The CyberWire Daily Briefing 11.28.18

Announcements

A CyberWire Daily News Briefing redesign is coming.

By the end of next week we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.

When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

Summary

By The CyberWire Staff

Cisco’s Talos group is tracking a threat actor running what Talos calls “DNSpionage” malware against Middle Eastern targets. Lebanon and the United Arab Emirates have attracted the most attention. At least two espionage campaigns are in progress. One phishes victims with bogus job listings that induce the users to open malicious Microsoft Office documents. The other redirects the DNS of legitimate domains. Talos, which regards the unknown threat actor as painstaking and focused, has been unable to draw connections with other known threats.

Citizen Lab (and Amnesty, which is “taking legal advice”) have recently drawn attention to apparent abuse of NSO Group’s Pegasus tool by various governments. Kaspersky has noticed that another company, government vendor Negg, seems to offer an iOS implant. This suggests to Kaspersky that iOS spyware may not be as rare as hitherto generally believed (Motherboard).

The Iranian threat group Cobalt Dickens is back, and actively prospecting targets in universities. Secureworks’ Counter Threat Unit says they’re after credentials, and using familiar social engineering tactics.

Facebook’s transatlantic grilling proceeds (WIRED). Company emails Westminster seized from a third party indicate that the social network knew about and investigated Russian data harvesting as early as 2014, two years before Facebook publicly acknowledged Moscow’s interest in election meddling (Telegraph).

The big sit-down in London provided the occasion for the immodestly-titled International Grand Committee on disinformation to release its “declaration on the Principles of Law Governing the Internet." The Committee’s nine nations want tech companies “fully answerable” to “organs of representative democracy.”

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Argentina, Australia, Belgium, Brazil, Canada, China, Finland, France, Germany, Iran, Ireland, Italy, Japan, Democratic Peoples Republic of Korea, Latvia, Lebanon, Malaysia, Netherlands, New Zealand, Russia, Singapore, Switzerland, Turkey, United Arab Emirates, United Kingdom, United States

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

On the Podcast

In today's podcast, up later this afternoon, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin reviews Government requests that Google’s Nest turn over user information. And our UK correspondent Carole Theriault speaks with Graham Cluley about police monitoring criminals using the Ironchat secure messaging service.

Sponsored Events

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Malware Companies Are Finding New Ways to Spy on iPhones (Motherboard) Kaspersky Lab’s found evidence that a small spyware government contractor sells iOS malware, showing it may not be as rare as some people think.

New Hacker Group Behind 'DNSpionage' Attacks in Middle East (Dark Reading) Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.

DNSpionage Campaign Targets Middle East (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Bypassing CVE-2018-15442: Another case of DLL Hijacking (SecureAuth) As an exploit writer, one of my tasks consists of gathering common vulnerabilities and exposures (CVE) and all of the information related to them in order to design an exploit for Core Impact. As part of this process I stumbled across CVE-2018-15422: A vulnerability in the update service of Cisco WebEx Meetings Desktop App for Windows.

Malvertising Campaign Impacts Millions of iOS Users (Threatpost) Researchers say the bad actor behind the malvertising campaign is still active.

Back to School: COBALT DICKENS Targets Universities (SecureWorks) Despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale campaign that targeted university credentials using the same spoofing tactics as previous attacks.

More obfuscated shell scripts: Fake MacOS Flash update (SANS Internet Storm Center) Yesterday, I wrote a diary about a nice obfuscated shell script[1]. Today, I found another example of malicious shell script embedded in an Apple .dmg file (an Apple Disk Image[2])

Microsoft explains one Azure authentication outage as another one happens (Ars Technica) Three different problems came together to break authentication earlier this month.

I’ve got a bridge to sell you. Why AutoCAD malware keeps chugging on (Ars Technica) CAD forever changed the design of modern buildings and industrial espionage alike.

Atrium Health says data of about 2.65 million patients involved in... (Reuters) Atrium Health, previously Carolinas HealthCare System, said on Tuesday data of a...

Cyber Monday 2018: Sam's Club Sale Has Nasty Surprises (Forbes) Sam's Club has superb Black Friday pre-sales, but can its Cyber Monday deals rivals? You're in for a nasty surprise...

Rockaway Township police computers down after possible cyber attack (Daily Record) Computer systems at the Police Department and Town Hall have been down since Thanksgiving after a possible cyber attack, sources said.

UPDATE: Mat-Su Borough Assembly to vote on funds for cyber attack response (KTUU) Months after a sophisticated cyber attack took the Mat-Su Borough's network offline, the borough is shifting around funds to continue its effort to rebuild and upgrade its network infrastructure.

Facebook, Twitter crack down on AI babysitter-rating service (Washington Post) Predictim's chief said the company was undeterred by the restrictions: “If you’re not hiding anything, if you’re not abusive, if you’re not a bully, I don’t see why you’d be scared."

Security Patches, Mitigations, and Software Updates

Siemens patches major firewall flaw, other vulnerabilities (TechGenix) German conglomerate Siemens has been busy trying to close several gaps in its security infrastructure caused by critical vulnerabilities.

Cyber Trends

Cybersecurity 2019: Predictions you can't ignore (Help Net Security) As we move forward to 2019, expect credit card and payment information theft to continue to rise, according to research from CyberInt.

IIoT Technologies Integration Creates Growth Opportunities in the Industrial Cybersecurity Industry (MarketWatch) Customer needs require scalable, flexible cybersecurity solutions, finds Frost & Sullivan

Nearly Three-Quarters of Americans Concerned About Identity Theft During Holiday Shopping Season (PR Newswire) The vast majority of Americans (71%) are concerned that their financial and personal information could be...

C-Suite: GDPR Could Lead to Greater Risk of Breaches (Infosecurity Magazine) German and UK executives vent concern at six-month milestone

Who's the Weakest Link in Your Supply Chain? (Dark Reading) Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.

Marketplace

Defense officials taking advantage of new cyber authorities (Fifth Domain) New authorities allow DoD to act faster and respond quicker to activities in cyberspace.

Google employees sign letter against censored search engine for China (the Guardian) Project Dragonfly would allow Beijing to monitor users’ activity and open letter is latest sign of worker unrest at tech company

We are Google employees. Google must drop Dragonfly. (Medium) We are Google employees and we join Amnesty International in calling on Google to cancel project Dragonfly, Google’s effort to create a…

China leaves Huawei founder off honor roll marking 40 years of economic success (TechCrunch) In the lead up to China’s 40th anniversary of reforms and opening up, People’s Daily, the mouthpiece of the ruling Communist Party, published a list on Monday commending 100 extraordinary contributors to the country’s economic development. Familiar names like Jack Ma of ecommerce …

Censys Raises $2.6 Million Seed Round Led by GV and Greylock Partners (Odessa American) Censys, Inc., the trusted provider of Internet security data, announced its $2.6M Series Seed round to help companies find where their data may be exposed.

[Corrected] CyberGRX Raises $30 Million in Series C Funding Round Led by Scale Venture Partners (BusinessWire) CyberGRX today announced that it has raised $30 million in Series C funding led by Scale Venture Partners.

Can Palo Alto Networks Turn Up the Heat This Earnings Season? (The Motley Fool) Investors will be looking for a solid performance.

Kaspersky Predicts ‘Bubble-Burst’ for cryptocurrency in 2019 (BTC Wires) The month of November has brought quite a doom for the crypto World, right from bearish trend plunging the prices to new lows, to threats from crypto hackers robbing people of their hard-earned digital money. In short, the crypto world has not seen any breakthroughs be it price or security…

Former U.S. Congressman Mike Rogers Joins AppGuard (Benzinga) AppGuard, Inc, the pioneers of zero trust cybersecurity software for endpoints, servers and mobile platforms, announced today the...

Verodin Appoints Anomali Co-Founder Colby DeRodeff as Chief Technology Officer (BusinessWire) Colby DeRodeff joins Verodin’s executive team to further drive the rapid expansion of its Security Instrumentation Platform.

Products, Services, and Solutions

Tufin Announces New Cloud Security Solution (Benzinga) Tufin®, the market-leading provider of Network Security Policy Orchestration solutions, announced its latest cloud-native solution, Tufin...

IBM QRadar Advisor with Watson Expands Knowledge of Cybercriminal Techniques (IBM News Room) IBM (NYSE: IBM) Security today announced new capabilities for the company's AI-based security platform, QRadar Advisor with Watson, which expand the platform's knowledge of cybercriminal behavior...

K2 Software OEMs Safe-T Data's Software Defined Access to Securely Connect Cloud Services to On-prem Applications (PR Newswire) Safe-T® (Nasdaq: SFET), (TASE: SFET), a leading provider of software-defined access solutions for the hybrid...

Dataguise Supports GDPR Compliant Cloud Initiatives at AWS re:Invent 2018 (GlobeNewswire News Room) Next Generation DgSecure Platform Accelerates GDPR Compliance Across AWS Cloud Infrastructure

Bandura Cyber Announces Strategic Partnership with Castra Consulting to Enable Automated Threat Intelligence Protection (BusinessWire) Bandura Cyber has announced a strategic partnership with Castra Consulting Managed Services.

Beyond CASB Power: Check Point Announces General Availability for CloudGuard SaaS (Check Point Software) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), ), a leading provider of cybersecurity solutions globally, , today announced the general availability of CloudGuard SaaS, an industry-first cloud suite designed to prevent sophisticated security threats that target SaaS applications. One of the latest additions to Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects …

Qualys Brings its Container Security Solution to New AWS Marketplace for Containers (PR Newswire) AWS re:Invent 2018, Booth #2529 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and a leading provider of cloud-based...

Offensive Security redesigns Exploit Database, its archive of public exploits (Help Net Security) Offensive Security updated Exploit Databas contains library of exploits, shellcode and security papers, adds filters and searching of displayed results.

Fugue Risk Manager protects against data breaches with self-healing cloud infrastructure (Help Net Security) Fugue solution can identify infrastructure compliance violations and automatically remediate unauthorized changes and configuration drift.

What Certified Ethical Hacker Is and What It Is Not (EC-Council Official Blog) A) Ethical Hacking IS NOT Pentest We hear it on the internet; ‘XXX certification is better than a C|EH because you have to do an actual penetration test and submit a report’. The comparison is not only inaccurate; those who make it misunderstand the nature and content of the C|EH course and certification test. There... Read More

Cylance Introduces AI-Powered Cloud Security Solution for AWS (BusinessWire) The award-winning CylancePROTECT® solution now supports AWS Linux to protect application instances running on cloud services infrastructure.

Bitglass and the Rise of Cloud Security Posture Management - Security Boulevard (Security Boulevard) As companies begin moving data from on-premises solutions to the cloud, the need to protect sensitive information and prevent data breaches becomes increasingly important.

Odo software prototype provides solution to sophisticated cyber-spying (Intelligence Online) French researchers are poised to make code obfuscation technology, which provides protection against sophisticated computer attacks, available to all.

SCADAfence Partners With Demisto to Extend Automated Incident Response and Security Orchestration to OT Networks (Sys-Con Media) SCADAfence, the industry leader in cybersecurity and visibility solutions for industrial OT networks, is partnering with Demisto, an innovator in security automation and orchestration technology, to enable industrial organizations to respond to the ever-increasing threats that spread from IT to OT networks.

Technologies, Techniques, and Standards

Who is responsible for IoT security in healthcare? (CSO Online) NIST panel debates who should own IoT security: vendors or users. The issue is especially important when it comes to protecting medical devices.

Here is How Open Source DIY Fatigue Saps Cybersecurity Resources (Bricata) Open source security tools often start as cost-saving DIY projects inside cybersecurity organizations, but as the network grows, these take more time to maintain and manage, which detracts from the task of actually protecting the network. #broids #ids #snortids

Secure Chorus continues to deliver industry-leading value with launch of cyber security standards for enterprise-grade mobile apps - Secure Chorus (Secure Chorus) Not-for profit membership organisation Secure Chorus has announced the completion of its first set of interoperability standards for regulatory-compliant encrypted voice calls. The move will lead the way to the commercial rollout of an ecosystem of different brand mobile apps for enterprise. Elisabetta Zaccaria, Secure Chorus’ Chairman of the board said: …

Take cybersecurity into your own hands: Don't rely on tech giants (Help Net Security) Google doesn’t want you to have to think about cybersecurity at all, similar to how we think about breathing, which sounds like a great idea. However, in

Why compliance is never enough (Help Net Security) Security leadership can steer senior management from focusing solely on compliance by educating them on what must be done to protect against cyber threats.

DDoS protection, mitigation and defense: 8 essential tips (CSO Online) Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back.

Key reasons holding back MFA adoption by mainframe customers (Help Net Security) While 64% of mainframers are aware that MFA is now available to control access to mainframe apps, only 20% acknowledge their organization is using it.

How CISOs can tell a better security story to their board (SC Media) By Ed Bellis, co-founder, CTO, Kenna Security Historically, when CISOs have been called to speak to their organization’s board of directors, it was an

Breaking down the barriers to an IoT-enabled government (GCN) Because the internet of things represents real and concrete risks, it’s time to accelerate progress toward a more orchestrated security framework so the government can tap into its many unique advantages.

What changes will the Corps' experiments in the information environment bring? (Marine Corps Times) The infantry battalion was a previous focus, and experiments led to the adoption of new gear and the downsizing and reconfiguring of the rifle squad.

The Army is rapidly regrowing electronic warfare (C4ISRNET) New forces and capabilities are being developed across several echelons.

Design and Innovation

How to Save the Cybersecurity Industry (Security Boulevard) Traditional 'detect and respond' antivirus products are failing, as cyber-criminals grow ever more inventive and legacy solutions simply can't keep up with the explosion in new malware. In this video, we discuss what can be done to halt this trend.

Research and Development

Can a new DoD center cut through the electronic warfare static? (C4ISRNET) The Joint Artificial Intelligence Center could help overburdened EW analysts.

The Army’s new approach for developing electronic warfare systems (C4ISRNET) The service wants more equipment at the brigade level ASAP.

Academia

Security Industry Association Announces 2018 RISE Scholarship Winners (Security Industry Association) The Security Industry Association (SIA) has selected six young professionals employed at SIA member companies to receive the 2018 SIA RISE Scholarship.

Iowa State launches cyber security engineering major for fall 2019 (The Ames Tribune) Iowa State University’s College of Engineering is launching a Cyber Security Engineering major next fall.The Cyber Security major will be a bachelor

The UTSA National Security Collaboration Center welcomes its first partners on campus (UTSA Today) While the construction of a new research facility will commence at the Downtown Campus next year, it’s not slowing down the UTSA National Security Collaboration Center (NSCC) from taking shape. Federal and industry partners are now arriving on campus to work with UTSA faculty and students.

NSA employees can get UTSA degrees through new program (ExpressNews) The University of Texas at San Antonio is one of eight higher education institutions around the country partnering with the National Security Agency to give agency employees the opportunity to get degrees in cybersecurity and languages.

Legislation, Policy and Regulation

Parliamentarians from across the world sign declaration on the ‘Principles of the Law Governing the Internet’ (UK Parliament) DCMS Committee fake news

Analysis | The Cybersecurity 202: Facebook is under siege around the globe. Now what? (Washington Post) Two hearings Tuesday show the company and its tech peers face new regulatory challenges

How to fight fake news and other online threats (Times) ‘Fake news” is everywhere, to judge by the frequency with which it’s cited, from American political discourse to yesterday’s international parliamentary inquiry into Russian meddling. But it’s...

Trump proposes a government-run TV news network to counter CNN (Ars Technica) Trump wants "Worldwide Network to show the World the way we really are, GREAT!"

New Zealand halts Huawei from 5G upgrade over security fears (AP NEWS) New Zealand’s international spy agency on Wednesday halted mobile company Spark from using Huawei equipment in its planned 5G upgrade, saying it posed a “significant network security risk.”

The US Loves To Charge Other Governments' Hackers With Crimes. What Happens When One Of Those Countries Returns The Favor? (BuzzFeed News) As the US grows increasingly comfortable with "name-and-shame" tactics against hackers who work for China, Iran, North Korea, and Russia, it's only a matter of time before US government hackers are outed.

What Really Matters in ‘Defending Forward’? (Lawfare) Why did the Pentagon choose a cyber strategy of “defending forward”?

Ex-NSA chief welcomes more U.S. offensive operations in cyberspace (Cyberscoop) Former National Security Agency director Michael Rogers has welcomed the Trump administration’s willingness to use cyber-operations to deter foreign adversaries, adding that the United States’ previous reluctance to do so was counterproductive.

Home Affairs attempts to allay concerns about Australian exporters for encryption-busting Bill (ZDNet) ASIO will immediately seek to use the legislation when it comes into force.

U.S. Senate Committee On Commerce, Science, & Transportation - Hearings (U.S. Senate Committee On Commerce, Science, & Transportation) U.S. Sen. Jerry Moran (R-Kan.), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, will convene a subcommittee hearing titled “Oversight of the Federal Trade Commission,” at 2:30 p.m. on Tuesday, November 27, 2018.

Top House Armed Services Democrat wants oversight of new DoD cyber strategy (Federal News Network) Rep. Jim Langevin has a cyber-focused legislative session planned.

One breach standard is better than 50 state regimes: Treasury official (American Banker) The comments by Brent McIntosh, Treasury's general counsel, are at odds with concerns by state regulators and consumer groups who fear that a national standard on how firms handle data breaches could weaken pre-existing rules.

New Cybersecurity Law Offers Safe Harbor Against Tort Claims (Lexology) On November, 2, 2018, Ohio’s recently passed Data Protection Act (Act) officially became law. The Act provides a possible affirmative defense to…

Litigation, Investigation, and Enforcement

Facebook faces fresh lashing from nine countries for its inability to stop the spread of fake news (Washington Post) Facebook on Tuesday faced a fresh lashing from regulators representing Canada, France, the United Kingdom and six other countries for the social-networking giant’s inability to stop the spread of misinformation online and protect its users' personal data.

Everything You Should Know About Facebook’s UK Privacy Drama (WIRED) Lawmakers from nine countries grilled Facebook on Tuesday using a cache of sealed documents that had been seized in London last week.

Manafort Allegations Throw New Uncertainty into Russia Probe (VOA) Day after prosecutors accused President Trump's former campaign manager of repeatedly lying to them, trashing his agreement to tell all in return for a lighter sentence, he adamantly denies report in the Guardian that he had met secretly with Wikileaks founder Julian Assange in March 2016

Robert Mueller's Endgame May Be in Sight (WIRED) Recent developments in the special counsel investigation indicate that things are about to heat up.

Russian firm indicted by Mueller wants permission to disclose 'sensitive' US info (TheHill) A Russian consulting firm indicted by special counsel Robert Mueller is set to ask a U.S. court for permission to internally share information the federal government deems "sensitive."

House Cmte. Reviewing Twitter CEO Jack Dorsey's Testimony For False Statements (The Federalist) The House Energy and Commerce committee is currently reviewing whether Twitter CEO Jack Dorsey provided false testimony to Congress last September.

Federal judge delays decision on unsealing ‘interesting’ Julian Assange case (Washington Post) Prosecutors inadvertently revealed in a recent filing for an unrelated case that the WikiLeaks founder has been charged under seal.

Killing 3ve: US Dismantles Global Ad Fraud Scheme (Infosecurity Magazine) Eight men indicted for alleged role

Multiple botnets disrupted as part of anti-fraud operation (APN News) The internet scored a win after an FBI-led takedown disrupted a massive, multiyear scam that saw cyber criminals use botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue. F-Secure supported the takedown operation by providing threat intelligence on the scam’s malware […]

Two International Cybercriminal Rings Dismantled and Eight Defendants Indicted for Causing Tens of Millions of Dollars in Losses in Digital Advertising Fraud () A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.

Israel: 'Rogue' NSO Group must have licence revoked (Amnesty) Amnesty calls for action on NSO Group, Israeli company whose spyware targeted Amnesty staff

IRS missed steps to accurately track outside data breaches, TIGTA reports (Federal News Network) The IRS failed to flag compromised personally identifiable information (PII) linked to dozens of external data breaches last year and put the tax information of nearly 11,000 people at risk, according to a recent watchdog audit.

Lax Oversight Enabled Illegal Wiretaps by Ex-Brooklyn DA, Lawyers Say in Proposed Class Suit (New York Law Journal) Relatives of an ex-Brooklyn DA's two surveillance targets allege she likely listened to the phone conversations of at least 700 other people during that period.

Lenovo to pay $7.3m for installing adware in 750,000 laptops (HackRead) In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Infosecurity and ISACA North America Expo and Conference (New York, New York, USA, November 20 - 21, 2019) In November 2019, Infosecurity North America and ISACA will align in the field of security, cybersecurity and risk management to create an incredible experience for attendees in programming, solutions and networking. We'll be bringing you an event experience like no other, combining our expertise and bringing together all the key names and themes in our industry.

upcoming Events

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore how the Army-Industry team can best collaborate to achieve cost-effective, innovative solutions to military problems, seamlessly reallocate resources as conditions change, and with the speed and efficiency that adversaries cannot match.

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering talks presented by successful leaders from IEEE Northeast. Emerging technologies will also be demonstrated, engaging attendees to facilitate discussion and potential advancement of STEM outreach class ideas.

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote authorization. Securing Digital ID is a unique event for executives, policy makers, product developers and engineers interested in identity security and authentication. The conference will be held in partnership with TWST Events on December 4-5, 2018 at the Hilton Alexandria Mark Center minutes from Washington, D.C.

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC to Bermuda, the “world’s risk capital,” where we, with the support of a stellar advisory committee, will focus on cyber risk with an emphasis on insurance and risk-transfer solutions.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such as Internet of Things (IoT), FOG Computing, Block Chain and Artificial Intelligence will extend the benefits of cloud - but also create new attack vectors for ambitious and resourceful adversaries. Additionally, the compliance landscape continues to evolve creating new challenges in delivering, measuring, and communicating compliance through multitude of regulations across multiple jurisdictions. The Cloud Security Alliance and MIS Training Institute have partnered to host the 2018 Cloud Security Alliance Congress on December 10-12 at the Omni Orlando Resort in ChampionsGate, Florida. This year’s event welcomes world leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations, best practices and global governance in order to help organizations address the new frontiers in cloud security.

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work with government cybersecurity authorities and regulators. The forum will offer insights, practical advice, case studies and workshops tailored to the needs of executives and managers. (Request an invitation at the link.)

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Fall Season is 8/27/18-9/28/18.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.