The CyberWire Daily Briefing 10.26.18

Special Section

SecurityWeek's 2018 ICS Cyber Security Conference

SecurityWeek's 2018 ICS Cyber Security Conference concluded yesterday. Cultural issues received as much attention as technical ones. Many of the speakers remarked on the fissures that continue to open between IT and OT (and a great many cybersecurity professionals come from the IT as opposed to the OT world), and between ICS vendors and security vendors as well. Sometimes you work through the issues by physically showing up and getting to know the people and conditions that actually obtain in a facility. Sometimes you overcome them through a systematic approach to disclosure. And sometimes a mutually trusted third party can help.

There were also interesting presentations of case studies that suggest how swiftly effective attack tools are spreading.

We'll wrap up our coverage with some notes early next week.

Summary

By The CyberWire Staff

US National Security Advisor Bolton, who's been in Moscow this week for high-level talks with Russian officials, says he warned Russia against attempting to influence or interfere with US elections.

Russia's Foreign Ministry has responded to reports that they're listening in on President Trump's iPhone calls with an expression of "amusement."

Recorded Future's account of North Korean Internet usage shows that it's grown, but also that it's most heavily used by the country's small ruling elite. That elite does a lot of things regular users do (like shopping) but a great deal of activity, much of it staged through foreign countries, is directly criminal, regime-serving theft: Kim's regime works on the Internet as if it were a criminal cartel.

British Airways disclosed that 185 thousand additional customers were affected by its breach. Credit card information was exposed.

Radware warns of a botnet, "Demonbot," that's been quietly establishing itself in poorly secured Apache Hadoop servers. The intention appears to be to use the compromised servers for distributed denial-of-service attacks. It was first noticed by NewSky Security during its inspection of traffic into honeypots late this summer. Researchers for now at least think the botnet is the work of skids, but it's an annoyance that must be dealt with.

Google may be facing a US Federal Trade Commission inquiry over the propagation of ad fraud through its Play Store.

Bitdefender and the Romanian Police, through the No More Ransom project, have released an improved version of a free decryptor for GandCrab ransomware.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Estonia, Democratic Peoples Republic of Korea, Mexico, Nigeria, Russia, Saudi Arabia, Ukraine, United Kingdom, and United States.

A note to our readers: Having trouble with the CyberWire hitting your junk folder? Consider adding our domain (thecyberwire.com) or email address (editor@thecyberwire.com) to your whitelist or address book.

A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.

Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.

On the Podcast

In today's podcast we'll be hearing from our partners at Lancaster University, as Daniel Prince discusses quantum hardware primitives. Our guest is Britney Hommertzheim, director of information security at AMC Theatres, on building partnerships within your organization to strengthen security’s role.

Sponsored Events

New York Times Event: Cyberwarfare with Google, Department of Justice & more (Washington, DC, United States, October 30, 2018) David Sanger, national security correspondent for The New York Times will moderate a discussion on cyberwarfare, one of the greatest threats to American democracy and commerce. He will be joined by John Demers, assistant attorney general for the national security division at the Department of Justice; Yasmin Green, the director of research and development for Jigsaw, a Google company; and Dmitri Alperovitch, co-founder of CrowdStrike, who discovered Russian hacking of the Democratic National Committee.

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Selected Reading

Dateline

Cultural issues: IT and OT, security and operations. (The CyberWire) There may be a growing awareness among corporate board members of the cyber risks to industrial control systems. That's one of the relatively positive outcomes of the pain inflicted by last year's NotPetya infestations. But there are still other cultures whose members need more work on developing mutual understanding and mutual trust. Several speakers addressed these rifts during the 2018 ICS Cyber Security Conference.

TRISIS/TRITON and the rise of malware built to kill. (The CyberWire) What lessons does the TRISIS/TRITON attack on a Middle Eastern petrochemical facility hold for industry? Speakers at the ICS Security Conference think there are at least three. First, hunt behaviors, not signatures. Second, the barriers to effective attacks on safety instrumentation systems have dropped. And third, there's now malware out there that's been built to kill.

The risk to OT networks is real, and it's dangerous for business leaders to ignore (Help Net Security) OT networks risk is real, and it's dangerous and perhaps even negligent for business leaders to ignore it, according to SANS Institute.

Cyber Attacks, Threats, and Vulnerabilities

North Korea is using the internet ‘like a criminal syndicate’ (Fifth Domain) A new report says North Korean leaders have ‘dramatically’ changed their internet use in a way that could be costly to U.S. interests, and former U.S. officials say it is difficult to deter the country's hacking operations.

Bolton Says He Told Kremlin: 'Don't Mess With American Elections' (RadioFreeEurope/RadioLiberty) White House national-security adviser John Bolton says he told top officials in Moscow that Russian meddling in U.S. elections had backfired and that should provide a lesson to the Kremlin: "Don't mess with American elections."

Kremlin 'amused' by report that Russia listening to Trump's phone calls (TheHill) A Russian official says the Kremlin is "amused" by a New York Times report claiming the country is listening in to President Trump's personal phone calls.

Researcher finds trove of political fundraising, old voter data on open internet (Cyberscoop) A consulting firm that works with Democratic campaigns unknowingly left sensitive information and credentials to old voter records open on the internet.

Should You Be Afraid of Election Hacking? Here's What Experts Say (Time) Assessing the threat — and what public fear can lead to

These states are battling malware ahead of the midterm election (CBS News) Data captured in battleground states shows a dramatic increase of trojans, adware, and ransomware

State County Authorities Fail at Midterm Election Internet Security (McAfee Blogs) One of the things we at McAfee have been looking at this midterm election season is the security of election infrastructure at the individual county and state levels. A lot of media and cybersecurity research focus has been placed on whether a major national attack could disrupt the entire U.S. voting

Analysis | The Cybersecurity 202: McAfee's decision to research election disinformation highlights industry shift (Washington Post) Politics is trendy right now.

British Airways warns that a further 185,000 customers were hit by security breach (Computing) Credit card details of a further 185,000 customers almost certainly compromised in BA payments hack in August

New DDoS botnet goes after Hadoop enterprise servers (ZDNet) Hacker group targets misconfigured Hadoop YARN components to plant DemonBot DDoS malware on resource-rich servers.

New DemonBot Botnet Pulls the YARN in Hadoop Servers (BleepingComputer) Attackers looking to increase the denial-service-power of their botnet have set their sights on servers with vulnerable Hadoop installations, compromising them via publicly available exploits.

New DemonBot Discovered (Radware Blog) Radware Research is monitoring and tracking a malicious agent that is leveraging a Hadoop YARN unauthenticated remote command execution to infect Hadoop clusters with a new unsophisticated bot called DemonBot.

Siemens Siclock: How do threat actors exploit these devices? (SearchSecurity) Six flaws were recently found in Siemens Siclock central plant clocks. Learn what these clocks do, which clocks were infected and how threat actors can exploit these devices from expert Judith Myerson.

Cymulate Finds Logical Bug in Microsoft Office Suite – Word Embedded Video Code Execution (BusinessWire) Cymulate, a leading provider of Breach & Attack Simulation (BAS) solutions and a Gartner 2018 Cool Vendor, announced today it has uncovered a secu

Indiana National Guard recovers from ransomware attack on state server (StateScoop) The server included military and civilian personal information, but officials say the malware used doesn't typically compromise data.

Has someone contacted you saying they’ve got webcam video of you? Don’t pay them. (Army Times) Scammers are claiming to have sensitive videos recorded from hacked webcams, and soldiers could be at risk.

Kodi piracy in steep decline: Anti-piracy efforts from ACE and others appear to be working (Comparitech) Following several anti-piracy efforts in 2017, Kodi piracy is now seeing a sharp decrease, as is almost all search traffic related to Kodi.

Increased dark web activity putting merchants and consumers at risk (Help Net Security) IntSights scoured the dark web to assess data and goods being sold illegally, new cyber scam tactics and how cybercriminals impersonate brands online.

More exploits: the great PLC hack (Control Design) Diving into vulnerabilities of industrial control systems withSiv Hilde Houmb, Norwegian University of Science and Technology (NTNU); and Erik David Martin, Noroff Education.

Cybersecurity Experts: Stop Sending Troops Into Combat With Personal Tablets, Smartphones (Washington Free Beacon) Special operators and other troops must stop taking their unsecured personal tablets and smart phones into combat after an internal Navy investigation.

Security Patches, Mitigations, and Software Updates

Google just made it easier to delete your search history: Here's how (CNBC) In an effort to simplify its data privacy controls, Google is making it easier to delete user search history.

Cyber Trends

The State of the Threat Detection Report 2018 (Fidelis Cybersecurity) Cybercriminals have been upping their game this year; the use of file-less attacks with macros and PowerShell scripts to evade preventive defenses and sandboxes mean that they are getting better than ever at using phishing, social engineering and drive-by techniques to gain initial footholds in private domains – and once they arrive, they are often avoiding detection for extended periods of time.

State Of Software Security (CA Veracode) CA Veracode presents volume 9 of the State of Software Security (SOSS) report, our comprehensive review of application testing data.

‘Internet of Battlefield Things’ Transforms Combat (Wall Street Journal) A variety of intelligent and semi-intelligent things are starting to talk to each other and work together on the battlefield, says Dr. Alexander Kott, chief scientist of the United States Army Research Lab.

Gigamon Deploys Applied Threat Research Team to Provide World-Class Detection, Investigation and Response (Gigamon) Research team’s latest research report unveils new trends in crimeware affecting global enterprises

How People Use Connected Devices (Clutch) People own and use connected devices, particularly smart home appliances, to access personal information. Most connected devices people own, though, are used as singular technologies, according to our survey of more than 500 people who own a connected device. Read More

Security Alert: Lack of Trust Comes with a High Price Tag for U.S. Bus (PRWeb) US Consumers Increasingly Put Their Money Where Their Trust Is, Research From PCI Pal Finds

Organizations want to threat hunt, but can't due to lack of time, skills and visibility (Help Net Security) 63% of respondents do not currently employ threat hunting, with half of organizations with over 5000 employees stating that they threat hunt.

Cybercrime could cripple nation’s economy, says NITDA (Guardian) Again, the National Information Technology Development Agency (NITDA) has called for concerted efforts in the fight against cybercrimes in the country.

Marketplace

Arctic Wolf Lands $45 Million in New Funding to Accelerate Company Growth (Arctic Wolf) Amidst Rapid Growth and Market Interest, SOC-as-a-Service Provider Plans for Expanded Offerings with New Products and Strategic Acquisitions

Verimatrix acquires Akamai identity Services assets (Digital TV Europe) Content security specialist Verimatrix has acquired the assets that comprise the Akamai Identity Services (AIS) product from CDN giant Akamai. The acquisition will help Verimatrix provide a common authentication system to reduce friction within the content distribution workflow for TV everywhere se...

Former Facebook security chief calls out Apple for privacy hypocrisy (Naked Security) Tim Cook’s warnings about an “industrial data complex” have been met with accusations of hypocrisy from Facebook’s former security supremo.

GDS offers £90k a head for squad of cyber and privacy professionals (PublicTechnology.net) The Government Digital Service is offering annual salaries of up to £90,000 as it seeks to recruit a team of experts to ensure the privacy and security credentials of its services.

Digital Guardian Announces CEO Transition (BusinessWire) Paul Ciriello Appointed as Interim CEO to Oversee Daily Business Operations and Product Innovation

Kount Appoints 20-Year Security and Privacy Executive Gary Sevounts as (PRWeb) Kount, a leading provider of fraud prevention solutions, announced today that industry leader Gary Sevounts has joined its executive team as Chief Marketing

CynergisTek Appoints New Senior Vice President of Sales and Marketing (BusinessWire) CynergisTek appoints new SVP of Sales & Marketing to drive business development of strategy and enhance customer experience.

Products, Services, and Solutions

New infosec products of the week: October 26, 2018 (Help Net Security) Data Theorem introduces automated API discovery and security inspection solution Data Theorem introduced the industry’s first automated API discovery and

Latest security tests introduce attack chain scoring (SE Labs) Security testing lab specialising in anti-malware and targeted attack testing of endpoints, appliances and cloud services.

SyncDog Inc. Announces Integrated Partnership with Quick Heal Technologies (BusinessWire) SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced that IT sec

Garland Technology Announces 40G Bypass TAP and Advanced Aggregator to Improve Network Security and Efficiency (PR Newswire) Garland Technology, a leading provider of network and test access solutions, today announced a release of two new...

InfoSec Global and ID Quantique collaborate to provide a Quantum- Powered Crypto-Agile VPN, delivering the Industry's Strongest Security Transmission for Wide Area Communications (PR Newswire) InfoSec Global (ISG) and ID Quantique today announced a collaboration that for the first time delivers a Quantum-Safe...

Pulse Secure Launches New Packaging to Fuel Secure Access Services for Cloud and Hybrid IT (Globe Newswire) Service providers benefit from an integrated Secure Access suite with new on-demand provisioning, usage-based licensing and nominal up-front investment

A10 Networks delivers automation, analytics and multi-cloud management advancements to its ADCs (Help Net Security) Thunder ADC enhancements enable integration with Kubernetes, enhanced Ansible Playbooks and simplified ADC policy configuration with expanded ACT support.

FaceShield launches to protect your digital facial data and privacy online (Help Net Security) FaceShield offers three different filters for your photos, each of which provide a different level of image alteration and protection.

SyncDog's partners with Quick Heal Technologies (Help Net Security) Quick Heal has embedded SyncDog’s Secure.Systems workspace into their MDM solution to expand their offering and capture the growing BYOD market.

Pokémon chooses Vera’s data-centric security platform to protect critical IP worldwide (Help Net Security) The Pokémon relies on Vera to secure and track media files, game designs, and more, for secure collaboration and rights management.

Data Theorem introduces automated API discovery and security inspection solution (Help Net Security) Data Theorem introduced an automated API discovery and security analysis solution aimed at addressing API security threats.

Technologies, Techniques, and Standards

Some notes for journalists about cybersecurity - Security Boulevard (Security Boulevard) The recent Bloomberg article about Chinese hacking motherboards is a great opportunity to talk about problems with journalism.

Free decryption tool released for multiple GandCrab ransomware versions (ZDNet) New decryption tool can recover files locked by GandCrab versions 1, 4, and 5.

Behavioral Scientists Joining Risk Assessment Teams (Wall Street Journal) Behavioral science is finding its place in risk management as companies increasingly understand that a mechanical, box-ticking approach to compliance isn’t enough to avert misconduct.

Five Cybersecurity Steps for SMB Contractors (SIGNAL) The threat is no longer doomsday rhetoric.

Windows 7 End-of-Life: Are You Ready? (Dark Reading) Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.

Is your email account secure? (Action Fraud) Your email account can be a treasure trove for cyber criminals. New research has revealed that 79% of people keep emails in their account that can be exploited by cyber criminals to commit Identity theft, fraud, or impersonation.

Top Four G Suite Security Tips (Forbes) The use of G Suite brings a range of cloud-related security challenges that businesses can’t afford to ignore.

DHS Plans to Rejigger Government’s Cyber Sensor System for Move to Cloud (Nextgov.com) The government’s current system of Einstein cyber threat sensors isn’t well-suited to the scale and complexity of cloud systems.

Design and Innovation

National Cryptocurrencies – A Viable State Alternative to the Established Norm? (CyberDB) Cryptocurrency appears to be gaining traction among governments seeking to establish their own digital currencies, despite questions regarding...

DIB Calls BS On Buzzwords: Defense Innovation Board (Breaking Defense) Besides digging out ineptitude with a sharp spade, the DIB guide also offers constructive suggestions, even including 16 specific software programs to use for specific purposes, from version control to bug reports.

DIB Guide: Detecting Agile BS (Defense Innovation Advisory Board) Agile is a buzzword of software development, and so all DoD software development projects are, almost by default, now declared to be “agile.” The purpose of this document is to provide guidance to DoD program executives and acquisition professionals on how to detect software projects that are really using agile development versus those that are simply waterfall or spiral development in agile clothing (“agile-scrum-fall”).

Research and Development

US Department of Energy behind 'unhackable' quantum network to be built in Chicago (Computing) Principles of quantum physics ought to make experimental network unhackable

Legislation, Policy and Regulation

Blessings and Curses From Constantinople (Foreign Affairs) The split in the Orthodox Church between Constantinople and Moscow will have wide-ranging implications for Russia's foreign policy under Vladimir Putin and Ukrainian domestic politics under Petro Poroshenko.

Cyber spy boss taking agency ‘out of shadows’ (The Australian) Australia’s military and cyber spy agency will undergo a public repositioning campaign — one of its most significant since its intelligence role was first recognised in 1977 — amid growing global threats to national security, cyber defence and demands for accountability.

Joyce: Give the U.S. cyberwar policy a chance (Defense Systems) Rob Joyce, former White House cyber coordinator, said the Trump administration's new cyber warfare policy is more 'thoughtful' than some might think.

Top NSA official skeptical of ‘hack back’ (Fifth Domain) Experts have called hack back

The Need for C3 (New America) A proposal for the creation of a Cybersecurity Civilian Corps—an innovative solution to critical cybersecurity issues.

President Trump Calls for National Spectrum Strategy (Broadcasting & Cable) Focus is on government to find spectrum for burgeoning internet of everything

National Risk Management Center to 'build on small things' (Federal News Network) Chris Krebs of the National Protection and Programs Directorate, described the National Risk Management Center as one half of a two-pronged approach to cybersecurity.

Analysis | The Cybersecurity 202: Google faces calls for privacy legislation, FTC probe after exposing user data (Washington Post) Its secrecy could get them in the most trouble.

DHS Report Urges Research into Cyber Market Failures (Nextgov.com) The research road map urges examining the long-term effects of laws, regulations and supply chain vulnerabilities.

ICANN GDPR WHOIS Policy Eliminates Pre-Emptive Protection of Internet Infrastructure Abuse; Obstructs Routine Forensics to Cybercriminals’ Advantage (BusinessWire) GDPR Whois policy reducing industry's ability to protect internet infrastructure from cybercrime abuses.

Corporate Speech Police Are Not the Answer to Online Hate (Electronic Frontier Foundation) A coalition of civil rights and public interest groups issued recommendations today on policies they believe Internet intermediaries should adopt to try to address hate online. While there’s much of value in these recommendations, EFF does not and cannot support the full document. Because we deeply...

Litigation, Investigation, and Enforcement

Saudi Arabia, in latest reversal, says Khashoggi’s killing was premeditated (Washington Post) The announcement underscored the rapidly mounting pressures on Saudi Arabia to fully explain the journalist’s death.

CIA director listens to audio of journalist’s alleged murder (Washington Post) Trump has grown skeptical of Saudi Arabia’s claim that the killing of journalist Jamal Khashoggi was a “rogue operation.”

Man in Florida arrested in connection with mail bombs sent to public figures (Washington Post) The arrests came after at least a dozen packages containing suspected explosives were sent to public figures.

Suspected explosives sent to Biden, De Niro as investigation into pipe bombs expands to 10 packages (Washington Post) Police found more suspicious packages the day after bombs addressed to Hillary Clinton, Barack Obama and others were intercepted.

The instant, inevitable cries of ‘false flag’ after bomb threats targeting the Clintons, Obamas and CNN (Washington Post) Once, false flag conspiracy theories lived in the online fringes. They're now an inevitable response to breaking news stories with political implications

Warner Calls on FTC and Google to Address the Prevalence of Digital Ad Fraud (Mark R. Warner) U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Banking Committee, wrote a letter to the Federal Trade Commission (FTC) Chairman Joseph Simons expressing concern following a report published by Buzzfeed detailing continued prevalence of digital advertising fraud and inaction by Google to curb these efforts. According Buzzfeed, this scheme has generated hundreds of millions of dollars in fraudulent advertising revenues, with operations spanning more than 125 Android apps and websites.

Mueller probing whether Stone pal knew Clinton emails would be leaked (NBC News) Mueller's team is investigating whether Jerome Corsi knew stolen emails would be leaked and passed information about them to Trump associate Roger Stone.

U.S. Charges, Puts Sanctions on Singaporean Commodities Executive (Wall Street Journal) U.S. authorities filed criminal charges and imposed sanctions on the owner and director of a Singapore-based commodities-trading firm for allegedly laundering money on behalf of North Korea.

Two hackers behind 2016 Uber data breach have been indicted for another hack (TechCrunch) Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch. Vasile Mereacre, a Canadian citizen living in Toronto, and…

Treasury Official Accused of Leaks Is a Trump Supporter Who Feuded With Another Unit (Wall Street Journal) The arrest last week of a senior Treasury Department official for allegedly leaking sensitive records to BuzzFeed had its roots in a bureaucratic dispute dating to the Obama administration, according to people familiar with the matter.

Former ID card manufacturer Gemalto files against PPA (ERR) Former Estonian ID card manufacturer Gemalto AG has filed a breach of contract action against the Police and Border Guard Board (PPA) following the latter's own action filed at Harju County court on 27 September.

Why the NSA Called Me After Midnight and Requested My Source Code (Medium) The story behind my top secret coffee cup

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts and interact with your industry peers facing the same complex infrastructure and security challenges. Acquire critical technical knowledge, discover best practices and learn how to secure the evolving enterprise identity infrastructure.

upcoming Events

Energy Tech 2018 (Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security and Policy. In 2018, we continue to expand our collaboration effort with professional societies including InfraGard, IEEE, SAE, AIAA, PMI, and others, to join in advancing the technology and system integration of these complex domains, and managing the risk scenarios confronting civilizations.

Global Resilience Federation Summit on Third-Party Risk (Leesburg, Virginia, USA, October 24 - 26, 2018) The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management teams, and provide a platform for security leaders to share expertise and learn from each other to improve holistic security. The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. Space is limited for this complimentary event, and registration will be capped and by-approval only. Attendees will include ISAC/ISAO member organizations plus third-party vendors and suppliers.

Wild West Hackin’ Fest (Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event even better! As with last year, this IT Security conference promises to be the most hands-on, activity-driven con you can attend! We want this conference to be the most hands-on, activity-driven con you’ve been to yet! Never worked with a JTAG? You will. Never done a single thing with Software Defined Radio? You will. We will be having an SDR village and a hardware hacking village, among some other great events. The skills you learn here will be directly applicable to your job immediately when you get back to work… or home. We listened to your feedback and this year we’re adding even more lab time, so you can go to as many talks as you can fit AND also do all the activities. This Year’s Theme: Mining.

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be engaging round table debates with industry experts, colleagues and peers. The Symposium began with the inaugural conference in San Francisco March 2018. The conference focused on IoT Security, Secure Payments, Medical Device Security, Smart Cities, Block chain and other topics centered around IoT Security. As the world continues to become more connected, 20+ Billion IoT devices, protecting our devices and systems are critical. Linked devices (vehicles, computers, phones, industrial systems, personal assistants, homes, etc.), user identity and authentication all need a high level of security. As hacking, phishing, DDOS and ransomware continue to increase, one thing is certain: Securing The Internet of Things is critical to our survival!

Times Talks: Arming for Cyberwarfare (Washington, DC, USA, October 30, 2018) David Sanger, a national security correspondent and author of “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age,” will moderate a discussion in Washington, D.C., on cyberwarfare, one of the greatest threats to American democracy and commerce, just days before a consequential midterm election. He will be joined by John Demers, the assistant attorney general for the national security division; Yasmin Green, the director of research and development for Jigsaw, a unit within Alphabet, Google’s parent company, that uses technology to address security; and Dmitri Alperovitch, co-founder of CrowdStrike, who discovered Russian hacking of the Democratic National Committee.

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber Security Dallas (Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States. The area is home to more than 200,000 high-tech workers spanning industries that are integral to the nation’s infrastructure and economy, including transportation and telecommunications. The event will bring together thousands of security and information technology professionals to discuss the top cyber security challenges facing businesses today and network with industry practitioners, innovators and thought leaders.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential hostile use of cyber and related information technologies including how to neutralize the current ones. Since the initial InfoWarCon in 1994 we have hosted the event in multiple venues across the US and Europe

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW is officially sponsored by the Armed Forces Communications & Electronics Association (AFCEA) - Tucson Chapter, Arizona InfraGard, and the Arizona Cyber Threat Response Alliance (ACTRA). Subject Matter Expert (SME) Speakers will be on hand from the military, government, and defense contractors to talk about current cyber threats, cyber defense, and remediation strategies. CSW will focus a unique and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for training and education, for the region's core areas of Healthcare, Education, Government, Military, Intelligence, Law Enforcement, and Homeland Security.

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts and interact with your industry peers facing the same complex infrastructure and security challenges. Acquire critical technical knowledge, discover best practices and learn how to secure the evolving enterprise identity infrastructure.

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact on cyber security and creating a solid cyber security foundation for the organization. Join us and get the answers to different questions as how to make cybersecurity strategy more dynamic to keep up with threats or how to get the most value out of cybersecurity automation investments. You will discover the crucial elements of cyber risk oversight and innovative methods which could be implemented against the cybercrime.

2nd Annual Aviation Cyber Security Summit Summit (London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the aviation supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Notes from SecurityWeek's ICS Cyber Security Conference. States as criminal cartels? British Airways breach. Demonbot. GandCrab decryptor.