The CyberWire Daily Briefing 10.10.18

Summary

By The CyberWire Staff

Bloomberg doubles down on its report of Chinese hardware supply chain seeding, with on-the-record corroboration from Sepio Systems. Sepio is quoted as saying that it found the malicious implants in equipment belonging to one of its clients, a telecommunications company it can't name because of a nondisclosure agreement. AT&T, Verizon, and Sprint told Bloomberg they're not affected. Motherboard reports that CenturyLink, Cox, and Comcast also denied being the affected telco.

Norway's National Security Authority also said, according to Bloomberg, that it has been "aware of an issue" with respect to Supermicro devices since June, but that it couldn't confirm the specifics of Bloomberg's report. The US Department of Homeland Security denied investigating the matter, but Bloomberg notes that the investigation mentioned in their report would be one conducted by the FBI. The FBI has declined to comment. There's no consensus yet as to whether Bloomberg's report is true, and the story is still developing. Apple has sent a strongly worded, direct, and detailed denial of the alleged incident to Congress. The US Senate Commerce Committee is considering hearings on the matter.

Ukraine's state fiscal service has been under denial-of-service attack since Monday.

The US Government Accountability Office reported yesterday that its investigation finds Defense Department weapon systems remain vulnerable to cyberattack.

SEC Consult researchers have found critical vulnerabilities in Xiongmai Technology's widely used and inexpensive DVRs and security cameras.

Intel's ninth-generation core processors include hardware protection against two Spectre and Meltdown vulnerability variants. Microsoft's patches address JET Database Engine bugs.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, Indonesia, Ireland, Republic of Korea, Norway, Russia, Ukraine, United Kingdom, and United States.

To all our readers in Taiwan and all other places the holiday is observed, a happy Double Ten Day.

Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”

Despite having bigger budgets and greater resources, large enterprises aren't better protected from cyberattacks than are their smaller counterparts. The sweet spot for cybersecurity is found among midsized businesses, which testing finds performed best at protecting their assets and mitigating their security risks. That's the conclusion of Coalfire's inaugural Coalfire Penetration Risk Report, based on more than 300 penetration tests in 148 companies worldwide. Download the report to gather data-driven insights and make informed decisions based on Coalfire’s innovative analysis.

On the Podcast

In today's podcast we speak with our partners at Dragos, as Robert M. Lee offers insight into the Bloomberg hardware supply chain story. Our guest is Steven Cobb from ESET, describing the results of their recent AI and ML silver bullet survey.

Sponsored Events

Cyber Security Summits: October 16 in Phoenix and on November 29 in Los Angeles (Phoenix, Arizona, United States, October 16, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The CIA, Verizon, AT&T, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom (Bloomberg) The discovery shows that China continues to sabotage critical technology components bound for America.

U.S. Republican senator seeks briefings on reported China hacking... (Reuters) The top Republican on the Senate Commerce Committee has asked Apple Inc, Amazon....

The Cybersec World Is Debating Who to Believe in This Story About a Massive Hack (Motherboard) No one is really sure who to believe after Businessweek's bombshell story on an alleged Chinese supply chain attack against Apple, Amazon, and others.

Homeland Security Throws Apple and Amazon a Bone on Hacking Report (Barron's) The U.S. Department of Homeland Security says it has no reason not to believe Apple, Amazon, and other companies that have denied a Bloomberg Businessweek report that Chinese intelligence services inserted malicious computer chips into their equipment.

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It? (KrebsOnSecurity) From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison.

Ukraine's state fiscal service disrupted by cyber attack (Reuters) A cyber attack has affected the internet services of Ukraine's state fiscal...

Latvia Says Russia Targets Its Foreign, Defense Bodies with Cyber Attack (VOA) Several Western countries issues coordinated denunciations of Russia last week for running what they described as a global hacking campaign

‘Weaponisation’ of religious sentiment in Indonesia’s cyberspace (The Strategist) The announcement that prominent Indonesia Ulema Council chairman and cleric Ma’ruf Amin will be President Joko ‘Jokowi’ Widodo’s vice-presidential running mate for the 2019 election has stimulated fresh debate about the ‘Islamisation’ of Indonesian politics. ...

New Pentagon Weapons Systems Easily Hacked: Report (SecurityWeek) New US weapons systems being developed by the US Department of Defense can be easily be hacked by adversaries, the U.S. Government Accountability Office said.

Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities (US Government Accountability Office) In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. DOD's weapons are more computerized and networked than ever before, so it's no surprise that there are more opportunities for attacks.

MY TAKE: Cyber attacks on industrial controls, operational technology have only just begun (Security Boulevard) “May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war In today’s geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries’

Magecart Group Targets Shopper Approved, Customers in Latest Attack (Threatpost) The breach also impacted hundreds of Shopper Approved's customers.

9 million Xiongmai cameras, DVRs wide open to attack (Help Net Security) SEC Consult researchers have found a handful of critical vulnerabilities in cameras, DVRs by Chinese manufacturer Hangzhou Xiongmai Technology.

Naming & Shaming Web Polluters: Xiongmai (KrebsOnSecurity) What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act?

Unpatched routers bad, doubly unpatched routers worse – much, much worse! (Naked Security) Two bugs can be four times the trouble! If you missed the last Microtik router patch, you’re at risk, but if you’re *two* patches behind …

Tenable Research Advisory: Multiple Vulnerabilities Discovered in MikroTik's RouterOS (Tenable™) Tenable Research has discovered several vulnerabilities in RouterOS, an operating system used in MikroTik routers, the most critical of which would allow attackers to potentially gain full system a

Researchers KRACK Wi-Fi Again, More Efficiently This Time (SecurityWeek) Researchers have revealed more practical versions of Key Reinstallation Attack (KRACK), attacks that exploit security weaknesses in the Wi-Fi Protected Access II (WPA2) protocol.

Consumers say scammers swiped money from their Cash App accounts (FOX59) Chances are this app is on your phone and you use it often. We're talking about Cash App, a peer to peer money transfer system. But now customers are saying someone is swiping money out of their account. So we reached out to tech experts and talked to Cash App directly to find out how to keep your money safe.

Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads (TrendLabs Security Intelligence Blog) A spam campaign we observed in September indicates attackers are angling towards a more sophisticated form of phishing. The campaign uses hijacked email accounts to deliver URSNIF as part of or as a response to an existing email thread.

Don’t fall for the Facebook ‘2nd friend request’ hoax (Naked Security) Cloned accounts are a real thing, but this viral message isn’t. Don’t forward it!

Cyber security expert: 'reverse engineering' will tell you if your Facebook has been cloned (ABC 12) f you've been on your Facebook news feed lately, you probably have noticed some rather odd posts. Many people are posting that they've gotten either 'hacked' or 'cloned' and to not accept new friend requests.

Hook, Line and Sinker: After Phish Get Caught (SecurityWeek) Cyber defenders need to take action to make sure that their networks are secure against the consequences of phishing attacks regardless of user actions.

Credential-Phishing Attempts Highest on Tuesdays (Infosecurity Magazine) OneDrive, LinkedIn and Office 365 logins are the most popular phishing lures, says Menlo Security.

CEO Fraud: Barriers to Entry Falling, Security Firm Warns (BankInfo Security) Barriers to getting into the business email compromise - aka CEO fraud - game continue to fall, with security vendor Digital Shadows finding that compromised email

DDoS Attacks Targeted Final Fantasy XIV and Ubisoft on the Same Day (PlayStation LifeStyle) It appears that yesterday's DDoS attacks targeting Square Enix's Final Fantasy XIV and multiple Ubisoft games at the same time.

How hackers could disrupt Election Day — and how the bad guys could be stopped (Boston Globe) The US elections system is rife with technological weak spots, but election security experts have identified plenty of ways to fend off threats.

Voting Experts: Why the Heck Are People Still Voting Online? (Nextgov.com) At least 100,000 online ballots—including the votes of overseas military personnel—were cast in 2016.

Survey: Most Feds Could Steal Government Data If They Wanted To (Nextgov.com) But most have no desire.

Cyber Attack in Otsego County (CNYHOMEPAGE) County Website Remains Offline

BBC Reports Over 170 Devices Lost or Stolen (Infosecurity Magazine) Past two years saw devices costing over £100K go missing

South Korean Cryptocurrency Exchanges Have Lost $99 Million Over 3 Years (ICO Brothers Media) South Koren crypto exchanges have lose almost $100 million because of hackers' attacks over the last three years, and damages keep growing each year.

Security Patches, Mitigations, and Software Updates

Spectre and Meltdown Hardware Protection Added to Intel's 9th Gen CPUs (BleepingComputer) As part of today's Intel's Fall Desktop Launch event, new 9th generation CPUs were announced that include hardware protection for two of the Spectre and Meltdown vulnerability variants.

October Patch Tuesday: Microsoft Repairs JET Database Engine Bug, Win32K EoP Zero-Day (TrendLabs Security Intelligence Blog) In the October Patch Tuesday edition, Microsoft fixes CVE-2018-8423 that Trend Micro’s Zero Day Initiative disclosed last September.

Microsoft Patches Windows Zero-Day Exploited by 'FruityArmor' Group (SecurityWeek) Microsoft patches nearly 50 vulnerabilities with its October 2018 Patch Tuesday updates, including a Windows zero-day exploited by the FruityArmor APT group

Windows 10 October 2018 Update no longer deletes your data (Ars Technica) Microsoft will help those affected attempt to recover their files.

VERT Threat Alert: October 2018 Patch Tuesday Analysis (The State of Security) Today’s VERT Alert addresses Microsoft’s October 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-800 on Wednesday, October 10th.

No Security Fixes in Patch Tuesday Updates for Flash Player (SecurityWeek) The Patch Tuesday updates released by Adobe for Flash Player include no security fixes. Vulnerabilities patched in Digital Editions, Framemaker, and Technical Communications Suite

Apple Patches Passcode Bypass in iOS (SecurityWeek) Apple has released patches for iOS devices to address a recently disclosed vulnerability that could result in the bypass of the lockscreen.

Who's watching your TV? Sony quietly killed three critical Bravia TV bugs (ZDNet) Owners of a Bravia smart TV should check it has the latest firmware updates, which patch three bad security flaws.

Cyber Trends

Data Breaches Compromised 4.5 Billion Records in First Half of 2018 (BusinessWire) Gemalto, the world leader in digital security, today released the latest findings of the Breach Level Index, a global database of public data breaches

The DMARC Challenge for Federal Agencies Report - October 2018 (Valimail) Federal BOD 18-01 DMARC Status Report: Analysis of SPF and DMARC records for 1,315 federal .gov domains as recorded in DNS as of 10/1/18.

Small Business Cybersecurity and Data Breach Risks | Insureon (insureon) Only 16% of small-business owners think they might face a cyber breach. Find out how damaging a breach can be and get small business cyber security tips.

IIS attacks surge from 2,000 to 1.7 million over last quarter (Help Net Security) IIS, Drupal, and Oracle WebLogic web technologies experienced increased attacks in Q2 2018. IIS attacks showed a massive increase.

China is ahead of Russia as 'biggest state sponsor of cyber-attacks on the West' (The Telegraph) China has become the biggest state sponsor of cyber-attacks on the West, primarily in its bid to steal commercial secrets, according to a report today by one of the world’s largest cybersecurity firms.

Growing intrusion trends: A perspective on today's most sophisticated cyberattacks (Help Net Security) According to a new CrowdStrike report, the technology, professional services, and hospitality sectors were targeted most often by cyber adversaries.

Privileged account practices are poor, and IT security teams know it (Help Net Security) One Identity released new global research that uncovers a widespread inability to implement basic best practices across identity and access management

Most consumers don't trust companies to keep personal information secure (Help Net Security) Consumers feeling uneasy about businesses sharing their personal data with other companies, according to original research from Oxford Economics.

Marketplace

Huawei, ZTE Charm Offensive Just Got Harder (Light Reading) A report from Bloomberg, alleging China infiltrated servers used by the US government, could spell further trouble for Huawei and ZTE.

Canadian government IT security boss on Huawei: 5G review isn’t over yet (IT World Canada) Reading one of Canada's biggest newspapers, you might get the impression our electronic spy agency doesn't see a need to forbid this

Huawei willing to work with government to allay Korea's 5G security fears (Totaltelecom) Korea's big three network operators are currently in the final stages of selecting their technology partners for their 5G rollout programmes

Splunk lays out its cybersecurity vision (CSO Online) At Splunk .Conf 2018, we learned how the company continues to expand its cybersecurity footprint, work with industry partners, and commit to customer success.

Intel's commitment to making its stuff secure is called into question (Register) Security is a process or at least an aspiration

The Murky Market for Zero-Day Bugs (Infosecurity Magazine) Danny Bradbury shines a light on the thriving online zero-day marketplace

7 best practices for working with cybersecurity startups (CSO Online) Security startups are often ahead of the technology curve and can provide more personalized service. Here's how to find the best of them and minimize risks.

Centrify Spins Out IDaaS into new Vendor Idaptive (Infosecurity Magazine) Centrify has spun out its Identity-as-a-Service (IDaaS) service into a new company, which it has named Idaptive

Fortnite Developer Epic Games Acquires Anti-Cheat Company Kamu (IGN) The Finnish company has already been providing its services to Epic for Fortnite.

Products, Services, and Solutions

KnowBe4 Brings Artificial Intelligence to Security Awareness Training (SecurityWeek) KnowBe4 has added a Virtual Risk Officer (VRO), a Virtual Risk Score (VRS), and Advanced Reporting (AR) features to its security awareness training and simulated phishing platform.

Healthwise enhances hybrid IT strategy with Pulse Secure vADC and Microsoft Azure (GlobeNewswire News Room) Reliability, performance and powerful scripting tools help leading non-profit organization deliver mission critical applications 24/7

Cymulate Announces Technology Integration with Tenable (BusinessWire) Cymulate, a provider of a leading Breach & Attack Simulation (BAS) platform which was recognized as a Gartner 2018 Cool Vendor, announced today th

Alert Logic Extends Security to Cover Any Container Across Multiple Platforms, Breaking Barriers to Visibility, Portability and Threat Detection (GlobeNewswire News Room) Industry’s Only Network IDS for Containers Adds Log Management and Expands Coverage Beyond AWS to Azure, On-Premises and Hosted Environments

Bro IDS is One of the Most Powerful Cybersecurity Tool You’ve Never Heard of (Bricata) Bro IDS is around 20 years old, but awareness of the technology doesn’t match its age.

Looking back at Google+ (TechCrunch) Google+ is shutting down at last. Google announced today it’s sunsetting its consumer-facing social network due to lack of user and developer adoption, low usage and engagement. Oh, and a data leak. It even revealed how poorly the network is performing, noting that 90 percent of Google+ user …

Bitdefender Announces Complete Endpoint Prevention, Detection and Response Platform Designed for all Organizations (Bitdefender) Company continues investment in innovation with industry-first, full-stack EPP/EDR platform, GravityZone

NETSCOUT Offers Free DDoS Protection to Election Officials (NETSCOUT) NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT), a leading provider of service assurance, security, and business analytics, today announced it is making its Arbor Cloud DDoS prot

WhiteHat Security Introduces Dynamic Single-page Application Scanning for an Automated, Seamless Customer Experience (BusinessWire) WhiteHat Security, the leading application security provider committed to securing digital businesses, today announced a new feature for dynamic singl

ZeroFOX introduces new social media and digital protection managed services platform (Help Net Security) ZeroFOX OnWatch managed service provides social and digital risk protection by experts who help to ensure brands’ reputation and integrity.

Pixel 3 launch: Google unveils new smartphone and Home Hub smart screen (The Telegraph) Google has launched two phones that answer calls on behalf of the owner in tricky situations, as it continues its mission of placing powerful artificial intelligence in the pockets of consumers around the world.

Symantec expands cloud security portfolio to secure cloud applications and infrastructure (Help Net Security) Symantec's integrated approach to cloud security, compliance and management delivers visibility and control to IaaS, PaaS and SaaS applications.

Is it Safe to Send Crypto via Email? New Payment Platform Promises ‘Complete Security’ (Cointelegraph) A startup helps cryptocurrency owners protect digital assets from being stolen and lost. Security is provided by decentralizing private key shards.

Don't hope just to keep watch against hacking (Tech Wire Asia) The sad fact about hacking and cyberattacks, in general, is that it's a case of when it happens to you, not if. While the mainstream press seems to be full of high-profile cyber security breaches and massive data losses, there are innumerable successful hacks into businesses and organizations of all sizes – from

Iron Bow to Launch Cloud-Ready Product for Interactive Video Communication and Patient Monitoring Using Vidyo (BusinessWire) Iron Bow Technologies, an information technology solutions provider and global managed services provider to healthcare, government and commercial mark

Bitdefender Announces Complete Endpoint Prevention, Detection and Response Platform Designed for All Organizations (PR Newswire) Bitdefender, a global cybersecurity company protecting over 500 million systems ...

Technologies, Techniques, and Standards

Mastercard, WorldPay and Amex among the payment processors in first-ever 'cyber war game' (Computing) Payment processors tighten collaboration to fight rising IT security threats

Teach Your AI Well: A Potential New Bottleneck for Cybersecurity (Dark Reading) Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.

The government is rolling out 2-factor authentication for federal agency dot-gov domains (Washington Post) Government officials managing dot-gov websites will soon have to use the Google Authenticator app on their smartphones for two-factor verification.

Lessons learned from the Facebook security breach (SearchCIO) With attacks like the Facebook security breach becoming more commonplace and sophisticated, experts sound off on what organizations can do to secure critical data.

FDA Partners with Sensato-ISAO and H-ISAC to Create Open Source Cybersecurity Intelligence Network and Resource (Benzinga) FDA, Sensato and H-ISAC created the network to ensure that essential medical device and healthcare cybersecurity vulnerability information can be shared with all stakeholders...

Army may incorporate more civilians into its cyber teams (Federal News Network) Only 20 percent of the Army's cyber teams are made up of civilians. The Army is analyzing whether that's the right ratio in an environment where every uniformed servicemember is expected to be able to deploy to combat.

Are wireless voting machines vulnerable? Florida, other states say they’re safe enough (McClatchy DC) Several states insist on using wireless voting machines to transmit election results. But watchdog groups and technologists warn that they can be hacked and cause ‘havoc’ in midterm vote.

Design and Innovation

Instagram now uses machine learning to detect bullying within photos (TechCrunch) Instagram and its users do benefit from the app’s ownership by Facebook, which invests tons in new artificial intelligence technologies. Now that AI could help keep Instagram more tolerable for humans. Today Instagram announced a new set of antii-cyberbullying features. Most importantly, it c…

Rethinking the concept of trust (Fifth Domain) How best to protect the government’s critical data.

Better Customer Experience is More Than a "Nice to Have" for Security (SecurityWeek) Improved security leads to improved customer experience – and improved customer experience leads to improved security.

Academia

Professor of cyber appointed at Cranfield (Cranfield University) The role will strengthen the relationship between Atkins and Cranfield University, to support advances in through-life cyber security.

CIS students prepare for Cybersecurity competition (CSU-Pueblo Today) The "CyberWolves," Colorado State University-Pueblo’s National Cyber League Cybersecurity team, nationally ranked No. 9 in the U.S. out of over 265 university teams, will begin preparing for

Legislation, Policy and Regulation

How Russian hybrid warfare changed the Pentagon’s perspective (Fifth Domain) As the Russians blitzed the Crimean region of Ukraine with cyberattacks, electromagnetic jamming and unmanned aerial systems, the U.S. military closely observed the battle tactics and recognized its need to transform.

Network defense is an always-on kind of warfare (Fifth Domain) Adversaries are constantly probing networks trying to exploit vulnerabilities.

The Tech Implications of the White House's New Cybersecurity Strategy (Technology Solutions That Drive Government) The new policy plan emphasizes investing in both technology and workforce development.

From Inside The NSA, A Call For More Whistleblowers (NPR.org) The National Security Agency has a reputation as the nation's most secretive intelligence agency. But a new inspector general arrived this year and is calling for a "robust whistleblower program."

Litigation, Investigation, and Enforcement

Salisbury spy Alexander Mishkin unmasked by proud gran’s picture of Putin handshake (Times) A grandmother’s pride and a love of expensive cars helped to uncover the true identity of the second alleged Salisbury poisoner, it was revealed yesterday. Alexander Mishkin was identified this...

Can the FCC Really Block California's Net Neutrality Law? (WIRED) A lawsuit raises novel questions about the relationship between the federal government and the states.

Google appeals €4.3 billion EU fine over Android (CRN Australia) European regulators found Android breached EU antitrust rules.

Romanian national accused of being leader of an international cyber fraud ring that used malware to steal $4 million after taking people’s passwords, personal and bank information (US Department of Justice) A Romanian national was returned to the United States Friday to face federal charges that accuse him of being the leader of an international cyber fraud ring that used malware to steal in excess of $4 million after taking people’s passwords, personal identifying information, and bank account information.

Convicted leaker Reality Winner moved from Lincoln County jail (The Augusta Chronicle) The former National Security Agency contractor sentenced to 63 months in prison has been moved to several different prison sites since her August...

Ngapuhi mum loses daughter to cyber-bullying (Māori Television) A Northland mother of a cyber-bullying victim is speaking out following the sudden death of her 15-year-old daughter.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, USA, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training.

CyberMaryland 2018 (Baltimore, Maryland, USA, October 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

HoshoCon 2018 (Las Vegas, Nevada, USA, October 9 - 11, 2018) Over 3 days, attendees will gain firsthand knowledge about blockchain security. You are invited to converse with technologists working on blockchain and cryptocurrency projects, hear key insights from industry leading security experts and participate in developer workshops. Hosho is lucky to call Las Vegas home, and as our guests, you will be treated to unique content, valuable networking opportunities and the entertainment that only Vegas can offer. We can’t wait to see you there.

U.S. Department of Transportation Cybersecurity Symposium (Washington, DC, USA, October 9 - 10, 2018) The U.S. Department of Transportation (DOT) Cybersecurity Symposium is 2 days of training sessions and educational seminars focused on the mission of protecting government networks and privacy. Hosted by the Office of the DOT Chief Information Officer (CIO) and the Chief Information Security Officer (CISO), the symposium is open to all Federal agencies and will take place at the DOT Headquarters building, 1200 New Jersey Avenue SE, Washington, DC 20590.

SecureWorld Dallas (Dallas, Texas, USA, October 10 - 11, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Florida Cyber Conference 2018 (Tampa, Florida, USA, October 10 - 11, 2018) The Florida Cyber Conference has quickly become the “can’t miss” networking event for Florida’s stakeholders in cybersecurity, bringing together a diverse audience from multiple sectors to encourage dialogue, share information, address emerging threats and trends, and promote collaboration. Exhibiting at Florida Cyber Conference 2018 is your opportunity to connect with leaders from across Florida’s cybersecurity community. Meet industry CISOs, CFOs, and CEOs; representatives from government and defense; students; and researchers.

Geneva Information Security Day (Geneva, Switzerland, October 12, 2018) Geneva Information Security Day (GISD) is a leading European cybersecurity conference created as a vendor-independent platform for open and actionable discussion of emerging digital threats and remedies, knowledge sharing and building sustainable cybersecurity industry.

FAIRCON18 (Pittsburgh, Pennsylvnia, USA, October 14 - 18, 2018) Focused on advancing cyber, operational risk management.The event will feature in-depth training seminars, insightful presentations from industry leaders, candid executive and practitioner-led discussions and keynotes aimed at driving awareness, knowledge and the development of operational blueprints for building quantitative risk management programs. FAIRCON18 will attract C-suite officers and practitioners responsible for information and operational risk management decisions. The event will unite leaders in information and operational risk management to explore FAIR best practices that produce greater value and alignment with business goals.

The Cyber Security Summit: Phoenix (Phoenix, Arizona, USA, October 16, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Zero Day Con: Hacking Democracy (Washington, DC, USA, October 16, 2018) Join Zero Day Con and Strategic Cyber Ventures on October 16th in Washington, D.C. to examine the path forward in reducing our attack surface, managing risk, regaining control of our networks and data, and restoring trust in our cyber-powered global democratic institutions. Zero Day Con Washington DC is an independent conference comprised of interactive learning sessions, keynotes and panel discussions, and will feature an area designated for technology companies to demo and share their latest innovations, products and services. Open to security executives, researchers, operators, policy makers, and all defenders of democracy from private industry, non-profits, academia, military, and government. A half day of focused discussions on cyber-enabled information warfare efforts eroding democracy and the infosec capabilities we need. Network with peers and speakers at the event and during the post-conference cocktail hour.

FAIRCON18 (Pittsburgh, Pennsylvania, USA, October 16 - 17, 2018) Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals. Large enterprises and government organizations are creating breakthroughs in the management of information and operational risk that enable business-aligned communication, cost-effective decision-making and ultimately managing what matters. Interested in on-site FAIR training? Head to FAIRCON18 early to attend an on-site FAIR Analysis Fundamentals Course, October 14-15, for those that elect to partake in this optional conference add-on. The FAIR Institute is an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard information and operational risk management practices in a movement central to “cyber risk economics,” the revolutionary approach to measuring and managing information risk enabled by the Factor Analysis of Information Risk (FAIR) model.

PCI Security Standards Europe Community Meeting (London, England, UK, October 16 - 18, 2018) The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!

SecureWorld Cincinnati (Cincinnati, Ohio, USA, October 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

2018 ISSA International Conference (Atlanta, Georgia, USA, October 17 - 18, 2018) Join us for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today. Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional can become an expert on these dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and over 1,000 of your colleagues and peers in Atlanta as we discuss topics ranging from incident response, to emerging technologies, to business skills for the information security professional. Join us at the 2018 ISSA International Conference and we’ll help you prepare to Secure Tomorrow Today.

Fifth Annual Cyber Warfare Symposium (New York, New York, USA, October 18, 2018) The Fifth Annual Cyber Warfare Symposium is an annual one-day event presented by the Journal of Law & Cyber Warfare in conjunction with academia, government and private industry organizations at NYU School of Law in New York City. The theme, “Attend. Engage. Learn,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Supply chain seeding claims still controversial. DDoS in Kiev. GAO on weapon vulnerabilities. DVR, camera flaws. Patch notes.