The CyberWire Daily Briefing 11.26.18

Announcements

A CyberWire Daily News Briefing redesign is coming.

We'll soon be rolling out a new format for our email. We've redesigned it the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of these changes already with our addition of inline links to our summary.

When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

Summary

By The CyberWire Staff

The US Trade Representative has taken official notice of higher rates of Chinese hacking as trade tensions intensify (Fifth Domain). Such hacking is widely regarded as placing China in breach of the Obama-Xi agreement to cut back industrial espionage (National Law Review).

The US is urging its allies, on security grounds, to steer clear of Huawei (Wall Street Journal).

Emotet ramped up phishing attacks last week. Black Friday spam delivered malicious XML files with .doc extension (WeLiveSecurity).

Microsoft has fixed the Outlook 10 patches that were causing system crashes (ZDNet).

In the UK, Parliament is increasing pressure on Facebook (Washington Post).

The city of Beijing plans to bring each of its 22-million citizens under a "social credit" system, aggregating and scoring each individual's actions and reputation. If you've been good and are well-thought-of, life will be easier. If not, you'll be "unable to move a step." The capital city's program is the forerunner of one envisioned for the country as a whole, a kind of mark of the Beast as reconceptualized for Big Data (Bloomberg).

General Igor Korobov, director of Russia's GRU since 2016, has died at the age of 62 after what the Defense Ministry called "a long and serious illness." His deputy, Vice-Admiral Igor Kostyukov, who’s commanded Russian forces in Syria and filled in for General Korobov during his illness, will serve as interim director (BBC).

The US Army, drawing lessons from participation in JTF Ares, works to push tailored cyber capabilities down to brigade level (Fifth Domain).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, Germany Iran, Israel, Japan, Republic of Korea, Lebanon, NATO/OTAN, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

On the Podcast

In today's podcast, up later this afternoon, we speak with our partners at the Johns Hopkins University, as Joe Carrigan wonders if we have a cyber skills gap or a shortage of courage.

Sponsored Events

International Spy Museum's 2nd Annual William H. Webster Distinguished Service Award Dinner (Washington, DC, United States, November 28, 2018) Join the Spy Museum for the second annual William H. Webster Distinguished Service Award Dinner honoring Admiral William H. McRaven on Wednesday, November 28 at The Ritz-Carlton. For tickets, visit spymuseum.org.

Cyber Security Summit: November 29 in Los Angeles (Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

US says China hacking increasing ahead of Trump-Xi meeting (Fifth Domain) Trade Representative Robert Lighthizer's report reflects U.S. skepticism and a possible source of new acrimony ahead of the meeting in Buenos Aires.

Phishing Used to Launch GreyEnergy’s ICS Attacks (Infosecurity Magazine) Security researcher analyzed content of phishing email used in ICS attacks

Russia far bigger threat than ISIS: British army chief (The Times of India) UK News: Chief of the General Staff Gen Carleton-Smith said Russia was "indisputably" a bigger threat than Islamic terrorist groups like Al Qaeda and IS, the B

Britain is wide open to cyber-attack (Times) About three years ago an employee at the Prykarpattyaoblenergo control centre in Ukraine was going through some papers at his desk when he noticed that his computer was running through the steps to...

CEE countries particularly at risk from cyber attack (Emerging Europe) A new report from the international law firm CMS has revealed that despite well over 100 separate cyber incidents being recorded across 18 CEE countries last year, less than a quarter of these have resulted in government or regulatory action. The Cybersecurity Challenge in Central and Eastern Europe published by CMS together with Legal Week Intelligence, examines how …

Russian hacker resurgence after midterms (TheHill) Russian hackers are back in the spotlight after the U.S. midterm elections, carrying out a widespread campaign that targeted the federal government, media outlets and think tanks.

Semmle Discovers Vulnerability in Ghostscript Interpreter Used to Process Postscript and PDF Files (Semmle) Semmle announced today that it discovered a vulnerability which could allow for remote takeover of systems running unpatched versions of Ghostscript, an interpreter that processes Postscript and PDF files.

Five Year Old Bug Spawns Router Botnet Monster (Hackaday) In the news has been yet another router botnet. [Hui Wang] and [RootKiter] of 360Netlab announced their discovery of what they call the “BCMUPnP_Hunter” rootkit. They estimate this botn…

L0rdix malware on dark web steals data, mines crypto & enslaves PCs as botnet (HackRead) There’s a new hacking tool circulating in the underground Dark Web forums that let cybercriminals target Microsoft Windows computers.

A Look into the Connection Between XLoader and FakeSpy, and Their Possible Ties With the Yanbian Gang (TrendLabs Security Intelligence Blog) XLoader and FakeSpy are two of the most prevalent malware families that emerged from the mobile threat landscape recently.

Black Friday special by Emotet: Filling inboxes with infected XML macros (WeLiveSecurity) ESET has detected another large Emotet campaign that probably is aiming to piggyback in on the start of busy shopping period with a Black Friday special of their own.

Old Printer Vulnerabilities Die Hard (Threatpost) New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers.

Cryptocurrency ‘minting’ flaw could have leached money from exchanges (Naked Security) Ethereum’s complexity proves to be a rich source of bugs, again.

The US Postal Service exposed data of 60 million users (TechCrunch) A broken U.S. Postal Service API exposed more than 60 million users and allowed a researcher to pull millions of rows of data by sending wildcard requests to the server. The resulting security hole has been patched after repeated requests to the USPS. The USPS service, called InformedDelivery, allo…

PI System Software Maker, OSIsoft, Announced Breach (Infosecurity Magazine) OSIsoft data beach reportedly impacted all domain accounts

Spotify Phishers Hijack Music Fans’ Accounts (Threatpost) The credentials could be used to glean a variety of intel on the victims.

Half of all Phishing Sites Now Have the Padlock (KrebsOnSecurity) Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice

Hacker takeovers Drake's Fortnite account to yell racial slurs (HackRead) The official Fortnite account of the Canadian rapper Drake going by the handle of “Duddus647” was hacked in an attack on Thanksgiving weekend.

Security Patches, Mitigations, and Software Updates

Microsoft: Crash-causing Outlook 2010 security patches are now fixed (ZDNet) Microsoft's new Outlook 2010 update ought to provide the critical security fixes without the crashes.

Update now! Adobe Flash has another critical security vulnerability (Naked Security) Adobe’s Flash Player for Windows, Mac and Linux has a critical vulnerability that should be patched as a top priority.

Cyber Trends

The Balance of Cyberpower (The National Interest) We rank all the great cyberpowers.

Microsoft president says defending democracy is a big cybersecurity challenge (The Irish Times) ‘What we’re seeing is technology tools that some people . . . are turning into weapons’

For recent big data software vulnerabilities, botnets and coin mining are just the beginning (Help Net Security) Any company using Hadoop or Spark should be certain they have the capability to detect and respond to vulnerabilities in these systems rapidly.

Internal negligence to blame for most data breaches involving personal health information (Help Net Security) More than half of personal health information data breaches were because of internal issues with medical providers - not because of external parties.

Losses from business email compromise scams up by a third: ACCC (CRN Australia) ACCC said businesses lost $2.8m from online scams.

Concern Grows over Failure to Tackle Global Threats to Cybersecurity (World Economic Forum) World Economic Forum hosts first Annual Gathering of the Centre for Cybersecurity in Geneva, Switzerland

Marketplace

Security skills hard to find because industry is focusing on the wrong things, says panel (Computing) A panel of security experts at Computing's recent Enterprise Security and Risk Management event says looking for computer science degrees won't necessarily find you the right people for the job

Companies must deal with the growing problem of the security skills gap (Computing) The rate of technology change is accelerating, but people are struggling to learn new skills fast enough to keep up

Why the Pentagon and Silicon Valley Need to Get on the Same Page (Foreign Policy) An interview with the new head of the Pentagon’s Defense Innovation Unit.

China’s Tech Giants Are Looking Weaker Than Ever (Bloomberg) The startup phase is long gone. It’s time they show some financial maturity.

Facebook’s share stuffing wins Zuckerberg no thanks (The Telegraph) Who’s the biggest turkey in Silicon Valley this Thanksgiving?

I knew about Soros smear firm, says Facebook chief (Times) Sheryl Sandberg has changed her account of how much she knew about a PR firm that Facebook recruited to conduct smear campaigns against opponents. The chief operating officer of the social media...

Tech giants offer empty apologies because users can’t quit (TechCrunch) A true apology consists of a sincere acknowledgement of wrong-doing, a show of empathic remorse for why you wronged and the harm it caused and a promise of restitution by improving ones actions to make things right. Without the follow-through, saying sorry isn’t an apology, it’s a hollow ploy for f…

European privacy search engines aim to challenge Google (AP NEWS) In the battle for online privacy, Google is a U.S. Goliath facing a handful of European Davids. The backlash over Big Tech's collection of personal data offers new hope to a number of little-known search engines that promise to protect user privacy. Sites like Britain's Mojeek, France's Qwant, Unbubble in Germany and Swisscows don't track user data, filter results or show "behavioral" ads.

BlackBerry: Did Investors Sour On The $1.4 Billion Cylance Deal? (Seeking Alpha) BB sold off after announcing its $1.4 billion Cylance acquisition. Cylance's AI technology will fortify BB's cybersecurity offerings.

Bitcoin Mining Firm Giga Watt Declares Bankruptcy Owing Millions (CoinDesk) U.S.-based bitcoin mining firm Giga Watt has declared bankruptcy with millions still owed to creditors.

Cisco forecasts IP handset sales surge (CRN Australia) Security upgrades, cloud collaboration and softphone failures spark 30 percent growth.

Hackers are now earning more than $1 million for discovering iPhone X zero-day exploits in China (CyberByte Blog) There was a contest in Chengdu between November 16-17 this year in which white hat hackers earned more than $1 million for discovering exploits.

Why Bitcoin Is Plunging (This Time) (WIRED) Fractures in the bitcoin community and a possible government investigation have sent the value of the virtual currency spiraling down.

Israel Defence Ministry to provide G20 cyber security in $5m deal (Middle East Monitor) Israel's Defence Ministry will provide cyber security for the upcoming G20 summit after signing a $5 million deal with its Argentinian counterpart.

Products, Services, and Solutions

2018 Hacker Kids Gift Guide (Dark Reading) Fun gift choices that foster design thinking and coding skills in kids both young and old.

ISR America Announces New Federated Amazon Web Services API & CLI Access with CloudGate UNO (PR Newswire) ISR America Ltd., a cloud security provider, today announced the launch of the new Federated Amazon Web Services API &...

DAEATI chooses Trustonic IoT and device security for open rail control network (Trustonic) Trustonic security solutions support first Korean railway project to embrace secure IoT, smartphone use and a move to open networks

The Future of Social Media is Here - Trust and Security Are Back (MarketWatch) realfriends, the only intelligent and safe alternative to Facebook, is redefining the world of social communications

Janrain unveils next-gen customer identity management as a service (IDaaS) offering (Help Net Security) Janrain Identity Central allows companies to provide customer registration, authentication, consent management, as well as self-service account recovery.

Orkus Exits Stealth, Launches the Orkus Access Governance Platform So Enterprises Can Prevent Unauthorized Access in the Cloud (PR Newswire) Orkus, Inc., today announced it has formally entered the marketplace with the launch of the Orkus Access Governance...

Technologies, Techniques, and Standards

Can the grid be restarted after a cyber attack – it is not clear (Control Global) The recent DARPA Plum Island test to restart the grid after a cyber attack did not address process sensors. It is not clear the impact on grid restart if the process sensors are compromised.

Are we chasing the wrong zero days? (Help Net Security) Zero days became part of mainstream security after the world found out that Stuxnet was used to inflict physical damage on an Iranian nuclear facility.

Siemens beteiligt sich an Blockchain-Energieplattform (Cointelegraph) Die Energiesparte des deutschen Technologiekonzerns Siemens schließt sich der Open-Source-Blockchain-Plattform 'Energy Web Foundation' an.

Aircraft Giant Boeing Integrates Blockchain Technology into New Flight Software (blockchainreporter) Boeing and SparkCognition have teamed up to create SkyGrid, a new DLT-based aviation software…

A SWIFT response to threats: how the global financial network safeguards itself against compromise and theft (CSO) In the digital era, cyber-security is – or should be – a prime concern for Australian organisations of all stripes and sizes.

7 Real-Life Dangers That Threaten Cybersecurity (Dark Reading) Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.

The Cybersecurity Mistakes Startups Make When They Get Big (Wall Street Journal) When small businesses start to boom, upgrading their cybersecurity usually gets left off the to-do list.

Creepy or Not, Face Scans Are Speeding up Airport Security (WIRED) Who cares if you hate it? This time- and effort-saving tech is spreading, and fast.

The Lie Generator: Inside the Black Mirror World of Polygraph Job Screenings (WIRED) Want to become a police officer, firefighter, or paramedic? A WIRED investigation finds government jobs are one of the last holdouts in using—and misusing—otherwise debunked polygraph technology.

Your Drone Can Give Cops a Surprising Amount of Your Data (WIRED) Crime investigators are gleaning a host of personal information from a recovered drone, such as where its owner lives, credit card numbers, and email addresses.

3 lessons the Army is taking from U.S. Cyber Command (Fifth Domain) The service has undergone a series of pilots to test what cyber capabilities brigade commanders should have at the tactical edge.

Here’s why Marine Raiders want to take down GPS, cellphones and a Russian navigation service (Marine Corps Times) The Raiders are looking to train its special operators for a fight with near-peer adversaries.

Design and Innovation

Influence of Artificial Intelligence and Machine Learning in Cybersecurity (Infosecurity Magazine) Why AI and Machine Learning are reflective of the predicted advancements in IT.

AI has an explainability problem (Computing) Rainbird CEO Ben Taylor on keeping humans at the centre of decision making

The passwordless web explained (Naked Security) Naked Security attempts to demystify passwordless web authentication.

Wanted: The ‘perfect babysitter.’ Must pass AI scan for respect and attitude. (Washington Post) A start-up that requires prospective babysitters to hand over their social media accounts says it uses “advanced artificial intelligence” to assess a sitter's risk of drug abuse, bullying and more.

Academia

University of Birmingham CISO: "I have severe doubts about the security of Facebook, and LinkedIn is going the same way" (Computing) The University of Birmingham faces security challenges from the local to the international level

Anne Barth: Training a coding, cyber workforce in WV (Daily Mail Opinion) (Charleston Gazette-Mail) We often hear that students in school today will work in jobs that don’t even exist right now. Even just 10 years ago, who knew that people would find work

NDSU Cyber Team Has Four Top Ten Finishes, Student Places in Top 50 Cyber Warriors Nationally (Digital Journal) North Dakota State University students excel at cybersecurity competitions and win national awards in several areas.

Legislation, Policy and Regulation

China In Breach Of Cyber-Security Pact (The National Law Review) It has been a fairly turbulent week in the cyber-espionage space following accusations that China&rsquo;s Ministry of Security Services is behind the surge of intellectual property theft from Australi

That Black Mirror episode with the social ratings? It’s happening IRL (Naked Security) Not picking up after your dog will cost you 10 points, for example, in China’s Black Mirror-esque plan to socially score citizens.

China's Xinjiang Region: A Surveillance State Unlike Any the World Has Ever Seen (SPIEGEL ONLINE) In western China, Beijing is using the most modern means available to control its Uighur minority. Tens of thousands have disappeared into re-education camps. A journey to an eerily quiet region.

Exclusive: Russia plans stiffer fines for tech firms that break... (Reuters) Russia plans to impose stiffer fines on technology firms that fail to comply wit...

Russia, stung by intelligence leaks, plans to tighten data protection (Reuters) Russia has drawn up draft legislation aimed at stopping leaks of personal inform...

NATO’s Cyber Operations Center – Will Russia Feel Threatened? (CyberDB) According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023. The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has …

Get Out Of My Face, Get Out of My Home: The Authoritarian Tipping Point (Forbes) We have all the necessary technology to go beyond Orwell's dystopian authoritarian predictions in his novel 1984: surveillance cameras, face recognition, digital assistants and AI analytics. We just need is a tipping point to create a powerful authoritarian regime that could control our every move.

Matthew Hedges: Cut defence links with emirates and impose sanctions, urge MPs (Times) Britain should threaten to withdraw its defence co-operation from the United Arab Emirates to secure the release of the jailed student Matthew Hedges, a senior Tory said yesterday. MPs also said it...

Analysis | The Cybersecurity 202: British parliament turns up heat on Facebook over privacy practices (Washington Post) There's a hearing tomorrow.

Businesses urged to pull adverts from tech giants hosting extremism (The Telegraph) Businesses have been urged to pull their advertising from tech firms that fail to take down extremist content following an investigation into five terror attacks that claimed 36 lives.

Washington Asks Allies to Drop Huawei (Wall Street Journal) The U.S. government has launched an outreach campaign to foreign allies to persuade wireless and internet providers to shun telecom equipment from China’s Huawei.

Huawei “surprised” by reports US is exerting pressure on allies (South China Morning Post) The Shenzhen-based company is caught in a vortex between the world’s two largest economies amid an escalating trade and technology war

Special Report: Is the US Ready to Escalate in Cyberspace? (Defense One) A barrage of cyber attacks have hit U.S. companies and institutions over the past decade. At long last, the United States says it’s ready to strike back.

Newly elected Republican senator could be Google’s fiercest critic (Ars Technica) There's growing appetite among Republicans for regulating big tech companies.

Head of Skripal-linked spy agency dies (BBC News) Gen Igor Korobov died aged 62 after "a serious and long illness", the Russian government says.

Litigation, Investigation, and Enforcement

Israeli NSO negotiated with Saudis advanced cyberattack capabilities sale, Haaretz reveals (Haaretz) Just months before crown prince launched a purge against his opponents, NSO offered Saudi intelligence officials a system to hack into cellular phones. NSO: We abide the law, our products are used to combat crime and terrorism

US ‘reveals how Tehran funds Hezbollah’s terror’ (Times) Iran funnelled “hundreds of millions” of US dollars through Russia and Syria to Middle East terrorists in a scheme masterminded by the director of a company that was registered in Britain...

U.K. Anti-Terrorism Efforts Are Terrifying to Anybody Who Favors Free Speech (Reason.com) Clicking the “wrong” link can get you interrogated by the authorities—and the situation may soon get worse.

Private Facebook documents seized by parliament (Computing) Documents allegedly contain email conversations about privacy controls that led to the Cambridge Analytica scandal

Ukrainian Police Nab Suspected RAT-Slinger (Infosecurity Magazine) Lviv man is alleged to have infected thousands around the world

First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000 (BleepingComputer) Following a hack that resulted in leaking online about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Office.

Google accused of 'failing to comply' with EU competition authority's Google Shopping ruling (Computing) Google's own 'heads we win; tails you lose' remedy criticised for favouring only Google,Cloud and Infrastructure,

George Soros deputy calls on Congress to investigate Facebook 'smears' (The Telegraph) Facebook’s use of a public relations firm which sought to smear George Soros should be investigated by the US Congress, according to a senior official from the billionaire tycoon's Open Society Foundation.

How much for that app? U.S. top court hears Apple antitrust dispute (Rueters) When iPhone users want to edit blemishes out of their selfies, identify stars an...

Nine out of 10 reported cyber incidents never reach court (Computing) Whether it is because of legal risks, reputational damage or concerns over business continuity, reporting cyber incidents is rare and pursuing them legally is even more so,

Chinese businesswoman accused of jaywalking after AI camera spots her face on an advert (The Telegraph) Chinese police have admitted to wrongly shaming a famous businesswoman after a facial recognition system designed to catch jaywalkers mistook an advert on the side of a bus for her actual face.

The United States’ toughest biometric privacy law is facing a challenge from Six Flags (The Verge) The Illinois Supreme Court is hearing a case.

LinkedIn violated data protection by using 18M email addresses of non-members to buy targeted ads on Facebook (TechCrunch) LinkedIn, the social network for the working world with close to 600 million users, has been called out a number of times for how it is able to suggest uncanny connections to you, when it’s not even clear how or why LinkedIn would know enough to make those suggestions in the first place. Now,…

The phone went dark, then $1m was sucked out in SIM-swap crypto-heist (Naked Security) A Silicon Valley exec lost $1m in cryptocoin savings when a 21-year-old allegedly SIM-swapped his phone.

The FBI Created a Fake FedEx Website to Unmask a Cybercriminal (Motherboard) In an attempt to identify someone tricking a company into handing over cash, the FBI created a fake FedEx website, as well as deployed booby-trapped Word documents to reveal fraudsters' IP addresses.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore how the Army-Industry team can best collaborate to achieve cost-effective, innovative solutions to military problems, seamlessly reallocate resources as conditions change, and with the speed and efficiency that adversaries cannot match.

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering talks presented by successful leaders from IEEE Northeast. Emerging technologies will also be demonstrated, engaging attendees to facilitate discussion and potential advancement of STEM outreach class ideas.

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote authorization. Securing Digital ID is a unique event for executives, policy makers, product developers and engineers interested in identity security and authentication. The conference will be held in partnership with TWST Events on December 4-5, 2018 at the Hilton Alexandria Mark Center minutes from Washington, D.C.

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC to Bermuda, the “world’s risk capital,” where we, with the support of a stellar advisory committee, will focus on cyber risk with an emphasis on insurance and risk-transfer solutions.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), FOG Computing, Block Chain and Artificial Intelligence will extend the benefits of cloud - but also create new attack vectors for ambitious and resourceful adversaries. Additionally, the compliance landscape continues to evolve creating new challenges in delivering, measuring, and communicating compliance through multitude of regulations across multiple jurisdictions. The Cloud Security Alliance and MIS Training Institute have partnered to host the 2018 Cloud Security Alliance Congress on December 10-12 at the Omni Orlando Resort in ChampionsGate, Florida. This year’s event welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work with government cybersecurity authorities and regulators. The forum will offer insights, practical advice, case studies and workshops tailored to the needs of executives and managers. (Request an invitation at the link.)

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.