The CyberWire Daily Briefing 10.31.18

Summary

By The CyberWire Staff

Influence operations of various kinds continue to romp through social media as social networking platforms grapple (under election-driven scrutiny) with the inherent difficulty of content moderation and various other alternative forms of rumor control. Bitdefender and other security companies have been tracking information operations serving up fake news and other forms of propaganda. The focus is naturally enough on next week's US midterm elections, but influence campaigns have been active in Brazil, the UK, and elsewhere.

Recorded Future and McAfee have released their study of Kraken Cryptor, with particular attention devoted to how the ransomware is distributed through a black-market affiliate scheme.

Another strain of ransomware, SamSam, which crippled Atlanta earlier this year, is being tracked by Symantec, which concludes that SamSam is being used mostly against US targets.

The US Department of Justice yesterday released an unsealed grand jury indictment of ten Chinese nationals, at least two of them serving intelligence officers, charging them with industrial espionage against at least thirteen US companies in the aerospace sector. The activities revealed in the indictment show the Ministry of State Security's adherence to classic forms of agent recruiting and handling.

The US Geological Survey's Inspector General found the source of a major malware infestation that propagated across the Interior Department agency: an employee used his Government device to surf through some nine-thousand pages of adult content. One could see maybe a slip here or there, perhaps a baker's dozen of moments of weakness, but nine thousand, wow, that seems like supererogation.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, Iran, Pakistan, Russia, United Kingdom, and United States.

Create a culture of cybersecurity awareness with Coachable Moments.

According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour offers thoughts on processor vulnerabilities. Our guest is Maria Rerecich from Consumer Reports on their product testing processes, and how they’ve evolved to keep up with the times in the cyber age.

Sponsored Events

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

China hijacking internet traffic using BGP, claim researchers (Naked Security) Researchers claim that unusual BGP routing changes are actually man-in-the-middle surveillance.

China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking (Military Cyber Affairs:) China’s Workaround: Hijacking Internet Traffic not covered by the anti-theft 2015 Xi-Obama Agreement

China's 5 Steps for Recruiting Spies (WIRED) Cases of Americans allegedly recruited to spy on China’s behalf follow a basic pattern.

Bitdefender Finds Hackers Targeting High-Profile US Election... (Bitdefender Labs) Here at Bitdefender Labs we are closely watching the US Midterm Elections in search of anomalies in malware, spam, misinformation and social network activity. What is a ‘fake domain’? Typically, a fake website. Hackers register variations of valid website domains in order to... #electionsecurity

Americans Are Easy Marks for Russian Trolls, According to New Data (The Daily Beast) A Daily Beast analysis of Twitter data shows the Kremlin troll farm’s English-language propaganda is nine times more effective than its disinformation in Russian.

Social-Media Companies Are Scanning for Potential Terrorists — Islamic Ones, Anyway (Defense One) Big platforms like Facebook others have come a long way in detecting and preventing the spread of Islamic extremist content and tracking potential Muslim terrorists. Why aren’t they doing more about other kinds?

This Election Offered A Window Into WhatsApp's Wild, Sometimes Fact-Free World (BuzzFeed News) "What we do know is that people trust the information they see in a WhatsApp group and are more likely to read every message that comes into the platform."

Twitter’s U.S. midterms hub is a hot mess (TechCrunch) Today, Jack Dorsey tweeted a link to his company’s latest gesture toward ongoing political relevance, a U.S. midterms news center collecting “the latest news and top commentary” on the country’s extraordinarily consequential upcoming election. If curated and filtered properl…

Facebook bans the Proud Boys, cutting the group off from its main recruitment platform (TechCrunch) Facebook is moving to ban the Proud Boys, a far-right men’s organization with ties to white supremacist groups. Business Insider first reported the decision. Facebook confirmed the decision to ban the Proud Boys from Facebook and Instagram to TechCrunch, indicating that the group (and presuma…

Facebook caught in an election-security Catch-22 (AP NEWS) NEW YORK (AP) — When it comes to dealing with hate speech and attempted election manipulation, Facebook just can't win. If it takes a hands-off attitude, it takes the blame for undermining democracy and letting civil society unravel. If it makes the investment necessary to take the problems seriously, it spooks its growth-hungry investors. That dynamic was on display in Facebook's earnings report Tuesday, when the social network reported a slight revenue miss but stronger than expected profit for the July-September period.

How one man could have taken over any business on Facebook (Naked Security) The recently patched flaw would have enabled anyone to make themselves an administrator for any Facebook business account.

Kraken Cryptor Ransomware Gains Popularity Among Cybercriminals (Recorded Future) Insikt Group collaborated with researchers at McAfee to analyze Kraken Cryptor, a ransomware affiliate program now popular among members of the dark web.

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims (McAfee Blogs) Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future's version of this analysis. Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In

Security firm: Hacking group SamSam primarily targeting US organizations with ransomware attacks (TheHill) The hacking group behind the costly cyberattack that shut down many of the Atlanta's computer systems earlier this year is primarily targeting U.S.-based organizations, according to a new report.

Semmle Discovers Six Critical Vulnerabilities Affecting Macs, iPhones, and iPads (Semmle) Today, Apple announced a series of critical remote code execution vulnerabilities in Apple’s XNU operating system kernel. XNU is the kernel of macOS, iOS, and other Apple operating systems, which run on more than 1.3 billion devices globally. The vulnerabilities are in XNU’s networking code and its client-side NFS implementation. They were discovered by Kevin Backhouse from the Security Research Team here at Semmle, using our variant-analysis engine to search for vulnerability patterns in source code.

Snakes in the grass! Malicious code slithers into Python PyPI repository (Naked Security) Not for the first time, typosquatting malware made its way into an open source code repository.

Webroot Unveils Nastiest Malware of 2018 (PR Newswire) Webroot, the Smarter Cybersecurity® company, highlights the top cyberattacks of 2018 in its latest Nastiest...

More malspam using password-protected Word docs (SANS Internet Storm Center) This diary reviews an example of malicious spam (malspam) using password-protected Word documents to distribute Nymaim on Tuesday 2018-10-30.

Hackers target UK universities accredited by NCSC (Computing) Iranian criminals tried to phish 18 universities, half of them offering NCSC-approved cybersecurity courses

Square, PayPal POS Hardware Open to Multiple Attack Vectors (Threatpost) Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft.

Pakistani bank denies losing $6 million in country's 'biggest cyber attack' (ZDNet) Anonymous source says the attack consisted of a flood of suspicious PoS transactions made at Target stores in Brazil and US.

How’d this government agency get infected with malware? 9,000 pages of porn. (Washington Post) An employee at the U.S. Geological Survey visited more than 9,000 pornographic Web pages and infected the agency's network with malware, prompting calls to bolster security measures, according to an inspector general’s report.

Crypto exchange collapses, victims accuse it of exit scam (Naked Security) Another day, another exchange goes down – but was it a hack or an exit scam?

Cortland And Homer Among 50 CNY School Districts Under Cyber Attack (X101 Always Classic) Senator Chuck Schumer announced yesterday (October 29) that more than 50 Central New York schools were hit with a total of nine cyber attacks so far t

Security Patches, Mitigations, and Software Updates

Apple releases security updates, says new MacBooks will disconnect microphone when lid is closed (Help Net Security) Apple unveiled new Macs and iPads on Tuesday and has pushed out security updates for macOS, iOS, watchOS, tvOS, Safari, iTunes, and iCloud for Windows.

About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra (Apple Support) This document describes the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra.

Yes, you should update your iPhone to iOS 12.1, but its lock... (HOTforSecurity) Apple has released its first major update to iOS 12 - iOS 12.1 - bringing a host of new features to iPhones and iPads including dual SIM support, Group Facetime, and for those who needed more of them in their life - 70 new emoji. Apple is less keen to brag about... #ios #iphone #maliciouswebsite

Apple's T2 Security Chip Makes It Harder to Tap MacBook Mics (WIRED) By cutting off the microphone at the hardware level, recent MacBook devices minimize the chance that someone can eavesdrop

Cyber Trends

Damaging cyberattacks surge ahead of 2018 U.S. midterm elections (Help Net Security) Two-thirds of IR professionals interviewed believe cyberattacks will influence the upcoming U.S. elections, according to Carbon Black.

Quarterly Incident Response Threat Report | November 2018 (Carbon Black) Stay abreast of the current attack landscape and trends seen by leading IR firms in Carbon Black's Quarterly Incident Response Threat Report (QIRTR)

OTX Trends Part 3 - Threat Actors (AlientVault) This is the third of a three-part series on trends identified by AlienVault in 2017.Part 1 focused on exploits and part 2 addressed malware. This part will discuss threat actors and patterns we have detected with OTX.Which threat actors should I be most concerned about?Which threat actors your organization should be most concerned about will vary greatly. A flower shop will have a very different threat profile from a defense contractor. Therefore below

2018 Open Threat Exchange (OTX) Trends Report (AlienVault) AlienVault Threat Researcher Chris Doman and Security Advocate Javvad Malik highlight the latest threat trends with advice on how to defend against them.

The three C’s of cyber (Fifth Domain) Creativity, communication and collaboration secure critical infrastructure.

Spooking the C-Suite: The Ephemeral Specter of Third-Party Cyber-Risk (Dark Reading) Halloween movies are the perfect metaphor for breaking down today's scariest supplier breach tropes.

Marketplace

Does your small business need cyberattack insurance? (The Globe and Mail) Front Row Insurance says small businesses in Canada are so poorly covered because the process is too complex and costly

RSA Conference 2019 expands innovation program (Help Net Security) RSA Conference announced submissions are open for the returning RSAC Innovation Sandbox Contest and the first-ever RSAC Launch Pad.

Qualys Acquires Container-Native Security Company Layered Insight (Qualys) Strategic acquisition enables Qualys to add runtime defense capabilities and automated enforcement to its current Container Security solution

Mobileum Inc. Announces the Acquisition of Evolved Intelligence (BusinessWire) Mobileum Inc. (“Mobileum”), a leading global provider of analytics-based roaming and risk management solutions, today announced the acquisition of Evo

Facebook loses more users in Europe as its growth continues to cool (The Telegraph) Facebook has warned investors to expect slower revenue growth for the foreseeable future as it battles new privacy laws, lower user numbers and a worldwide shift towards private messaging.

It's early, but Booz Allen has high hopes for a new business line (Washington Business Journal) The company’s solutions business is tackling mobile security first, but CEO Horacio Rozanski sees product potential in artificial intelligence, directed energy and cybersecurity as well.

Radiflow Expands Corporate Management Team to Accelerate Company's Strategic Expansion for its Industrial Cybersecurity Solutions (PR Newswire) Radiflow, a leading provider of industrial cybersecurity solutions for critical infrastructure, today...

Products, Services, and Solutions

Endgame Introduces Total Attack Lookback™ for Comprehensive Incident Review (Endgame) Includes 120 days of non-repudiable forensic information that exceeds average adversary dwell time at zero additional cost ARLINGTON, VA - October 31, 2018 - Endgame, the leader in unified endpoint protection against targeted attacks, today announced it has made critical threat intelligence data available to all customers free of charge through Total Attack Lookback™ – the industry’s first forensic review feature to exceed average adversary dwell time.

Comodo Launches Dome Shield Platinum to Secure and Control Internet Access (GlobeNewswire News Room) DNS-based protection and visibility deployed in under two minutes anywhere on any IT infrastructure

NSS Labs Announces Results of Second Edition of 2018 Data Center Intrusion Prevention System Group Test (P&T Community) Three Products Receive Recommended Rating

AlienVault - Open Threat Exchange (AlienVault Open Threat Exchange) Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today's latest threats.

ConnectWise and Cylance Integrate Managed Services Provider Solutions (Cylance) Cylance is pleased to announce the integration of flagship products CylancePROTECT and CylanceOPTICS with ConnectWise Automate to boost security protocols for managed services providers (MSPs) that support security solutions across a range of businesses.

CA Technologies updates mainframe solutions, promoting a platform for hybrid environments (Help Net Security) CA's enhanced offerings enable customers to use intelligence and automation to maximize resources and protect data while working across hybrid environments.

Allot Communications reaches deal with Swiftel Networks (Proactiveinvestors NA) Allot Communications Ltd (NASDAQ:ALLT) - Allot will provide Swiftel with a distributed denial-of-service (DDoS) protection system to offer it as a service across their broad network of internet service provider and enterprise customers

Technologies, Techniques, and Standards

Paper Is Big Again, at Least for Elections. These States Don’t Have It (Roll Call) Just days before the midterms, dozens of jurisdictions around the country go to polls without a paper backup for electronic voting systems.

Military Cyber Teams On Standby For Elections (Breaking Defense) “We haven’t deployed anyone, just to be clear,” Edwin Wilson said. “We’ll have a traditional prepare-to-deploy order, (and) the members and teams are on recall ready to go within hours.”

Center for Internet Security looks to expand threat sharing program to political campaigns (Cyberscoop) While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise.

Fewer than half of US states have undergone federal election security reviews (ABC News) With only a week left before the midterms, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities.

Don’t Be Manipulated This Midterm Election Season: 5 Immediate Social Media Actions You Need to Take (Proofpoint) Our midterm elections are quickly approaching, which means Americans need to be hyperaware on social networks to avoid misinformation and scams. Below are five things you must do right now to protect yourself online and not be manipulated. It’s time for all Americans to take control of the information they consume.

Cyber Supply Chain Task Force to Meet Soon (Nextgov.com) The task force will be managed by Homeland Security Department’s new long-range cyber planning organization.

Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response (TrendLabs Security Intelligence Blog) Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside newer threats such as cryptocurrency mining malware in the third quarter of 2018.

The Role of Technology in Compliance (TetherView) Learn about various technology compliance frameworks as they relate to cyber risk management. TetherView - the most comprehensive private cloud for business

Cyber Drills Are the New Fire Drill: 5 Mistakes You’re Probably Making Right Now (CSO) When a data breach hits an organization, everyone is under pressure to react. There is little to no time to think or plan. That’s why having a solid, approved plan and regular drills to practice are critical to an effective response.

Deceptioneering Part 2: Principles of Deception (Infosecurity Magazine) Once you have a foundational knowledge of Deceptioneering, it is important to look at some practical applications.

Design and Innovation

The Plausibility of Forecasting Cyber Attacks (SIGNAL) Experts examine if and how cyber attacks can be predicted.

Google Updates reCAPTCHA: No More Boxes to Check (Threatpost) Puzzles and check-boxes have been replaced with in-the-background behavioral analysis.

10 Years of the Blockchain: What Is Bitcoin, Really? (Motherboard) The Bitcoin white paper was released into the world 10 years ago today, so we asked some influential people in the space—including the guy who spent 10,000 bitcoins on pizza in 2010—what it is and where it's going.

Research and Development

Denim Group Awarded Hybrid Analysis Mapping Patents by U.S. Patent and Trademark Office (Digital Journal) announced that the United States Patent and Trademark Office (USPTO) has

Bank of America awarded new patent for storing cryptography keys (BCFocus) In an interesting development on Tuesday, Bank of America was awarded a patent for systems and devices for hardened remote storage of private cryptography keys used for authentication, according to documents released by the US Patent and Trademark Office (USPTO).

Legislation, Policy and Regulation

The threat to US cyber intelligence (Fifth Domain) How “failure of imagination” continues to plague counterintelligence efforts.

DoD leader calls for teamwork in ‘cyber posture review’ (Fifth Domain) The deputy secretary of defense discussed the importance of sharing tools, techniques and insight between agencies to protect America's critical infrastructure from cyberattacks.

Common suitability, security clearance standards are coming within a year, ODNI says (Federal News Network) Common standards across the suitability and security clearance processes may ease long-held frustrations from industry and the intelligence community.

Intelligence 'black budget' hits mysterious new high under Trump (Washington Examiner) Congress secretly boosted U.S. spy agency funding last year, pushing the government's intelligence "black budget" to its highest publicly known level, and raising questions about the reason for the surge.

Military Intelligence Spending Just Posted Biggest Spike in a Decade (Defense One) With an 18 percent increase this year, the Pentagon’s $22 billion intelligence tab is rising faster than civilian spy agencies.

Litigation, Investigation, and Enforcement

Feds: Chinese spies orchestrated massive hack that stole aviation secrets (Ars Technica) Feds say campaign hacked 13 firms in bid to help Chinese state-owned aerospace company.

U.S. charges Chinese spies and their recruited hackers in conspiracy to steal trade secrets (Washington Post) It’s the third such law enforcement action taken against China since September.

[Superseding indictment] (US Department of Justice) UNITED STATES OF AMER]CA, Plaintiff, V ZHANG ZHANG_GU] (1), aka "leanov, " aka "1eaon, " zHA RONG (2), cHAr MENG (3), aka "Cobain," L]U CHUNLIANG (4), aka "sxpdi-cl-," aka "Fangshour " GAO HONG KUN (5), aka "mer4en7y, " ZHUANG XTAOWET (6), aka "jpxxavr " MA ZHrQr (1) , aka "Le Mar " Lr xrAo (B), aka "zhuan86 " GU GEN (9), aka "Sam Gur" TrAN Xr (10), Defendants.

Zuckerberg gets joint summons from UK and Canadian parliaments (TechCrunch) Two separate parliamentary committees, in the UK and Canada, have issued an unprecedented international joint summons for Facebook’s CEO Mark Zuckerberg to appear before them. The committees are investigating the impact of online disinformation on democratic processes and want Zuckerberg to a…

Mueller probes Roger Stone’s interactions with Trump campaign and timing of WikiLeaks release of Podesta emails (Washington Post) On Friday, the special counsel interviewed Stephen K. Bannon, Trump’s former chief strategist, about alleged claims Stone made privately about WikiLeaks, according to people familiar with the session.

Alleged SWATter will plead guilty to dozens of serious new federal charges (Naked Security) The long list of charges includes bank fraud, involuntary manslaughter, cyberstalking and wire fraud.

Infantino expects release of info from cyberattack on FIFA (AP NEWS) FIFA President Gianni Infantino is braced for a release of private information gained by hackers after world soccer's governing body said its computer network was subject to another cyberattack. The disclosure comes in the same month the U.S. Department of Justice and the FBI said Russia's military intelligence body was responsible for a hack on FIFA in 2016, which led to evidence from anti-doping investigations and lab results being published. FIFA did not provide details about the data gained in the latest attack this year on e-mail systems, but it has been contacted by media outlets about internal information contained in private exchanges.

UK Law Firm Preps Cathay Pacific Class Action (Infosecurity Magazine) Lawyers claim airline owes customers compensation

Credit Union’s Employees Saw Anti-Money-Laundering Compliance Gaps (Wall Street Journal) Employees at Pentagon Federal told regulators it had a flawed program to prevent money laundering.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed by SIA and PSA Security Network’s education teams, sessions will feature top cybersecurity leaders, while sponsor exhibits will showcase solutions related to cybersecurity, integrated systems and physical security solutions.

upcoming Events

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber Security Dallas (Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States. The area is home to more than 200,000 high-tech workers spanning industries that are integral to the nation’s infrastructure and economy, including transportation and telecommunications. The event will bring together thousands of security and information technology professionals to discuss the top cyber security challenges facing businesses today and network with industry practitioners, innovators and thought leaders.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential hostile use of cyber and related information technologies including how to neutralize the current ones. Since the initial InfoWarCon in 1994 we have hosted the event in multiple venues across the US and Europe

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina and beyond. RETR3AT goes beyond the “1s and 0s” approach to cybersecurity training, challenging attendees to think about how to lead in protecting their organization’s information within an ethical framework.

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW is officially sponsored by the Armed Forces Communications & Electronics Association (AFCEA) - Tucson Chapter, Arizona InfraGard, and the Arizona Cyber Threat Response Alliance (ACTRA). Subject Matter Expert (SME) Speakers will be on hand from the military, government, and defense contractors to talk about current cyber threats, cyber defense, and remediation strategies. CSW will focus a unique and highly productive unification point to further Arizona's developing leadership in cybersecurity. Cyber Southwest is an annual event, and a platform for training and education, for the region's core areas of Healthcare, Education, Government, Military, Intelligence, Law Enforcement, and Homeland Security.

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts and interact with your industry peers facing the same complex infrastructure and security challenges. Acquire critical technical knowledge, discover best practices and learn how to secure the evolving enterprise identity infrastructure.

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts and interact with your industry peers facing the same complex infrastructure and security challenges. Acquire critical technical knowledge, discover best practices and learn how to secure the evolving enterprise identity infrastructure.

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact on cyber security and creating a solid cyber security foundation for the organization. Join us and get the answers to different questions as how to make cybersecurity strategy more dynamic to keep up with threats or how to get the most value out of cybersecurity automation investments. You will discover the crucial elements of cyber risk oversight and innovative methods which could be implemented against the cybercrime.

2nd Annual Aviation Cyber Security Summit Summit (London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the aviation supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Federal IT Security Conference: FITSC 2018 (College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. Attendance is free for government and military and can earn attendees up to 6 continuing education units (CEUs).

SINET Showcase (Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.

SecureWorld Seattle (Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business event environment that facilitates valuable networking, immersive learning and leads the critical debate through cutting-edge content. The Infosecurity North America conference program provides access to the latest information security insight presented by leading experts, practitioners and thought leaders. The panel discussions, presentations, demos and workshop will provide you with the information and skills you need to strengthen your organization’s cyber defenses against the threats of tomorrow.

Kingdom Cyber Security (Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Influence operations in social networks. Ransomware notes. US indicts alleged Chinese spies. Avoid Russian adult sites.