Trouble in maritime logistics. UEFI malware. Someone's disrupting Trickbot. Egregor ransomware. Huawei agonistes.

Summary

By the CyberWire staff

Shipping company CMA-CGN continues to work through the Ragnar Locker ransomware attack that hit its business systems a week ago, gCaptain reports. In severity and potential impact the incident is being compared by Bloomberg and others to Maersk’s 2017 NotPetya infestation.

Kaspersky researchers report, according to WIRED, that spyware leaked from the (now defunct, and controversial when active) lawful intercept shop Hacking Team has turned up in malware being run by Chinese-speaking threat actors. The malware they’re deploying is also unusual in that it alters its target’s Unified Extensible Firmware Interface. Installation in the UEFI renders this attack harder to detect and eradicate than more conventional malware.

KrebsOnSecurity describes, with credit to researchers at Intel 471, a campaign designed to disrupt Trickbot. On September 22nd and again on October 1st someone sent bogus configuration files to Trickbot-infected devices, effectively disrupting the botnet’s command-and-control. Who’s responsible is unknown: disgruntled insider, competing criminal gang, law enforcement or intelligence agencies, or vigilantes are all possibilities. Trickbot is closely associated with the gang that runs Ryuk ransomware.

Appgate Labs have analyzed a new strain of ransomware, ”Egregor.” The researchers think it looks like a Sekhmet spin-off, and they note that Egregor has been following the recent, now routine, ransomware trend of stealing information before it’s encrypted, the better to yield leverage over the victim and diversify the illicit revenue stream.

The Wall Street Journal sees the international mood shifting against Huawei, as Germany moves toward restricting the Shenzhen company’s participation in its 5G infrastructure.

Want to get your message in front of leaders in cyber? We got you! Learn about our sponsorship opportunities here.

Notes.

Today's issue includes events affecting Belarus, Belgium, China, Cyprus, Germany, Greece, India, Malaysia, Pakistan, the Philippines, Russia, Taiwan, Saudi Arabia, the United Arab Emirates, the United Kingdom, and the United States.

Addressing Security Threats in a Government Multi-cloud Environment at Machine Speed

As government agencies move systems, apps and data to the cloud – how do they keep them secure? Get your complimentary report detailing tips and insights on addressing today's growing cyber threats to government agencies with a multi-cloud environment.

Sponsored Events

Virtual Cyber Security Summits - Upcoming Events Oct 1 & 9 (Online, October 1 - 9, 2020) Senior Level Executives are invited to the upcoming Virtual Cyber Security Summits! Learn from Industry Experts from The U.S. DHS, Verizon, IBM Security, Darktrace & more as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. You will receive CPE / CEU credits by attending. Free to register with code: CyberWire20 at CyberSummitUSA.com.

Predict 2020: Intelligence to disrupt the status quo. (Online, October 5 - 8, 2020) Join security professionals from the world’s most influential organizations and governments who use Recorded Future’s unique combination of patented machine learning and expert human analysis to combat threat actors. This live, online event will feature thought leadership, education, networking, and fun for Recorded Future clients, partners, and anyone interested in using intelligence to disrupt the status quo.

Cyber Carnival Games (Online, October 6 - 29, 2020) Do you want to play a game? Join Katzcy for the virtual Cyber Carnival Games™ traveling to you in October, celebrating Cybersecurity Awareness Month. Check out the full lineup of epic cyber-themed games and full event schedule today.

Securing America's Voice: Cybersecurity and the 2020 Election. October 8th @ 9 AM EDT. (Online, October 8, 2020) Join ex-FBI cybersecurity executive Todd Carroll and special guest, information security veteran, Chris Coleman as they discuss the thought-provoking topic of cybersecurity and the 2020 presidential election.

Top Cybersecurity Incidents of 2020 and What You Need to Know to Manage Risk (Online, October 14, 2020) Join experts from Ankura and Johns Hopkins University Information Security Institute in a discussion on the cybersecurity threats of 2020 and what organizations should do to protect their sensitive data. Learn about the top incidents Ankura has handled this year and the risks organizations are facing. Then, JHUISI will provide insight into the mitigation solutions organizations should take to manage risk.

3rd Annual DataTribe Challenge - Apply to Present (Online, October 30, 2020) If you are working on an early stage cyber or data science idea, apply to the DataTribe challenge for an opportunity to receive $20,000 in prize money and a chance for up to $2M in seed equity funding. DataTribe is a cybersecurity and data science startup foundry. DataTribe commits capital, in-kind services and decades of professional expertise to co-build the next generation of cybersecurity, data and analytics companies. To learn more check out www.datatribe.com and https://datatribe.com/challenge/

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

‘Pak-based hackers targeting Indian defence units, officials’ (The Sunday Guardian Live) ‘The cyberattacks are meant to gather intelligence against India’. New Delhi: A Pakistan-backed hacker group is reportedly behind cyberattacks that have been targeting officials of the Indian defence forces. The attacks are being carried out in a coordinated attempt to steal critical infrastructure and

Before targeting Belarus, Eastern Europe-focused hackers flew under the radar (CyberScoop) A mysterious cyber-espionage group, active for nearly a decade but documented in detail by private researchers for the first time Friday, has been hacking into government organizations in Eastern Europe in search of secrets.

Cyber Pirates Hit Global Shipping Industry Nearing Peak Season (Bloomberg) Two key players in the global shipping industry are trying to restore computer networks and assess the damage from separate cyber attacks this week that are adding short-term complications to supply chains already straining ahead of peak season for consumer demand.

International Maritime Organisation hit by cyber attack (The National) Cyber attack on shipping industry raises concern about disruptions to supply chains

CMA-CGM Struggles To Restore Systems After Cyber Attack (gCaptain) As CMA CGM’s IT engineers continue, for the fifth day, to try to restore its systems following a cyber-attack at the weekend, the French carrier has come under moun…

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware (Wired) The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.

New pastebin-like service used in multiple malware campaigns (Official Juniper Networks Blogs) Juniper Threat Labs identified several malware campaigns that rely on a pastebin-like service for its infection chain. The domain in question is paste.nrecom.net. The attacks usually start as a phishing email and, when a user is tricked into executing the malware, it downloads the succeeding stage of the malware from paste.nrecom.net and loads it into the memory without writing to disk.

FBI & CISA Warn of “Foreign-Backed Online Journals” Spreading Election Disinformation (Lawfare) The FBI and CISA issued another public service announcement on Thursday, warning of the potential threat posed by foreign actors spreading disinformation about the 2020 U.S. presidential elections.

The Covid Information War Is Entering a Frightening New Phase (Wired) Communication from the White House about Donald Trump’s infection will be opaque at best. Into that vacuum, misinformation will flow.

Attacks Aimed at Disrupting the Trickbot Botnet (KrebsOnSecurity) Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly being harvested for financial data and are often used as the entry point for deploying ransomware within compromised organizations.

Avast Proves IoT Firmware Can Be Hacked (Avast) In an experiment to prove that IoT firmware is vulnerable to being hacked, Avast researchers launched a ransomware attack on a smart coffee maker, successfully hijacking the entire device.

Egregor Ransomware Adds to Data Leak Trend (BankInfo Security) Security researchers with Appgate are warning about a recently uncovered ransomware variant called Egregor that appears to have infected about a dozen organizations

Appgate Labs Analyzes New Family of Ransomware— “Egregor” (Appgate) Appgate provides secure access to your network and for your consumers using leading Zero Trust network security and fraud protection solutions

Scanning for SOHO Routers (SANS Internet Storm Center) In the past 30 days lots of scanning activity looking for small office and home office (SOHO) routers targeting Netgear.

Online avatar service Gravatar allows mass collection of user info (BleepingComputer) A user enumeration technique discovered by security researcher Carlo Di Dato demonstrates how Gravatar can be abused for mass data collection of its profiles by web crawlers and bots.

HP Device Manager backdoor lets attackers take over Windows systems (Bloomberg) HP released a security advisory detailing three critical and high severity vulnerabilities in the HP Device Manager that could lead to system takeover.

A security flaw in Grindr let anyone easily hijack user accounts (TechCrunch) Secret tokens used to reset account passwords were leaking to the browser.

Clinical Trials Hit by Ransomware Attack on Health Tech Firm (New York Times) No patients were affected, but the incident was another reminder of the risks in the increasingly common assaults on computer networks.

New Jersey hospital paid ransomware gang $670K to prevent data leak (BleepingComputer) University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info.

4 Sophisticated Phishing Campaigns Impacting the Healthcare Sector (HealthITSecurity) Phishing dominates the threat landscape, deploying RAT malware, ransomware, and other nefarious cyberattacks. As healthcare is a prime target, understanding these sophisticated schemes is crucial.

Hackers steal job bank data of millions (Taipei Times) Chinese hackers are suspected of invading the network of a Taiwanese online job bank before the Mid-Autumn Festival holiday last week and stealing the personal information of more than 5.92 million job applicants, a preliminary investigation by national security officials showed.

PUBG Mobile hit by waves of DDoS attacks, players complain of sudden disconnection (Moneycontrol) PUBG Mobile said that it aims to "bring back normal gaming experience to our players as soon as possible.

Persistent cyberattacks against the video gaming sector (The Manila Times) In its latest report, titled “State of the Internet/ Gaming: You Can’t Solo Security,” Akamai, a global cybersecurity and cloud service company, said high volumes of attacks targeted video game companies and players between 2018 and 2020. The report also notes an uptick in attack traffic correlated with the coronavirus-induced lockdowns. In the new report, […]

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy (Threatpost) Phishing emails tell recipients that their voter's registration applications are incomplete – but instead steal their social security numbers, license data and more.

An email scam is targeting Black Lives Matter supporters—here’s what you need to know (Yahoo Sports) Emails with the subject line ‘Vote anonymous about ‘Black Lives Matter’’ have been sending a Trojan-style malware program. Here's how to protect yourself.

Malicious Actors Crash U.S. Election: Spoofed Emails Attempt to Gather U.S. Voter Registration Data (KnowBe4) Malicious Actors Crash U.S. Election: Spoofed Emails Attempt to Gather U.S. Voter Registration Data

Serious Security: Phishing without links – when phishers bring along their own web pages (Naked Security) How do you “check the URL before you click” if the web page you’re visiting is already on your own computer?

Hacker Uploads Own Fingerprints To Crime Scene In Dumbest Cyber Attack Ever (Forbes) I've been around cybersecurity for 30 years, but this has to be one of the dumbest cyber attacks ever

Ontario nursing regulator says it has made 'significant progress' after cyber attack (CBC) The College of Nurses of Ontario says it has made 'significant progress' restoring its systems and data after hackers crippled its website, but it would not reveal whether the personal data of 195,000 nurses was compromised in the attack.

3 Types of Phishing Scams to Share With Your Remote Employees (INKY) Many of the organizations that began working remotely because of COVID-19 are going to continue doing so for the foreseeable future. This makes you a tempting target for phishing schemes. Learn what to look for and how to maintain email security.

Security Patches, Mitigations, and Software Updates

Tripwire Patch Priority Index for September 2020 (The State of Security) Tripwire's September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions.

Cyber Trends

The politics of internet security: Private industry and the future of the web (Atlantic Council) The private sector plays a crucial role in defining the changing shape of the Internet, especially its security. This report examines two protocols as examples of private sector influence over presently vulnerable systems key to the Internet’s function: the Border Gateway Protocol (BGP), used to route Internet traffic, and the Domain Name System (DNS), used to address Internet traffic.

FBI: 41% of Financial Sector Cyber Attacks Come from Credential Stuffing (Bitdefender Business Insights) Credential stuffing attacks account for the greatest volume of security incidents in the financial sector according to a report from the FBI

Europe's card fraud value hits 1.55 billion euros, the UK accounts for 45% (BuyShares.co.uk) Data presented by Buy Shares indicates that Europe’s card fraud value has hit Є1.55 billion with the United Kingdom accounting for almost half at 45.36%.

Marketplace

Rockwell Automation acquires Oylo to expand offering of cybersecurity services and solutions (Help Net Security) Rockwell Automation announced that it has acquired Oylo, a privately-held industrial cybersecurity services provider.

RealCISO.io launches and emerges from stealth (PR Newswire) Today, RealCISO Inc, a cloud based cybersecurity assessment and marketplace, announced their launch of RealCISO.io. This product is an easy to...

A Millionaire Hacker’s Lessons for Corporate America (Wall Street Journal) Santiago Lopez, a 21-year-old ethical hacker who shows corporations their cybersecurity fails, expects to keep going for years to come.

Google and Palantir Are Two Sides of the Same Coin (Medium) Both companies leverage vast amounts of data for unprecedented surveillance

Leidos to Lay Off 60 at Indy Facility (Inside Indiana Business) Virginia-based Leidos will permanently lay off 61 employees at its facility in Indianapolis. The company says the entire facility will not be closed, but layoffs will begin November 30.

7 Cybersecurity Stocks to Buy for the 5G Wave (InvestorPlace) These seven cybersecurity stocks to buy will profit in big ways from the massive rollout in 5G wireless networks that is underway now.

VMware Looks to Meld IT and Security Operations (DevOps.com) VMware has acquired SaltStack as part of an effort to unify IT and security operations management. The announcement was made during the online VMworld

CISA Quality Services Management Office Vulnerability Disclosure Platform Contract Awarded (CISA) The Cybersecurity and Infrastructure Security Agency (CISA), with the General Services Administration (GSA), awarded a contract to Endyna, Inc. of McLean, Va., on Sept. 25, to provide the Vulnerability Disclosure Platform and associated services to help protect Federal civilian Executive Branch networks.

KnowBe4 Wins Education and Training Provider of the Year Award From Network Computing (Benzinga) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced...

Keeper Launches Major Cybersecurity Awareness & Education Campaign for National Cybersecurity Awareness Month (PR Newswire) Keeper Security, provider of the highly-rated cybersecurity platform for preventing password related data breaches and cyberthreats, is...

Facebook moderators at Accenture are being forced back to the office, and many are scared for their safety (The Verge) Contractors are concerned for their health as coronavirus cases spike in Texas.

Facebook Says Government Breakup of Instagram, WhatsApp Would Be ‘Complete Nonstarter’ (Wall Street Journal) A government effort to break up Facebook Inc. from Instagram and WhatsApp would defy established law, cost billions of dollars and harm consumers, according to a paper company lawyers have prepared.

Facebook rebuts 'The Social Dilemma,' a popular Netflix documentary (CNBC) Facebook argues that the documentary-drama that quickly gained popularity for its critical look of tech platforms "buries the substance in sensationalism."

India's Airtel puts $13M in Security Intelligence Center (Light Reading) Bharti Airtel launched the Security Intelligence Center with an investment of INR1000 million, and Airtel Secure, cybersecurity for enterprise customers.

Dashlane's Joy Howard Named One Of Forbes' World's Most Influential CMOs (PR Newswire) Forbes, with research partners Sprinklr and LinkedIn, today announced their annual list of The World's Most Influential CMOs. Joy Howard, Chief...

Products, Services, and Solutions

New ransomware vaccine kills programs wiping Windows shadow volumes (BleepingComputer) A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft's vssadmin.exe program,

Cellebrite Announces The Launch Of The Digital Intelligence Readiness Navigator (Officer) Online Tool Empowers Law Enforcement & Intelligence Agencies to Gauge Their Ability to Effectively Manage Digital Investigations

Synaxon UK forms new partnership with Layer 8 (PCR) Synaxon UK has formed a new partnership with Layer 8, the specialist practitioner in security behavi

AnonyFlow Announces a Cloud Service for Protecting Personal Identifiable Information from Data Breaches (PR Newswire) In the modern-day, all a company's most vital information is stored digitally. No longer is keeping it safe as simple as locking a filing...

APIsec Introduces First, 100% Automated, Certified Pen-Test Report for APIs (PR Newswire) APIsec, Inc. introduced today an update to its API security platform allowing enterprise security and compliance groups to obtain certified,...

Columbia Heights, MN, Selects Nyotron PARANOID to Secure Endpoints (PR Newswire) Nyotron, the only company to offer a true zero-trust security platform, for endpoints and servers, that blocks attacks in real-time without any...

Technologies, Techniques, and Standards

Internet Engineering Task Force Proposes Standard for Network Time Security (SecurityWeek) The Internet Engineering Task Force (IETF) has published RFC8915, its proposed standard for network time security (NTS).

National Security Agency launches the Center for Cybersecurity Standards (National Security Agency Central Security Service) The National Security Agency announces the official launch of the Center for Cybersecurity Standards (CCSS) in the Cybersecurity Directorate. This office will lead NSA’s Cybersecurity mission to

Why Your Phone Is The Center Of Zero Trust Security (Forbes) Ivanti needs to capitalize on these two acquisitions and close the widening Zero Trust Security gap evident across unsecured phones and mobile devices today.

States are finally starting to use the Covid-tracking tech Apple and Google built — here's why (CNBC) The Apple-Google system for sending Covid-19 alerts is gaining momentum in the United States, six months after it was first announced.

Uncle Sam Is Looking for Recruits—Over Twitch (Wired) The US military needs tech-savvy youth. It's hoping its streaming channels will help fill out its roster.

Design and Innovation

Twitter is building ‘Birdwatch,’ a system to fight misinformation by adding more context to tweets (TechCrunch) Twitter is developing a new product called “Birdwatch,” which the company confirms is an attempt at addressing misinformation across its platform by providing more context for tweets, in the form of notes. Tweets can be added to “Birdwatch” — meaning flagged for modera…

Twitter is working on a fix for its automated image cropping (Engadget) Twitter says it will change its automated image cropping feature after users complained that it was biased.

Twitter Says You Cannot Tweet That You Hope Trump Dies From COVID (Vice) "Content that wishes, hopes or expresses a desire for death, serious bodily harm, or fatal disease against an individual is against our rules."

Legislation, Policy and Regulation

A guide to the General Data Protection Regulation (Pinsent Masons) The entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018 brought about the biggest overhaul of EU data protection law in more than 20 years and represented an attempt by EU policy makers to ensure the law on the collection, use, sharing and protection of personal data was fit for the digital age.

Spy panic: Thinktank calls for BAN on British spies joining hostile foreign governments (Express) A leading thinktank has called on former British spies from being banned from getting jobs with hostile foreign governments.

Cyprus getting to grips with Cybersecurity (Financial Mirror) The Digital Security Authority (DSA) is bolstering efforts to enhance cybersecurity in Cyprus by addressing risks to essential services while creating a safer environment for investors and businesses. Recent comments by high ranking state officials have put the spotlight on cybersecurity gaps in crucial state services such as ministries, ports, water, and electricity distribution networks.

Opinion | A Huawei Turning Point (Wall Street Journal) Germany could soon effectively ban the firm from its 5G network.

Greece joins 'anti-Huawei camp' as US seals stronger ties (Nikkei Asia) Nation turns sharply from pro-China policy amid Turkish standoff in Mediterranean

Former lawmaker warns: Cell towers can be ‘bridges’ for espionage (The Manila Times) Former Bayan Muna party-list representative Neri Colmenares has warned against the putting up of cell towers within camps of the Armed Forces of the Philippines (AFP) by the Dito Telecommunity, saying it might become a bridge for China’s espionage mission in the country. Colmenares, chairman of the support advocacy group Citizens for Philippine Sovereignty, said […]

Expert On GCHQ Discovered 'Nationally Significant' Vulnerability In Huawei Equipment (Information Security Buzz) A “nationally significant” vulnerability were discovered in Huawei equipment used in the UK’s telecommunications networks. Vulnerabilities are usually software design failures which could allow hostile actors (in particular the Chinese state when it comes to Huawei) to conduct a cyber attack. They are not necessarily intentional and can’t be seen as an indication of any hostile intent …

Trump Attack On Huawei Imperils US Chipmakers (Forbes) Slowly but surely politicians in Washington and Beijing are splitting the internet in half, and that is bad news for innovation and technology investors.

House Version of EARN IT Act Introduced (Decipher) The EARN IT Act has now made its was into the House of Representatives, with a key change from the Senate version’s stance on encryption.

Senate panel secures top tech CEO testimony for Oct. 28 (POLITICO) The heads of Facebook, Google and Twitter will testify virtually less than a week before the election.

Why the Pentagon needs to fully embrace influence operations (C4ISRNET) The DoD must ingrain information warfare and influence operations to disarm malign activities in the gray zone and competition space.

Cyber safety awareness campaign launched in Assam (ETTelecom.com) The 'CyberSafety' campaign will be jointly conducted by the Assam Police and cyber-security think tank Cyber Peace Foundation (CPF), Additional Direct..

Secretary Pate launches new measures to bolster Iowa election security (KTVO) Iowa Secretary of State Paul Pate announced Thursday a new cybersecurity initiative to ensure the protection of Iowa's election infrastructure.

California Governor Newsom Signs into Law Extension to CCPA Employee Personal Information Exemption, Vetoes Another Privacy Bill (Lexology) On September 29th, California Governor Gavin Newsom signed into law AB 1281, an amendment to the California Consumer Privacy Act (“CCPA”) that would…

Litigation, Investigation, and Enforcement

Belgian privacy watchdog bid's to police Facebook at EU court on October 5 (Reuters) Facebook's run-ins with EU privacy regulators may escalate as Europe's top court next week weighs arguments from the Belgian data protection watchdog that it should have the power to go after the U.S. social media giant for breaches in Belgium.

Deputy minister: Cyber crime cases in Malaysia worrying as 94pc of children exposed to porn online (Malay Mail) According to police sources, 9,215 commercial crime cases have been recorded nationwide involving losses amounting to RM717.2 million for the period January to April. Communications and Multimedia Deputy Minister Datuk Zahidi Zainul Abidin said 5,697 incidents of cyber fraud...

Ransomware victims find themselves between rock and hard place (Fortune) Pay up and risk breaking the law, or remain crippled.

Justice Department Appeals Injunction Against WeChat (Wall Street Journal) The Trump administration filed court papers seeking to overturn a federal magistrate’s ruling that stopped a U.S. ban on China’s ubiquitous messaging and e-commerce app WeChat.

Brennan Rebuffed Requests to Lower Confidence in Key Russia Finding (New York Times) The revelation that the former C.I.A. director sided with analysts over senior officers, contained in his new book, has been a focus of the Justice Department review of the Russia inquiry.

Ex-CIA Director Reveals Internal Division At Spy Agency Over Trump-Russia Intelligence (Daily Caller) Former CIA Director John Brennan reveals in a forthcoming book and interview that there was internal divisioin at the spy agency over Trump-Russia intelligence.

Rosen and Cortez Masto seek federal response to CCSD cyber attack (Nevada Independent) Sen. Jacky Rosen and Sen. Catherine Cortez Masto are seeking federal guidance for the Clark County School District (CCSD) and other school districts following the recent CCSD ransomware attack, which resulted in the release of private data, including Social Security numbers.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

National Cybersecurity Awareness Month (Online, October 1 - 31, 2020) Cybersecurity Awareness Month – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Since its original inception under leadership from the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA), Cybersecurity Awareness Month has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation. Now in its 17th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by NCSA and the Cybersecurity and Infrastructure Agency (CISA).

How She Got There—Women in Healthcare IT (Online, October 6, 2020) Join us for an open and honest hour-long conversation with influential women in healthcare information and technology who are leading the way to a more diverse and enriched community. Gain a better understanding of the challenges and opportunities that these female executives have experienced as they have navigated their careers. Learn from them how they are leading their organizations to digitally transform and serve their patients in more effective ways. Discover how they see the healthcare ecosystem evolving to achieve more diversity and balance in the workforce.

Security Frenemies: Red & Blue Boosting Each Other (Online, October 15, 2020) Join WISP and Google for a seminar and learn how red and blue teams approach a security incident! Matt Linton, a member of Google's Detection and Response team and Niru Ragupathy, a member of Google's Offensive Security team pair up to showcase how red and blue teamers can learn from each other. They walk through a hypothetical attack from start to finish, at each step switching between the point of view of Attackers and Defenders to highlight what each side sees and does. Showcasing what makes each side rewarding and fun. Registrant's will be emailed the meeting link the day before the event.

SINET16 Showcase (Online, October 20, 2020) Each year, SINET evaluates the technologies and products of hundreds of emerging Cybersecurity companies from all over the world, and selects the 16 most innovative and compelling companies. SINET Showcase is where these 16 companies, known as the SINET 16 Innovators, will be presenting their solutions for the SINET Community to evaluate and engage.

#sharethemicincyber (Online, October 23, 2020) In response to anti-black racism and the deaths of countless black people, the country and the world are standing up against systemic racism. Many in the cybersecurity community have been searching for ways to amplify the voices of black and brown practitioners in the national security/foreign policy space. Inspired by the #ShareTheMic campaign on Instagram, Camille Stewart (@CamilleEsq on Twitter) and Lauren Zabierek (@LZXDC on Twitter) have teamed up to launch the #ShareTheMicInCyber Twitter campaign. On June 26, 2020, prominent members of the cybersecurity community spent the day tweeting about Black cybersecurity practitioners. This campaign has started a movement that continues to grow! We're excited to host part two of this campaign on October 23, 2020 in celebration of Cybersecurity Awareness Month!

upcoming Events

CISA’s Third Annual National Cybersecurity Summit (Online, September 16 - October 7, 2020) CISA’s Annual National Cybersecurity Summit will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7. The 3rd Annual National Cybersecurity Summit will bring together infrastructure stakeholders from around the world and provide a forum for meaningful conversations and collaboration on cybersecurity. Each series will have a different theme that focuses on CISA’s mission to “Defend Today, Secure Tomorrow,” with presentations from targeted leaders across government, academia, and industry. This year’s themes are: Sept 16: Key Cyber Insights; Sept 23: Leading the Digital Transformation; Sept 30: Diversity in Cybersecurity; Oct 7: Defending our Democracy.

Cyber Carnival Games (Online, October 1 - 31, 2020) To celebrate Cyber Security Awareness Month (CSAM) and the critical role of Cyber Gaming in building a strong workforce, Katzcy Cyber Games has assembled a virtual festival filled with games of skill and chance, scheduled thrilling performances, and lined up activities and drawings that bring home the sights, smells, and tastes of the carnival.

Cyber Education Workshop (Online, October 5 - 6, 2020) The National Cyber Moonshot organization, in conjunction with Center for Internet Security, the I3P, American University, and Unisys is convening a workshop of leading experts and practitioners to look at breakthrough concepts and realities in use across the nation and around the world.

MapleSec (Online, October 5 - 7, 2020) MapleSEC 2020 is a three-day virtual conference aimed at business and government leaders looking for hands-on practical tips to protect their organizations from growing cybersecurity threats. Whether you’re interested in new approaches to building a risk management culture, expert tips on how to prepare for the new threats on the horizon, or tested strategies for getting your board on board with cybersecurity initiatives, you’ll come away from MapleSEC 2020 with practical tools and valuable insights.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.