The CyberWire Daily Briefing 10.4.18

Summary

By The CyberWire Staff

An investigation by Bloomberg alleges that China succeeded in compromising US computer hardware supply chains with maliciously crafted chips. The chips, Bloomberg says, were found in motherboards of servers intended to handle, among other things, US Government files, some regarded as sensitive. Video encoding shop Elemental Technologies, since 2015 an Amazon subsidiary, engaged Supermicro to assemble the servers, and Supermicro used several Chinese subcontractors in the process, which is where the compromise is thought to have occurred. Apple and Amazon Web Services are both said to have been affected, and both strongly deny that the incident ever occurred. Bloomberg is standing by its story.

Russia's GRU (a.k.a. Fancy Bear, a.k.a. "GU," although no one really calls them GU apart from Russian diplomats during tendentious press conferences) comes in for naming, shaming, expulsion, and indictment in three Western countries. The Netherlands has kicked out four GRU personnel after linking them to an attempted cyberattack on the Organisation for the Prohibition for Chemical Weapons, the international agency investigating the Novichok attacks in Salisbury, England. Australia and the UK accuse the GRU, in some detail, of cyberattacks against the World Anti-Doping Agency (WADA), the US Democratic Party, and others. And the US Department of Justice today indicted seven GRU officers on charges related to the hacking of WADA and other organizations around the world.

Symantec notes that Fancy Bear is returning to covert intelligence gathering.

A recently separated junior Congressional Democratic staffer has been arrested in connection with the doxing of Republican lawmakers.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Angola, Australia, Bahrain, European Union, Ireland, Democratic Peoples Republic of Korea, Kuwait, NATO/OTAN, Netherlands, Norway, Oman, Qatar, Russia, Saudi Arabia, South Africa, United Arab Emirates, United Kingdom, and United States.

Create a culture of cybersecurity awareness with Coachable Moments.

According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.

On the Podcast

In today's podcast, we speak with our partners Cisco Talos, as Craig Williams offers tips on getting the most out of security conferences. Our guest is Oussama El-Hilali from Arcserve, with thoughts on business continuity and disaster recovery.

And Hacking Humans is also up, and we hear yet again that it's easier to trick than to hack. Dave describes dodging a local theater scam. Joe shares survey results from Black Hat attendees. A listener's calendar pops up alluring invitations. Carole Theriault interviews Sophos Naked Security writer Mark Stockley about password shortcomings.

Sponsored Events

CyberMaryland Job Fair on October 9 in Baltimore, MD. (Baltimore, Maryland, United States, Oct 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.

Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles (Phoenix, Arizona, United States, Oct 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

China accused of supply chain attack involving chip secretly built-in to Supermicro server motherboards | Computing (http://www.computing.co.uk) Chip the size of a grain of rice found on motherboard of servers used in defence and CIA, claims Bloomberg investigation,Security,Hardware,Cloud and Infrastructure ,AWS,China,supply chain attack,Elemental

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies (Bloomberg) The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

Pence to Cast China as Republican Campaign Foe in Harsh Speech (Bloomberg) Vice president to expand on Trump’s election-meddling claims

Russia accused of cyber-attack on chemical weapons watchdog (the Guardian) Netherlands expelled four GRU officers after alleged attacks on OPCW and UK Foreign Office

UK accuses Russian spies of cyber-attacks (BBC News) Alleged attacks include raids on the World Anti-Doping Agency, when athletes' data was published, and the US Democratic Party.

Russian-linked group behind DNC hack now conducting covert intel operations, firm says (TheHill) A prominent Russian-linked hacking group that carried out a series of high-profile cyberattacks during the 2016 election has reverted to more covert intelligence gathering methods, a cybersecurity firm revealed Thursday.

The New Cold Front in Russia’s Information War (Foreign Policy) As NATO’s footprint grows in Norway, Moscow may be using an espionage case to inflame the country’s internal divisions.

DHS Secretary: US Election Infrastructure Safe for Now (VOA) Kirstjen Nielsen says there are no indications Russia, China or others actively targeting systems ahead of November vote

Analysis | The Cybersecurity 202: Keep calm and trust the feds on Election Day, national security officials tell states (Washington Post) The midterms will be a critical test for how much federal and state relationships have improved.

Fake-news ecosystem still thrives, two years after the 2016 election, new report says (Washington Post) The report found that 80 percent of the Twitter accounts that frequently shared links to phony news reports during the 2016 election remain active and, as a group, publish more than a million tweets in a typical day.

Mainstream advertising is still showing up on polarizing and misleading sites — despite efforts to stop it (Washington Post) Some researchers say the ads placed on partisan sites is financing the spread of divisive and conspiratorial content without the advertisers’ knowledge.

Next time, information operations may not be so easy to detect (Fifth Domain) Influence operations will be harder to police and detect in the future.

U.S. Links North Korean Government to ATM Hacks (SecurityWeek) The United States Government has released a joint technical alert to share information on an Automated Teller Machine (ATM) cash-out scheme attributed to the North Korean government.

'Desperate' North Korea turns to APT hack attacks for cash (Register) State-sponsored hacking meets financial acquisition with APT38

European Union warns Facebook not to lose control of data security (The Economic Times) "It is a question for the management, if they have things under control," EU Justice and Consumer Affairs Commissioner Vera Jourova told AFP in Luxembourg.

The ultimate fallout from the Facebook data breach could be massive (Help Net Security) Stolen Facebook tokens allowed the attackers to take over victims' Facebook accounts but might have also been used to log into accounts on other sites and apps.

Some experts agree that Facebook security is in need of some serious work (Techaeris) The latest and one of the biggest Facebook security breaches is upon us and some experts agree that Facebook security needs some serious work.

Phishing in the public cloud: You've been served (Netskope) Netskope Threat Protection recently detected an interesting PDF decoy hosted in Google Drive. The PDF decoy was impersonating a law firm in Denver, CO. The PDF decoy linked to an Office 365 phishing page hosted in Azure blob storage. As the phishing bait is hosted in Azure blob storage, it has a Microsoft-issued domain and …

Betabot - An Example of Cheap Modern Malware Sophistication (SecurityWeek) Cybereason describes Betabot malware as paranoid, doing everything it can to prevent detection and maintain persistence.

Malware Has a New Way to Hide on Your Mac (WIRED) By only checking a file's code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely.

Cheap Android Phones and Poor Quality Control Leads to Malware Surprise (BleepingComputer) The abundance and variety of low cost Android phones is one of the reasons that Android has become so popular around the world. Unfortunately, low priced phones could also mean less operating revenue and thus possibly a lower quality control. Such is the case with a cheap Android phone and has a remote access trojan preinstalled.

South African phones targeted by notorious ‘governments only’ spyware (Mail and Guardian) Journalists warned to be extra-vigilant with their digital security

You dirty DRAC: IT bods uncover Dell server firmware security slip (Register) Weakness not easy to leverage, but iDRAC exploit would mean game over for admins

Danabot Banking Malware Now Targeting Banks in the U.S. (BleepingComputer) The DanaBot banking Trojan traditionally ran campaigns that targeted Australia and European banks, but new research shows a new campaign that is targeting banks in the United States as well.

Why you shouldn't trust "safe" spying apps! (Zscaler) Zscaler security research team came across a suspicious Android app named SPYMIE, which portrays itself as key logger designed for parents to track the cell phone activities of their children. its an Android-based keylogger that has ability to hide itself and start recording everything the user tries to access.

For some cloud services more than 75% of accounts are utilized by hackers (Help Net Security) DataVisor researchers found that a staggering percent of cloud-based online user accounts appear to be completely fraudulent.

Business Email Compromise Made Easy for Cybercriminals as 12.5 Million Company Email Inboxes and 33,000 Finance Department Credentials Openly Accessible on the Web (BusinessWire) Digital Shadows today announced the findings of new research revealing the diversity of methods used to infiltrate company emails.

Hackers demand bitcoin ransom in cyberattack on big Canadian restaurants | CBC News (CBC) Restaurant company Recipe Unlimited, which owns many popular chains, has been told to pay ransom in bitcoin to retrieve data that hackers claim to have stolen. The company says the threat isn't real because its systems are protected.

Security Patches, Mitigations, and Software Updates

Microsoft's latest Windows 10 update makes nice with Android (Mashable) If you're on Android, Windows 10 has some treats for you.

Cyber Trends

The internet of battlefield things is coming. Are IT pros ready? (C4ISRNET) Inanimate and innocuous objects, including plants and stones, are being turned into connected information gathering points, increasing the scale of information and the need for IT teams to support war fighters.

Terbium Labs Takes to Task Existing Research on Dark Web Data Pricing (GlobeNewswire News Room) Investigative Research Team Examines 22 Reports on Dark Web Data Pricing to Find No Consistency and Misleading Results

Even with internal focus, most companies utilize external resources for cybersecurity (Help Net Security) Among companies that have internal security resources, 78% utilize external resources for cybersecurity. This could be a contract with a third-party firm.

Most organizations believe hackers can penetrate their network (Help Net Security) The Radware 2018 State of Web Application Security report shares an in-depth view of the challenges organizations face in protecting web applications.

Marketplace

Firms Seek to Close Security Skills Gap (Wall Street Journal) The expansion of cloud computing and mobility is creating data and privacy threats that can’t be handled by standard network and endpoint security efforts, CompTIA says.

NYC launches full-court cyber press (GCN) A multipronged effort aims to secure the city by investing in cybersecurity technology, entrepreneurs, a skilled workforce and empowering residents to better protect themselves against threats.

2 Israeli firms chosen to aid NYC in quest to be cybersecurity ‘global leader’ (Times of Israel) SOSA, which matches startups with corporations, will set up a Global Cyber Center in Chelsea; JVP will run the city's first international cybersecurity investment hub in SoHo

ObserveIT Brings Powerful New Insider Threat Detection Features to Market; Achieves Record Growth in Q3 (Odessa American) ObserveIT, the leading insider threat management provider with more than 1,800 customers around the world, today announced significant growth and product innovation, reflecting increasing global demand for ObserveIT’s insider threat management solution. The company unveiled the latest version of its solution, ObserveIT 7.6, and experienced the largest bookings quarter in the company’s history, with a 80% increase in bookings over the last 15 months, several sizable customer wins and industry accolades.

Raytheon Enters Cyber Partnerships With Cybraics, Authentic8; John DeSimone Quoted (ExecutiveBiz) Raytheon has teamed up with two companies to help organizations protect financial, health care and electoral systems and other critical infrastructure from cyber threats through the adoption of artificial intelligence, analytics and isolated browsers. “With global critical infrastructure systems under constant attack, organizations need flexible access to the most advanced technology possible to ensure resiliency,”...

Emerson to Acquire GE’s Intelligent Platforms BusinessEmerson to Acquire GE’s Intelligent Platforms Business (Automation World) The addition of GE’s PLC technologies to the portfolio will help Emerson expand further into hybrid industries like metals and mining, life...

Huntsville cybersecurity firm gets $12.1 billion contract (AL.com) The contract is for Information Technology Enterprise Solutions-3 services, or ITES-3S, to the army, other defense department agencies, and all other federal agencies.

Cyber Threat Alliance Continues Strong Growth With New Members AlienVault, Dragos, Lastline, and NEC (Cyber Threat Alliance) Expanding member base supports CTA mission to improve cybersecurity for all

Security Industry Association to Present Edwina Reynolds With Inaugural SIA Progress Award | Security Industry Association (Security Industry Association) Iluminar CEO Eddie Reynolds will be recognized for her efforts to aadvance women in the security industry at SIA Honors Night 2018.

Products, Services, and Solutions

Cubic Corp. wins $394 million contract to update transit fare technology in the Bay Area (San Diego Union Tribune) Cubic will replace older fare readers and other equipment, as well as add wireless communications to buses that lack connectivity. The work will take place over the next two to five years.

Security Compass Announces Jenkins Plugin for its Policy-to-Procedure Platform Bringing Application Risk Policy and Compliance to DevOps (GlobeNewswire News Room) Agile Development Teams Empowered to Continuously Deliver Applications without Risk from the Start

F-Secure, Zyxel Bringing Secure Wi-Fi to Connected Homes (Global Security Mag Online) Cyber security provider F-Secure and broadband networking solutions provider Zyxel are teaming up to bring fast, secure Wi-Fi to homes all over the world. The two companies have signed an agreement to offer service providers a range of home cyber security gateways that provide the fast Wi-Fi connectivity demanded by today’s consumers while delivering comprehensive protection for PCs, smart TVs, mobile phones and tablets, and all the other internet-enabled devices finding their way into people’s homes.

InfoSec Institute Targets MSPs, VARs, OEMs with New Program (Channel Partners) InfoSec Institute's new partner program offers all qualified partners: profitable margins and bonus deal registration discounts; marketing and lead generation resources; sales support resources to qualify opportunities, provide quoting or contracting assistance and close deals; SecurityIQ technical sales training; and the ability to resell InfoSec Flex Pro IT security training boot camps and certification prep courses.

How Bank of England is using Splunk for proactive security (ComputerWeekly) Head of the Bank of England’s security operations centre talks about how Splunk is helping it to take a more proactive approach to preventing cyber attacks.

Splunk ups Industrial IoT Operational Technology (OT) team tools (ComputerWeekly) Real-time operational intelligence specialist Splunk hosted its annual .conf conference in Orlando this October to detail the state of its platform development, showcase customer use cases and dig ...

Cylance Launches Cybersecurity Leadership Academy (Digital Journal) Inc., the leading provider of AI-driven, prevention-first security

Disk Encryption is Smooth and Speedy in BestCrypt By Jetico (BusienssWIre) Jetico releases superior disk encryption in BestCrypt Volume Encryption v4 with smoother interface and faster performance to encrypt hard drives.

DigiCert, Gemalto and ISARA to provide quantum-proof certificates (SearchSecurity) Quantum computing threats are posed to break the most widely used cryptography technology, but DigiCert, Gemalto and ISARA recently announced a partnership to develop quantum-proof digital certificates.

Technologies, Techniques, and Standards

What Clausewitz Can Teach Us About War on Social Media (Foreign Affairs) Clausewitz would have understood the weaponization of social media.

Hacking for good uncovers over 150 Marine Corps web vulnerabilities (Fifth Domain) The Department of Defense's latest bug bounty program targeted vulnerabilities in Marine Corps websites.

Remote Access: The Hidden Weak Spot for Cyberattacks (SecurityWeek) To minimize the risk associated with remote access threats, organizations should implement these four measures to strengthen their security posture.

How Letting Go of the Familiar Can Improve Security Maturity (SecurityWeek) Josh Goldfarb provides six examples of how letting go of the familiar can help us improve our security maturity.

Bridging the priority gap between IT and security in DevOps (Help Net Security) Do you have a security priority gap? Some gaps do exist in the motivation, emphasis, and objectives associated with each roles in an organization.

Using Compliance as a Springboard to Better OT Cybersecurity (SecurityWeek) Regulations are helping to raise awareness among senior decision makers in organizations about security and accountability.

Identifying a phisher (SANS Internet Storm Center) I’m working as an IT security expert for a mid-sized company in Germany so it is rather common that employees consult me to check some phishy emails they receive. I rarely write blog posts anymore, but this was so funny and enjoyable that I’d like to share my experience.

Design and Innovation

Verizon: Vendor AI Not Ready for Prime Time (Light Reading) Verizon's wireline unit is developing its own machine learning internally using open source tools and 'agile' development methods.

Research and Development

IBM Wins Patent for Blockchain-Based Network Security System (CoinDesk) A newly published IBM patent proposes bolstering network security by monitoring potential network intrusions on a blockchain.

Morphisec Awarded by Department of Homeland Security for Development of Enhanced Moving Target Defense for Virtual Systems (Odessa American) Morphisec, the leader in Moving Target Defense, announced today that it has received an award from the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to extend, deploy, test and evaluate a Moving Target Defense (MTD)-based cybersecurity solution for virtual desktop infrastructure (VDI) environments.

Academia

Cyber Innovation Center receives Homeland Security grant (ARKLATEXHOMEPAGE) The Cyber Innovation Center and its academic outreach division, the National Integrated Cyber Education Research Center, have been awarded a second five-year grant from U.S. Department of Homeland Security.

UMBC and the NSA celebrate their longstanding relationship (Retriever) The National Security Agency has recently listed UMBC as the first school under their new featured school series. For over twenty years, UMBC and

La. National Guard planning new cybersecurity center at LSU Innovation Park (Baton Rouge Business Report) The Louisiana National Guard and LSU have agreed to a land swap at LSU’s Innovation Park that will enable the guard to develop a new unit devoted entirely to cybersecurity. The Cyber Coordination Center, as it would be called, will build on an existing collaboration between LSU and the guard on cybersecurity issues, and could...

Legislation, Policy and Regulation

US to offer cyberwar capabilities to NATO allies (CNBC) The announcement is expected in coming days.

Lockheed’s Jim Keffer: White House, DoD Cyber Strategies Could Lead to Campaigns Against Threat Actors (ExecutiveBiz) Jim Keffer, director of cyber at Lockheed Martin, told Federal News Radio in an interview posted Tuesday how the Defense Department’s cyber strategy is synched up with and embedded into the White House’s National Cyber Strategy. “The national strategy talks more about domestic issues and the DoD strategy is more about the military part, but the...

How to deter the biggest U.S. cyber adversaries (POLITICO) DHS conducting experiment in ICS cybersecurity — North Korean cash grab

Facebook Briefs Lawmakers on Breach in Effort to Guard Against Backlash (Wall Street Journal) Facebook officials are briefing lawmakers about its massive security breach as the social-media company tries to quell a potential backlash in Washington over its latest setback involving user data.

GDPR also covers "security by design" in hardware and software, warns Dr Kuan Hon (Computing) Data controllers obliged to consider data protection by design and by default under GDPR - which will also cover firmware

Facebook, Apple, Alphabet and Amazon rally against Australia's proposed data encryption laws (CRN Australia) Facebook, Apple, Alphabet and Amazon unite.

Litigation, Investigation, and Enforcement

Russia collusion bombshell: DNC lawyers met with FBI on dossier before surveillance warrant (TheHill) Congressional investigators have confirmed that a top FBI official met with Democratic Party lawyers to talk about allegations of Donald Trump-Russia collusion weeks before the 2016 election, and before the bureau secured a search warrant targeting Trump’s campaign.

Justice Department charges 7 Russian military intelligence officials in hack of doping agencies, other organizations (Washington Post) Justice Department charges 7 Russian military intelligence officials in hack of doping agencies, other organizations

Justice Department announces indictments of 7 Russian spies in hacking plot tied to Olympics doping scandal (USA TODAY) Justice Department officials announced charges Thursday against seven Russian GRU intelligence officers

U.S. Gets Aggressive in Naming Foreign Hackers (Wall Street Journal) The U.S. and the U.K. are among countries that have become more willing to blame specific nations for major cyberattacks.

The $500 Million Central Bank Heist—and How It Was Foiled (Wall Street Journal) Officials in Angola have charged four men in connection with an alleged plot to siphon off a big chunk of its central-bank reserves. It would have been one of the biggest ever thefts of its kind.

Angolan Ex-President’s Son and Others Suspected of $500 Million Central Bank Fraud Using U.K. Lenders (Wall Street Journal) The former Angolan president’s son and a former central banker are suspected of using accounts at HSBC and Standard Chartered in an attempt to defraud the country’s central bank by transferring $500 million through these U.K.-based lenders.

Facebook to be hit with UK legal claim after massive data breach (The Telegraph) Facebook's problems deepened last night as EU regulators launched a formal investigation into a hack of 50 million accounts and a new threat of legal action in the UK also loomed.

Suspect in Congressional Doxxing Cases Arrested (Roll Call) A suspect in the doxxing of several Republican senators has been arrested. The doxxing happened in the wake of explosive testimony last week.

Former junior Democratic aide charged with posting personal data on GOP senators online (Washington Post) U.S. Capitol Police say investigation continues into Wikipedia edits made during Kavanaugh hearing

Jackson Cosko: 5 Fast Facts You Need to Know (Heavy.com) Jackson Cosko is accused of doxxing Republican senators during the Kavanaugh hearings.

FBI vs. Facebook Messenger: What’s at stake? (Ars Technica) Op-ed: Secret rulings should not force tech companies to build backdoors.

Rapid7 is latest cybersecurity firm to face Finjan patent lawsuit (Reuters) Boston-based Rapid7 Inc on Monday became the latest cybersecurity company to fac...

EBay accuses Amazon of trying to 'illegally poach' its sellers (The Telegraph) EBay has accused Amazon employees of using its messaging system to illegally poach its sellers.

GCCPOL and Kaspersky Lab collaborate for cybersecurity awareness (Intelligent CIO Middle East) GCCPOL, the organisation which serves as a law enforcement hub for the six countries of the GCC (Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and UAE), has hosted a cybersecurity session in collaboration with Kaspersky Lab. The session has created a platform for the exchanging of information and expertise between the two organisations about the latest cyberthreats […]

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

COSAC & SABSA World Congress (Kildare, Ireland, Sep 30 - Oct 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content is strictly prohibited and there is no vendor exhibition to distract from opportunities, allowing delegates to focus on professional innovation.

Cyber Defense Summit 2018 (Washington, DC, USA, Oct 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first two days of the summit. These courses offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts. The guest keynote, on economy and cybersecurity in the 21st Century, will be delivered by former US Secretary of State Madeleine K. Albright.

IP Expo Europe (London, England, UK, Oct 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO which incorporates Cyber Security X, Developer X, AI-Analytics X, Internet of Things X and Blockchain X.

Borderless Cyber USA 2018 (Washington, DC, USA, Oct 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across the globe will gather at Borderless Cyber to exchange ideas and learn about cybersecurity strategies that work. Conference attendees will be provided the opportunity to network with cyber leaders, compare experiences and learn about the latest threat intelligence sharing tools and techniques.

Borderless Cyber USA (Washington, DC, USA, Oct 3 - 5, 2018) Automation, people, information sharing, intelligence, risk and the economics of risk have been identified as key cybersecurity strategy measures to focus on in order to keep pace with modern threats. Join us at Borderless Cyber USA as our keynote presenters share their views on the right combination of these measures needed to ensure your cybersecurity strategy confidence reaches that next level. In addition to our keynotes will be a diverse hand-picked group of global cybersecurity experts have been invited to share their recommendations and real-world experiences over the two-day conference program. Conference organizers, The World Bank, OASIS Open Consortium, Institute for Critical Infrastructure Technology, and Georgetown University, are confident that the Borderless Cyber program will help you succeed in building a solid foundation of controls that preempt, detect and help remediate your risks.

MSPWorld® Peer Group & Data Analytics Summit (Las Vegas, Nevada, USA, Oct 4 - 5, 2018) The MSPWorld® Peer Group & Data Analytics Summit is a revolutionary new concept for the managed services executive. Accessible only by MSPs, this conference will focus on small, peer lead groups exchanging ideas (and information) in a safe, secure, and structured way. Designed to be a high impact, 2 day conference where MSPs will share financial and operational data with their peers and receive valuable reports on that shared data. The MSPWorld Peer Summit will allow managed services professionals to enter an environment where they can collaborate, share ideas, and listen to others. The express purpose of this event is to promote collaboration, shared solutions to MSP problems, and provide useful analytics to MSP operators. If you have questions please feel free to contact us at events@mspalliance.com.

4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain (Kiev, Ukraine, Oct 8, 2018) The 4th International Cybersecurity Forum, HackIT 4.0: Exploit Blockchain will be held October 8 – 11, CEC Parkovy, Kyiv, Ukraine. The annual Hacken Cup – the onsite bug bounty marathon – happens on October 8, with 20 top white hat hackers finding critical vulnerabilities in your client’s or company’s web and mobile applications. Developer teams can exchange experience with top security researchers, receive a day of offline bug bounty and cybersecurity consulting at the Hacken Cup and one month of online bug bounty at the HackenProof platform. Also includes a press conference with media and three tickets to the HackIT forum and VIP afterparty..

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 8 - 9, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies. CYBERSEC Forum gives a chance to invent, discuss and leverage practical and innovative solutions for contemporary innovation-driven, digital economy. Four dedicated streams will help to define trends, enhance cybersecurity potential and catalyse innovation.

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, Oct 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all over the world, including policy-makers, top industry experts, global private sector leaders, investors, and representatives of technology start-ups. CYBERSEC is recognised as one of Europe’s top 5 cybersecurity conferences. Its main goal is to provide institutions with recommendations and policy goals that can be incorporated into cybersecurity strategies and legislative frameworks.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, USA, Oct 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training.

CyberMaryland 2018 (Baltimore, Maryland, USA, Oct 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

HoshoCon 2018 (Las Vegas, Nevada, USA, Oct 9 - 11, 2018) Over 3 days, attendees will gain firsthand knowledge about blockchain security. You are invited to converse with technologists working on blockchain and cryptocurrency projects, hear key insights from industry leading security experts and participate in developer workshops. Hosho is lucky to call Las Vegas home, and as our guests, you will be treated to unique content, valuable networking opportunities and the entertainment that only Vegas can offer. We can’t wait to see you there.

U.S. Department of Transportation Cybersecurity Symposium (Washington, DC, USA, Oct 9 - 10, 2018) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is 2 days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted by the Office of the DOT Chief Information Officer (CIO) and the Chief Information Security Officer (CISO), the symposium is open to all Federal agencies and will take place at the DOT Headquarters building, 1200 New Jersey Avenue SE, Washington, DC 20590.

SecureWorld Dallas (Dallas, Texas, USA, Oct 10 - 11, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Florida Cyber Conference 2018 (Tampa, Florida, USA, Oct 10 - 11, 2018) The Florida Cyber Conference has quickly become the “can’t miss” networking event for Florida’s stakeholders in cybersecurity, bringing together a diverse audience from multiple sectors to encourage dialogue, share information, address emerging threats and trends, and promote collaboration. Exhibiting at Florida Cyber Conference 2018 is your opportunity to connect with leaders from across Florida’s cybersecurity community. Meet industry CISOs, CFOs, and CEOs; representatives from government and defense; students; and researchers.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Chinese supply chain attack? GRU named, shamed, expelled, and indicted. Arrest in Congressional doxing case.