstrations, hands-on learning, and policy conversations tailored toward a non-technical audience. Interact with ICS, including Human Machine Interfaces and Actuators and learn about the threats these components face. The event will provide hands-on education and awareness to members of the public, as well as to Congress, think tanks, and the press. This is a truly unique event that will raise awareness of our nation’s challenges with critical infrastructure and provide kinesthetic learning at multiple levels.

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content is strictly prohibited and there is no vendor exhibition to distract from opportunities, allowing delegates to focus on professional innovation.

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows the Standard of Practice approach in addressing issues surrounding influence operations, infrastructure protection, and surveillance.

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first two days of the summit. These courses offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts. The guest keynote, on economy and cybersecurity in the 21st Century, will be delivered by former US Secretary of State Madeleine K. Albright.

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference is organized by R-CISC, the retail ISAC.

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO which incorporates Cyber Security X, Developer X, AI-Analytics X, Internet of Things X and Blockchain X.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.