The CyberWire Daily Briefing 11.5.18

Summary

By The CyberWire Staff

US midterm elections will be held tomorrow (and with early voting have been in progress for some weeks, so it may be more accurate to say that they will end tomorrow, around 8:00 PM local time). There's been much concern about election security, but at the eleventh hour most of that concern has shifted from fear of direct manipulation of voting or disruption of polling toward worries about voter suppression efforts or other last-minute influence operations.

A flurry of reports suggests efforts to penetrate election-related databases, but most such reports have been in the context of state officials announcing their successful defense against such penetration. And it's not clear that this isn't largely a matter of the officials attending to the regular background of attempts to steal personal data.

The Department of Homeland Security is getting nice marks on its election security work from a normally tough Senatorial audience. US Cyber Command, with unusual blood in its eye, is apparently ready to hit back hard at Russia if anything develops.

Chatter from observers expecting the worst is expressing worries about distributed denial-of-service attacks or (if they really expect the worst) local power grid hacks.

A team of academic researchers (from Tampere University of Technology and the Technical University of Havana) have reported a side-channel vulnerability, "PortSmash," in Intel CPUs that employ a simultaneous multithreading architecture.

Cyware warns that two botnets, "Fbot" and "Trinity," are competing to cryptojack Android devices. Fbot is a Satori variant; Trinity is a version of ABD.Miner.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, European Union, Germany, India, Netherlands, New Zealand, Russia, Taiwan, United Kingdom, and United States.

A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.

Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.

On the Podcast

In today's podcast, up later this afternoon, we speak with our partners at Palo Alto Networks, as Rick Howard shares thoughts on DevOps and the future of orchestration.

Sponsored Events

The Pesky Password Problem: Red and Blue Team Battle featuring Kevin Mitnick (Online, November 14, 2018) Kevin Mitnick and Roger Grimes debate one of security's most controversial issues: passwords. Hear the truth regarding effective passwords, password management and more in this unique webinar. Save your spot!

Cyber Security Summit: November 29 in Los Angeles (Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Huawei denies foreign network hack reports (ZDNet) Huawei has pointed to its 'unblemished record of cybersecurity' following reports over the weekend that it helped the Chinese government gain access codes for a foreign network.

Dozens of Spies Killed Thanks to Flawed CIA Comms (Infosecurity Magazine) Report claims Iranian and Chinese intelligence dismantled US spy networks

Top Senate Intelligence Dem: 'People should vote with confidence' that elections will be secure (TheHill) Sen. Mark Warner (D-Va.) said Sunday that he believes Americans can "vote with confidence," and that this year's midterm elections will be secure from potential foreign threats.

Hackers targeting election networks across country in lead up to midterms (Boston Globe) The recent incidents, ranging from injections of malicious computer code to massive submissions of bogus voter registrations, have not been publicly disclosed until now.

Expert Warns This Common Cyber-Attack Could Hit The Midterms Next Week (Forbes) With just days to go until the midterms, officials and citizens need to be on high alert. Here’s what to look out for

The midterms may be the ‘warm-up’ for Russians seeking to target 2020, officials say (Washington Post) Public- and private-sector defenses have been hardened since the 2016 elections.

Two Russian lawmakers are monitoring integrity of midterm voting in the shadow of 2016 interference (Washington Post) Artyom Turov and Alexei Korniyenko are members of the Organization for Security and Cooperation in Europe's Parliamentary Assembly.

Why it's still in Russia's interest to mess with US politics (AP NEWS) Sweeping accusations that the Kremlin tried to sway the 2016 U.S. election haven't chastened Russian trolls, hackers and spies — and might even have emboldened them. U.S. officials and tech companies say Russians have continued online activity targeted at American voters during the campaign for Tuesday's election, masquerading as U.S. institutions and creating faux-American social media posts to aggravate tensions around issues like migration and gun control.

U.S. EAC Voting System Standards Fail to Protect Systems In Penetration Security Tests (Sys-Con) Coalfire Security Tests Show Vulnerabilities in U.S. Election Assistance Commission (EAC) Standards, Machines and System Infrastructure

The Pentagon has prepared a cyber attack against Russia (Center for Public Integrity) Military hackers have been given the go-ahead to gain access to Russian cyber systems for potential retaliation for any election meddling.

Why DOD is sending cyber teams to DHS before the election (FCW) The Defense Department has loaned personnel to Homeland Security in effort to prevent -- or react to -- election hacking attempts.

How Facebook and Twitter are rushing to stop voter suppression online for the midterm elections (Washington Post) With the 2018 midterms just days away, Facebook and Twitter are scrambling to stop falsehoods about how, when and where to vote from spreading wildly online.

Twitter Is Sorry 'Kill All Jews' Was a Trending Topic (Motherboard) The hateful phrase was trending in New York after a synagogue was vandalized with graffiti ahead of an event featuring Broad City actress Ilana Glazer.

Don’t Be Duped by Voting Misinformation Before the Midterms (WIRED) Elections have long been a battleground for information warfare around individual candidates and the voting process itself.

Homeland Security Fell for YouTube Videos About ‘Antifa Civil War’ (The Daily Beast) Newly released emails show an agent asked for intelligence about a supposed plot to overthrow the government, which was quite obviously a hyped meme.

Intel CPUs impacted by new PortSmash side-channel vulnerability (ZDNet) Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted.

PortSmash attack blasts hole in Intel's Hyper-Threading CPUs, leaves with secret crypto keys (Register) Malware already on machines can exploit SMT using side-channel techniques to snatch private info

Fbot vs Trinity: Two IoT botnets battle for supremacy for control over thousands of vulnerable Android devices | Cyware (Cyware) Two IoT botnets - Fbot and Trinity - have reportedly been spotted engaged in a turf war for control over thousands of vulnerable Android devices. Both botnets aim to gain control of vulnerable Android devices and mine for cryptocurrencies.

CTA Security Playbook: Goblin Panda (Security Boulevard) The FortiGuard SE Team has released a new playbook on the threat actor group known as Goblin Panda as part of its role in the Cyber Threat Alliance (CTA).

CTA Adversary Playbook: Goblin Panda (Security Boulevard) The FortiGuard SE Team has released a new adversary playbook on the threat actor group known as Goblin Panda as part of its role in the Cyber Threat Alliance (CTA).

SMS Phishing + Cardless ATM = Profit (KrebsOnSecurity) Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

Spam campaign targets Exodus Mac Users (News from the Lab) We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-…

New Ransomware using DiskCryptor With Custom Ransom Message (BleepingComputer) A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots your computer. On reboot, victims will be greeted with a custom ransom note that explains that their disk has been encrypted and how to pay the ransom.

Want to Make $100 Million from Hacking? Steal Press Releases (Security Boulevard) Stealing credit card number? Old hat. Ransoming information? Been there, done that. Apparently, if you want to make real money from hacking (not that we’re suggesting this), press releases are the latest and most lucrative piece of valuable information.

Who’s In Your Online Shopping Cart? (KrebsOnSecurity) Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites.

SIM Swap Danger as Telco Staff Waive ID Checks (Infosecurity Magazine) Undercover filming shows employees breaking security policy

Did Russian Hackers Just Steal Private Messages From 81,000 Facebook Accounts? (Forbes) Russian hackers claiming to have 120 million Facebook profiles for sale have published details of 257,000 of them online. Intelligence experts confirm that 81,000 of these contain private Facebook messages.

Private Facebook data from 81,000 accounts discovered on crime forum (Naked Security) Stolen data from the 81,000 accounts that appeared to be genuine included intimate exchanges between Facebook users.

FIFA, hacked again, is leaking like a sieve (Naked Security) Football shockers started to flow on Friday, after journalists analyzed more than 70m exfiltrated documents, totaling 3.4 terabytes of data.

Why no cyber 9/11 for 15 years? (Security Boulevard) This The Atlantic article asks why hasn't there been a cyber-terrorist attack for the last 15 years, or as it phrases it:National-security experts have been warning of terrorist cyberattacks for 15 years. Why hasn’t one happened yet?

USB threat vector trends and implications for industrial operators (Help Net Security) Industrial players are limiting network access and increasingly using USB media devices to transfer patches, updates and files to those systems.

Security Patches, Mitigations, and Software Updates

Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Denial of Service Vulnerability (Cisco Security) A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition.

Cyber Trends

WWIII: Cyber conflicts - war by other means (Engineering & Technology) Global computer networks provide the means to conquer in cyber war without a shot being fired.

How the world’s first cyberattack set the stage for modern cybersecurity challenges (Fifth Domain) Back in November 1988, Robert Tappan Morris, son of the famous cryptographer Robert Morris Sr., was a 20-something graduate student at Cornell who wanted to know how big the internet was – that is, how many devices were connected to it. So he wrote a program that would travel from computer to computer and ask each machine to send a signal back to a control server, which would keep count.

China's next big export? Censorship (NZ Herald) Usually secretive nation has been seducing world leaders with 'techno-dystopian' tools.

What 9 Cybersecurity Research Reports Show About the State of Risk (eSecurity Planet) In October, cybersecurity vendors released a number of research reports highlighting the biggest risks in the threat landscape.

The Top Three Cyber Attack Threats that Cause a Financial CISO to Lose Sleep (Security Boulevard) We recently had the chance to hear a presentation by the chief information security officer of a leading financial services firm, which gave a number of valuable insights into today’s top security challenges. To set the stage, the speaker shared recent cyber attacks that may not have caught an individual’s attention but definitely made financial... Read More The post The Top Three Cyber Attack Threats that Cause a Financial CISO to Lose Sleep appeared first on CSPi.

Marketplace

Updated: Mystery group ‘Protect America’s Wireless’ stokes national security fears in Sprint/T-Mobile merger (FierceWireless) “Protect America’s Wireless” has been formed in what appears to be an attempt to block the proposed merger of Sprint and T-Mobile.

The IBM And Red Hat Tango (Seeking Alpha) IBM, under the leadership of Ginni Rometty, has just announced the biggest acquisition in its history, an acquisition it hopes will bring it into the future of cloud computing.

Proofpoint - a tale of two technical strategies (RealMoney) Lets check the charts.

Carbon Black: No Reason For Pessimism (Seeking ALpha) Shares of endpoint security company Carbon Black have descended to all-time lows, dropping 10% after reporting Q3 results.

Symantec boss unfazed by endpoint security startups (CRN Australia) Greg Clark says Symantec is "a lot, lot better".

Venable Completes Merger With New York’s Fitzpatrick Cella (New York Law Journal) In a year that's been packed with law firm mergers the deal between Venable and 100-lawyer Fitzpatrick Cella Harper & Scinto was one of the largest.

New DreamPort center bringing small business cyber help to federal sector (Baltimore Business Journal) U.S. Cyber Command tracks and confronts some of the most dire cybersecurity threats facing our country. But it needs a little help sometimes, so there is a new facility in Maryland dedicated to seeking private industry input on government cyber problems.

Chalva Tchkotoua named chief marketing officer at Protegrity (Westfair Communications) Protegrity, a Stamford-based enterprise data security software solutions provider, has named Chalva Tchkotoua as chief marketing officer and head of global alliances.

Viewpoint: Cyber Town USA a welcome addition to Maryland's cyber ecosystem (Baltimore Business Journal) The expansion of the state’s cyber community is always a welcome development and is a key indicator that Maryland is a major player in innovation.

Northrop Preps for 2nd DreamPort Rapid Prototyping Event After Previous Win; Ginger Wierzbanowski Quoted - GovCon Wire (GovCon Wire) Northrop Grumman (NYSE: NOC) is planning to join a rapid proto

Northrop Grumman to coordinate U.S. cyber warfare computer tools and software applications (Military & Aerospace Electronics) U.S. Air Force cyber security experts are looking to Northrop Grumman Corp. to coordinate a new computer systems architecture to host cyber tools and applications for U.S. military offensive and defensive cyber warfare

Hotshot Hires Srini Murty as CRO Following Initial Funding of New Time and Location-Based Mobile Security Solution for Business (PR Newswire) Hotshot today announced the addition of Srini Murty as Chief Revenue Officer. Murty is responsible for revenue ...

Products, Services, and Solutions

AOP and The Media Trust to Help UK Digital Media Companies Manage Cookie Deployment and GDPR Requirements (The Media Trust) Cookie Declaration Boosts Transparency and Streamlines Communications Between Digital Partners

Circadence® Joins National Effort to Promote Critical Infrastructure Security and Resilience (AP NEWS) Circadence Corporation, the market leader in cybersecurity readiness solutions, is participating in Critical Infrastructure Security and Resilience Month by educating public and private sectors about modern cybersecurity readiness solutions that emulate networks of entire cities, enabling collaborative preparedness work.

Aujas and Endgame announce partnership to deliver advanced managed endpoint protection services (Endgame) Aujas, a leader in cybersecurity transformation services, and Endgame, the leader in unified protection against targeted attacks, today announced a new strategic partnership.

Keeper Security Unveils New Dark Web Monitoring Product, BreachWatch™ (PR Newswire) Keeper Security, Inc., the leading creator of zero-knowledge security solutions, Keeper® Password Manager and...

ThreatQuotient Integrates Verified Breach Intelligence from Visa to Strengthen Payment Data Defenses (BusinessWire) ThreatQuotient's integration with verified breach intelligence from Visa will enable customers to better detect and prevent payment data attacks.

Raytheon’s GPS OCX passes cybersecurity tests (GPS World) System prevented broadcast of corrupt navigation, timing data. Raytheon Company’s GPS Next-Generation Operational Control System, known as GPS OCX, has completed several cybersecurity vulnera…

Intel Develops Blockchain Product for Ensuring Data Security (Today) iExec startup releases Intel-powered solution for secure cloud computing

Beagle free visual analytics tool helps bring cybercriminals to justice (Help Net Security) Researchers from New York University Tandon School of Engineering with Agari, developed the Beagle free visual analytics tool.

Technologies, Techniques, and Standards

ODNI releases Insider Threat Framework (Intelligence Community News) The National Insider Threat Task Force (NITTF), operating under the joint leadership of the Attorney General and the Director of National Intelligence, announced on November 1 the release of the “I…

Survey Shows GDPR Costs Exceeded Expectations (Versasec) Six Months Post Implementation, New Survey Shows Educating Internal Employees on GDPR Remains a Top Challenge

GDPR compliance: Key steps in the GDPR compliance journey (Computing) Wipro's Murthy Vedula examines some of the lessons learnt from running GDPR compliance projects

NIST Teams Up with IBM’s Watson to Rate How Dangerous Computer Bugs Are (Nextgov.com) The artificial intelligence program will replace tedious work done by human analysts.

Ensuring election integrity: The overlooked last mile of securing voter data (Help Net Security) With 99 percent of America's votes counted by computers, security experts agree that our elections remain extremely vulnerable for a cyberattack. Fourteen

5 Reasons Why You're a Perfect Cyber Attack Target (IEEE Spectrum) While cyber attacks should never happen to anyone, there are certain reasons why targets become victims of these attacks.

Centralize your Data, Achieve Long-Term GDPR Compliance (Infosecurity Magazine) Data storage became so simple and affordable, but what impact does GDPR have on this?

How Dimitry Snezhkov Balances the Yin and Yang of Penetration Testing (Security Intelligence) Dimitry Snezhkov didn't touch a computer until he was 18. Now he spends his days penetration testing to uncover security gaps and his nights meditating on the balance of life.

New DHS Cyber Center Meets with Industry to ID Most Valuable Assets (Nextgov.com) DHS officials met Thursday with officials from the communications, electricity and finance sectors.

Cloud Compliance for Financial Companies Requires a Merger of Three Disciplines - Security Boulevard (Security Boulevard) With weightier compliance penalties, ever-deepening cybercrime, and rapid adoption rates of public or hybrid cloud, financial services companies must pay closer attention to cloud compliance and stop treating it in a vacuum.

Pinpointing risky employee behaviors enables IT leaders to reduce risk (SC Media) By Brian Rutledge, Principal Security Engineer at Spanning In the first half of 2018, more than 4.5 billion digital records were compromised in data

How to Build a Culture of Cyberdefenders (Business.com) For the best cybersecurity, the whole company needs to be actively involved.

Nebraska Secretary of State says election system secure (KETV) Nebraska's top election official said he is confident in the security measures they have implemented to protect the state's election system this upcoming election.

Design and Innovation

How a ‘National Security Help Desk’ Could Secure Critical National Infrastructure (Infosecurity Magazine) The increasingly connected nature of CNI presents an opportunity for cybersecurity skills and knowledge to spread fast and wide.

Research and Development

Hackers will soon be able to manipulate people's memory through brain implants, researchers warn (The Independent) Within five years, scientists expect to be able to build memories and place them in the brain

Academia

Cal Poly Announces $100,000 Grant from Silicon Valley Foundation to Help Fund Research and Training at California Cybersecurity Institute | Cal Poly News (Cal Poly News) A $100,000 grant from the Silicon Valley Foundation will help Cal Poly’s California Cybersecurity Institute (CCI) protect critical infrastructures with multiple initiatives, beginning with a Nov. 4 hackathon focused on the “internet of things.”

Marshall Digital Forensics program partners with Swedish company for Open Source Intelligence (Huntington News) Marshall University’s Digital Forensics and Information Assurance program has partnered with Paliscope, a Swedish software company, in launching the Paliscope Academic Program.

Auburn expert tapped for national security role on cyberspace commission (OANow.com) Auburn University’s newly hired leader for cybersecurity research is one of 13 top experts and government officials named to a special commission to help guide future U.S. defense and policy

SRND Partners With Splunk to Train Students in Cybersecurity (PRWeb) CodeDay, a 24-hour programming event hosted seasonally in 50 cities, is partnering with Splunk to train thousands of high school students in cybersecurity at its

Legislation, Policy and Regulation

Putin Wants to Restore GRU Name to Military Intelligence (Bloomberg) President Vladimir Putin called for restoring the traditional GRU name to Russia’s military-intelligence agency, which Western governments blame for election meddling, hacking and poison attacks.

Russia’s Military Spies Are a Laughing Stock, But They’re Dangerous as Hell (The Daily Beast) Every failure is another degree of pressure to deliver a win, pressure exacerbated by high levels of infighting among Russia’s security services.

Germany ex-spy chief Maassen may be fired for insults (Deutsche Welle) Maassen reportedly heavily criticized the government to other European security chiefs in his farewell speech. Interior Minister Horst Seehofer, who backed Maassen in other controversies, has declined to do so this time.

Data localisation: A strategic weapon in cyber war (Express Computer) A sovereign has the right to protect its own property in its own jurisdiction and data about its own citizens or entities remains to be adjudicated by Indian laws. No bigger capitalist or profiteering organisations registered in some other jurisdictions can dictate the fate of Indian property i.e. data

Ottawa not ruling out blocking Huawei from 5G supply contracts (The Globe and Mail) Review under way to determine whether Canada should join the U.S. and Australia in banning Chinese telecommunications giant, Goodale says

Spark boss Simon Moutter lays down the law on Huawei (NZ Herald) Simon Moutter also warns broadband price rises are on the way.

Should company bosses face jail for mishandling your privacy? (Naked Security) A proposed bill calls for executives to be jailed for not protecting consumers’ data, or at least for lying about it.

Litigation, Investigation, and Enforcement

In a court filing, Edward Snowden says a report critical to an NSA lawsuit is authentic (TechCrunch) An unexpected declaration by whistleblower Edward Snowden filed in court this week adds a new twist in a long-running lawsuit against the National Security Agency’s surveillance programs. The case, filed by the Electronic Frontier Foundation a decade ago, seeks to challenge the government&#82…

FDA isn't doing enough to prevent medical device hacking, HHS report says (MSN) The US Food and Drug Administration is not doing enough to prevent medical devices such as pacemakers and insulin pumps from being hacked, a report from the US Department of Health and Human Services' Office of the Inspector General said Thursday.

Ex-CIA Contractor Says Prison Over Classified Info Unfair (Law360) A Virginia federal judge Friday sentenced a former CIA contractor to 90 days behind bars for illegally obtaining and taking classified material from his former workplace and lying about it to federal investigators, despite his counsel’s arguments that notable government officials have done likewise with lesser consequence.

Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million (Dark Reading) Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts and interact with your industry peers facing the same complex infrastructure and security challenges. Acquire critical technical knowledge, discover best practices and learn how to secure the evolving enterprise identity infrastructure.

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts and interact with your industry peers facing the same complex infrastructure and security challenges. Acquire critical technical knowledge, discover best practices and learn how to secure the evolving enterprise identity infrastructure.

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact on cyber security and creating a solid cyber security foundation for the organization. Join us and get the answers to different questions as how to make cybersecurity strategy more dynamic to keep up with threats or how to get the most value out of cybersecurity automation investments. You will discover the crucial elements of cyber risk oversight and innovative methods which could be implemented against the cybercrime.

2nd Annual Aviation Cyber Security Summit Summit (London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges associated with the adoption and convergence of operational technologies in enterprise facing architecture. Practitioners will gain further insight into how to best respond to evolving cyber threats, the importance of effective risk management throughout the aviation supply chain, innovations in detection and mitigation, configuration management and how can we incorporate resilience into critical control system components and business process.

Federal IT Security Conference: FITSC 2018 (College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well as private industry will be in attendance discussing the themes and trends that are influencing the Federal/DoD cyber landscape. Attendance is free for government and military and can earn attendees up to 6 continuing education units (CEUs).

SINET Showcase (Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.

SecureWorld Seattle (Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business event environment that facilitates valuable networking, immersive learning and leads the critical debate through cutting-edge content. The Infosecurity North America conference program provides access to the latest information security insight presented by leading experts, practitioners and thought leaders. The panel discussions, presentations, demos and workshop will provide you with the information and skills you need to strengthen your organization’s cyber defenses against the threats of tomorrow.

Kingdom Cyber Security (Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

API Security Summit (London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore how the Army-Industry team can best collaborate to achieve cost-effective, innovative solutions to military problems, seamlessly reallocate resources as conditions change, and with the speed and efficiency that adversaries cannot match.

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote authorization. Securing Digital ID is a unique event for executives, policy makers, product developers and engineers interested in identity security and authentication. The conference will be held in partnership with TWST Events on December 4-5, 2018 at the Hilton Alexandria Mark Center minutes from Washington, D.C.

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC to Bermuda, the “world’s risk capital,” where we, with the support of a stellar advisory committee, will focus on cyber risk with an emphasis on insurance and risk-transfer solutions.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), FOG Computing, Block Chain and Artificial Intelligence will extend the benefits of cloud - but also create new attack vectors for ambitious and resourceful adversaries. Additionally, the compliance landscape continues to evolve creating new challenges in delivering, measuring, and communicating compliance through multitude of regulations across multiple jurisdictions. The Cloud Security Alliance and MIS Training Institute have partnered to host the 2018 Cloud Security Alliance Congress on December 10-12 at the Omni Orlando Resort in ChampionsGate, Florida. This year’s event welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Updates on US midterm election security. PortSmash side-channel vulnerability. Fbot and Trinity compete for Android devices.