Traditional defenses traditionally fail to look for what the opposition's up to.

Your security shouldn't just react to a threat: it should enable you to stay ahead of it. Increase efficiency and reduce complexity, turn information into intelligence to make informed security decisions, and choose a platform that enables you to see the opposition coming. Learn about the next generation of security in 'Enterprise Defense at the Speed of Data,' by ThreatConnect and its partners SAP NS2 and Deloitte.

The daily briefing.

Irish power utility EirGrid sustained a security breach earlier this year, apparently a man-in-the-middle attack through Vodafone’s Direct Internet Access service based in Shotton, Wales. It was a data collection operation, not an attack on power distribution itself, but the incident is attributed to an unspecified "state-sponsored hacker," and it's worth noting that attacks on Ukraine's power grid were preceded by collection.

Other notes on the power grid include exposure of Texas infrastructure data through a misconfigured server, and a research study on the cascade effects a successful attack on solar power installations could have on the grid as a whole.

FireEye's investigation appears to confirm its initial take on the 31337 hackers' attack on one of its employees' online accounts—the damage seems to have been limited.

More Game of Thrones material has been released, and the attackers' motive has come into clearer focus: they're asking for millions in extortion payment from HBO.

Cylance releases its research into the KONNI stealthy remote-access Trojan.

The maritime shipping industry is concerned about the vulnerability of GPS, and is looking to reestablish manual navigation as a backup should GPS suddenly turn unreliable.

The shipping sector has been hard-hit by NotPetya. Companies that were unaffected are seeing an increase in business as customers switch their trade from shippers whose capacity was degraded—DHL, for one, reports an upswing in bookings.

Google's August Android update yesterday patched ten critical remote code execution bugs.

In the US, NIST has released its Cybersecurity Workforce Framework.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting Canada, China, the European Union, Germany, Ghana, Haiti, India, Israel, the Democratic Peoples Republic of Korea, the Netherlands, Nigeria, Russia, South Africa, Ukraine, the United Kingdom, and the United States.

What do AI and machine learning mean for cybersecurity?

We hear about them everywhere in cybersecurity. They sound cutting-edge, but what do they mean? And what value do they add? Find out exactly how significant AI and machine learning are, and how small nuances in their use can make a big difference.

On the Podcast

In today's podcast we hear from our partners at the Johns Hopkins University, as Joe Carrigan talks about Facebook and Google eavesdropping conspiracy theories. Our guest is Juan Perez-Etchegoyen from Onapsis on Oracle business app vulnerabilities. You'll also find Recorded Future's latest podcast (produced in partnership with the CyberWire) of interest. It covers North Korean intelligence services, and explains the method behind Pyongyang's apparent madness.

Sponsored Events

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Cyberwar: A guide to the frightening future of online conflict (ZDNet) With cyberwarfare, the battlefield is going online. Here's everything you need to know.

Chrome Extension Developers Under a Barrage of Phishing Attacks (BleepingComputer) Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions.

FireEye clarifies security breach talk (CRN) Vendor says its network stood firm despite 'multiple' hacking attempts, but three documents and two customers were compromised

Threat Spotlight: KONNI – A Stealthy Remote Access Trojan (Cylance) The Threat Guidance Team opens the hood of a malicious threat called KONNI to demonstrate how it operates.

Attack on Ireland’s state-owned power provider blamed on state-sponsored hackers (HOTforSecurity) EirGrid, which provides electricity to homes and businesses across Ireland and Northern Ireland, reportedly suffered a security breach earlier this year at the hands of state-sponsored hackers. The allegation is made in a report in the Irish Independent.

Engineering firm exposes SCIF plans and power vulnerability reports (CSO Online) Chris Vickery, director of cyber risk research at UpGuard, Inc., says that a misconfigured Rsync server maintained by Power Quality Engineering, Inc. (PQE) exposed client information pertaining to critical infrastructure...

Cyber-Attack on Solar Panels Could Shut Down Power Grids via Domino Effect (BleepingComputer) New research released on Friday, August 4, reveals the existence of multiple vulnerabilities in the products of the leading provider of photovoltaic panels, which if exploited in mass by a determined attacker could lead to a shutdown of one or more countries' power grids because of a domino effect.

HBO Hackers Release a Ransom Note—And More Game of Thrones (WIRED) The hackers plaguing the premium TV network have revealed their motive—and more Game of Thrones spoilers.

Game of pwns: security lessons from latest HBO hack (Australian Business Review) HBO recently suffered a massive cyberattack, with hackers stealing 1.5 terabytes of data from inside its network, including upcoming episodes of shows such as Ballers and Room 104. But the crown jewel of the hack wasn’t even a video, it was the script to this Sunday’s episode of the wildly popular HBO series Game of Thrones.

Malicious code in the Node.js npm registry shakes open source trust model (CSO Online) Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?

Cyberattacks on GPS leave ships sailing in dangerous waters (Naked Security) A spate of attacks on GPS tracking of ships has focused minds on a radio technology that’s been stalled for years

Cyber Threats Trigger Return to Radio for Ship Navigation (Fortune) About 90% of world trade is transported by sea and the stakes are high.

Deutsche Post DHL sees volume gains in Q3 after cyber attack hurts rivals (NASDAQ.com) Deutsche Post DHL saw no material impact from the cyber attack in Ukraine at the end of June, but is seeing increased volumes this quarter as rivals cope with the after-effects, the group's chief financial officer said on Tuesday.

How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players (TrendLabs Security Intelligence Blog) Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies.

You Can Trick Self-Driving Cars by Defacing Street Signs (BleepingComputer) A team of eight researchers has discovered that by altering street signs, an adversary could confuse self-driving cars and cause their machine-learning systems to misclassify signs and take wrong decisions, potentially putting the lives of passengers in danger.

Europe's cyber victims racking up hundreds of millions in costs (Information Management) Global hackers have unleashed a brace of attacks in recent months, and the revenue hit to companies infected is reaching staggering heights.

The involvement of SMBs is the weakest link in the GST chain: FireEye (Moneycontrol) When these small businesses come online for the first time, they have poor awareness of security practices and are thus open to threats such as ransomware, says Kaushal Dalal

The Darknet Index-U.S. Government Edition (OWL Cybersecurity) Rankin US Government agencies using Darknet intelligence...see how the United States Government fares when its top federal agencies are ranked by darknet footprint.

Why Social Media Users Should Never Lower Their Guard (Time) Never automatically accept a friend request from anyone

Hacked Aquarium Controller Used In Casino Cyber Attack! Featured, News Reef Builders | The Reef and Marine Aquarium Blog (Reef Builders | The Reef and Marine Aquarium Blog) An internet connected aquarium controller has just been confirmed as the gateway into the secure network of a casino, and it was used to steal up to 10 gig

Data of 100,000 Dutch lease drivers leaked (NL Times) A data leak at software company CarWise ICT meant that information of thousands of Dutch lease drivers was easily accessible to unauthorized parties. The leak was discovered by security company ESET, director Dave Maasland confirmed to NU.nl. Maasland estimates that at least 100 thousand customers were affected.

A New Hacker Threat: Messages Inside Images (Credit Union Times) Hackers are increasing their use of hiding messages inside images to conceal their malicious activity.

Tech Support Scammers Cast a Wider Net (Threatpost) Microsoft is warning of a wave of phishing campaigns pushing tech support scams via malicious links to phony Amazon, Alibaba and LinkedIn web pages.

Careful, that may not be your grandson (FederalNewsRadio.com) What if your grandson calls and says he's in jail on a DUI and needs you to wire the court $2,800 ASAP? Beware, it's probably a scam.

Security Patches, Mitigations, and Software Updates

Google Patches 10 Critical Bugs in August Android Security Bulletin (Threatpost) Google's August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Google's Pixel and Nexus handsets.

Siemens CT scanners open to remote compromise via publicly available exploits (Help Net Security) Siemens is yet to release patches for four easily and remotely exploitable flaws affecting select PET, SPECT and CT scanners from Siemens Healthineers.

The case against Windows Automatic Update (Computerworld) If you’re moderately conversant with your Windows machine, you should consider avoiding Automatic Update. Here’s why.

Cyber Trends

Gigamon IT Survey Highlights Lack of Visibility as a Leading Obstacle to Securing Enterprise and Hybrid Cloud Networks (Gigamon) Over two thirds of IT decision-makers cite blind spots as a major obstacle to data protection

Playing Whack-a-Mole: Results of the 2017 SANS Threat Landscape Survey (Business Insider) Endpoints—and the users behind them—are on the front line in today's security battles, according to results of a new survey on the threat landscape to be released by SANS Institute on Tuesday, August 15.

CyberSecurity Report: Threat Landscape Gets More Sophisticated (Network Security Blog | Qualys, Inc.) Destruction of service. Get acquainted with this newly-minted term, and with its acronym — DeOS. It’s a particularly disturbing type of cyber attack InfoSec teams may face regularly in the not too …

Marketplace

How to Invest in Cybersecurity Stocks (The Motley Fool) Investors should know how big the market it is, and understand its risks, then find a few key players and buckle in for the long-haul.

Acquisition brings multi-factor authentication to SMBs (Computing) Move to the cloud reduces cost and complexity.

Deloitte Purchases Blab's Predictive Social Intelligence Platform to Arm Clients With Early Warning of Reputational Events (PRNewswire) Deloitte announces an agreement to acquire certain assets of Blab, including...

Rapid7 Narrows Quarterly Loss, Revenue Tops Views, Stock Jumps (Investor's Business Daily) Rapid7 reported a narrower-than-expected loss during the second quarter, and after-hours investors rewarded the company.

How MobileIron Inc. Stock Fell 25% in July (The Motley Fool) Last month's second-quarter report looked just fine, except for a disappointing lack of order billings.

IBM joins hands with TSSC to spur emerging technology skills within India’s telecom sector (ETTelecom.com) Technology major IBM has joined hands with the Telecom Sector Skill Council (TSSC) to upskill students and young professionals in the telecom industry

IBM Public Relations Become Embarrassment as Company Struggles (247 Wall Street) International Business Machines Corp. (NYSE: IBM) has had a habit of putting out large numbers of press releases that say little or nothing about the company’s prospects.

NAO wins Navy cyber contract (C4ISRNET) If all options are exercised, the contract is scheduled to be completed by August 2023.

NSW govt strikes cybersecurity deal with Data61 (Technology Decisions) The NSW government will gain access to some of the country's best data scientists under a new agreement with Data61.

America’s First Federal Chief Information Security Officer Gregory J. Touhill Joins Bay Dynamics’ Board of Directors (Bay Dynamics) Ret. Brigadier General Touhill joins Bay Dynamics to help continue mission of enabling a risk based approach to cyber security

Wiretap Names Jeff Spridgeon Vice President of Sales (markets.businessinsider.com) Wiretap, a leading innovator of solutions designed to secure and safely grow the use and corporate governance needs of Enterprise Social Networks (ESNs), today named Jeff Spridgeon Vice President of Sales.

Cybrary Hires Kathie Miley as Chief Operating Officer (PRWeb) Cybrary, the world’s first and only free, open-source IT and cyber security online learning platform, today announced that Kathie Miley has been hired as Chief Operating Officer (COO).

Mosaic451 Names Ray Ramella to Oversee Corporate Operations (PRNewswire) Mosaic451, a bespoke cybersecurity services provider and consultancy, is...

Products, Services, and Solutions

Shine a Light on the Dark Web with USM Anywhere (Alien Vault) Ask any security professional what keeps them up at night, and it won’t be long before the conversation turns to compromised user credentials.

AlienVault plug-in searches for stolen passwords on Dark Web (TechCrunch) When it comes to password breaches on public sites like Adobe, LinkedIn and Yahoo!, there are some known knowns. For instance, there's a decent chance those..

Silent Circle and Kerveros Deliver on Pledge to Secure Enterprise Communications (BusinessWire) Strategic collaboration solidifies ability to bring privacy and security across the globe

Versive and Cloudera Partner to Fill the Growing Cybersecurity Capability Gap (BusinessWire) Versive, a leader in AI-powered cybersecurity, announced a strategic partnership with Cloudera.

Darktrace Advances AI Cyber Defense with New v3 Release (Darktrace) Major productivity boost for novice & expert analysts and executives

Masergy Adds Endpoint Detection and Response to its Integrated Managed Security Solution (Masergy) MEDR Service Lets Companies Rapidly Respond to Cyber Security Threats From Compromised PCs, Servers and Mobile Devices.

Cellebrite Launches Tool for Forensically Sound Extraction of Public Domain Social Media Data (Business Insider) Cellebrite, the leading provider of digital intelligence solutions, has introduced a new UFED Cloud Analyzer solution that provides forensically sound, real-time collection, preservation and analysis of data...

Schneider Electric and Claroty partner to address safety and cybersecurity challenges in global industrial infrastructure (PRNewswire) Claroty, an innovator in Operational Technology (OT) network protection, and...

Webroot growing MSP roster (Channelnomics) Channel chief says 80 percent of business comes from MSPs

General Dynamics releases new, NSA-certified encryptor (C4ISRNET) TACLANE-FLEX is the first “multi-speed, user-customizable High Assurance Internet Protocol Encryptor (HAIPE),” according to a news release.

Mozilla’s new file-transfer service isn’t perfect, but it’s drop-dead easy (Ars Technica) For less high-stakes uses, Send offers reasonable security and privacy assurances.

As network security becomes 'irrelevant,' here's how Zscaler guards the cloud (SiliconANGLE) During a major computer security conference two years ago, Zscaler set up a booth on the tradeshow floor and spent the week destroying various security devices made by other companies with a large hammer.

Preoday makes GDPR pledge to hospitality industry (London Loves Business) Are you prepared?

ENGlobal Government Services Announces Private Sector Initiative and Added Cyber Security Expertise (Power Engineering) ENGlobal Government Services, Inc. (EGS), a subsidiary of ENGlobal Corporation (NASDAQ: ENG), a leading service provider to the U.S. Department of Defense for engineering, automation and cyber security services, announced today that it is now offering its heritage services and expertise to the private sector.

BLU makes its triumphant return to Amazon (Phandroid - Android News and Reviews) After its devices were pulled last week, BLU devices are now officially available again for purchase through Amazon, after a "false alarm".

Technologies, Techniques, and Standards

National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST) The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce, is a partnership between government, academia, and the private sector working to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.

Preparing for GDPR: Pay Attention to Third Party Services (Infosecurity Magazine) The wages of ignorance in this case are likely to be sanctions – which, as we have seen, can be substantial.

ESET provides sustainable cyberspace security (Business Day) ESET has partnered with the National Information Technology Development Agency (NITDA) to provide standard guidelines to protect Nigeria’s cyberspace and ensure that the Information Technology (IT) administrations of all federal government institutions have access to periodic cyber security trainings by ESET experts on emerging threats.

DoD beefing up missile systems’ cyber defenses (Fifth Domain) A tenant of the internet of things industry is that anything connected to the internet is connected to hackers. But when you’re talking about a trillion-dollar ballistic missile system, that possibility is unacceptable.

Smart cars need to be protected from hackers, says UK government (Verdict) The UK government has released new guidance to ensure that smart cars, and the future self-driving counterparts, are protected from hacking

Self-driving cars vs hackers: Can these eight rules stop security breaches? (ZDNet) The UK has issued a set of cyber security guidelines for vehicles.

Overview of the principles for obtaining good cyber security within the automotive sector. (Department for Transport and Centre for the Protection of National Infrastructure) As vehicles continue to become smarter, it’s crucial that we take the correct steps to make them cyber secure.

Figuring out multifactor authentication (FCW) With NIST now restricting the use of Short Message Service, what are the authentication options for federal agencies?

Navy halts access card transition, orders review (FederalNewsRadio.com) The Navy is extending the deadline for contractors and vendors to transition to the Defense Biometric Identification System.

Automating the hunt for cyber attackers (Help Net Security) In this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, ta

Achieving Optimised Security (SecureWorks) Rethinking the risks associated with an immature security model can be the first step to better protecting your organisation

An Introduction to Cyber Security Risks and Responsibilities (Virtual College) Cyber security is a hugely important concern for businesses of all sizes.

Hackers are targeting your banking app, but you can fight back (NerdWallet) More and more people are using mobile banking apps — and that's quite a lure for hackers trying to steal users' personal information. If you're a bank customer, you need to be ready to protect your devices and accounts.

Threat Hunting Services Are Now a Basic Necessity (Security Intelligence) EDR solutions enable threat hunting teams to fine-tune behavioral detection rules and determine the techniques by which malware spreads through a network.

Design and Innovation

WWT Targets Drone Threats with Dedrone Partnership (Channel Partners) Dedrone, which signed an alliance with the World Wide Technology this week, helps businesses combat threats from drones. WWT will integrate Dedrone's technology into other security solutions and showcase it at WWT's Advanced Technology Center in St. Louis, Missouri.

A crypto currency that actually works arrives in Ghana (Ghana Web) Block chain based digital currencies based on cryptography have become increasingly popular...

New cryptocurrency to be operational in Ghana (Citifmonline) Block chain based digital currencies based on cryptography have become increasingly popular worldwide, despite their inherent problems. Finally, a new crypto currency that offers both price stability and merchant sales capabilities is arriving in Ghana.

Research and Development

IBM India Helps Create Breakthrough Encryption Technology That's Completely Hacker Proof (indiatimes.com) The system is the first in the industry to offer 100% encryption of this kind

First electronic warfare prototypes from Army’s Rapid Capability Office put to test (C4ISRNET) An air assault unit ― the 2nd Brigade Combat Team, 101st Airborne Division from Fort Campbell, Kentucky ― at the Network Integration Evaluation last month put the first prototypes of several of the Army Rapid Capabilities Office’s electronic warfare solutions to the test out in a hot, austere environment.

Academia

World’s Biggest Student-Led Cyber Security Games Expand to Israel (NYU Tandon School of Engineering) The world’s biggest student-run cyber security event will get even bigger this year: Cyber Security Awareness Week (CSAW), founded 14 years ago by the New York University Tandon School of Engineering...

Internet security tips for middle school and high school students (ESET) Between the ages of 10 and 11 is, on average, when kids get their first cellphone. So by the time they reach junior high and high school, they likely know more about the technology than you do.

Legislation, Policy, and Regulation

North Korea’s Not So Crazy After All (Recorded Future) In this episode we explore unique insights into how North Korean leadership and ruling elite use the internet and what that tells us about their intentions.

UN Asks Apple for More Info on Pulling VPNs in China (Infosecurity Magazine) UN Asks Apple for More Info on Pulling VPNs in China. Special rapporteur wants to know if it raised human rights issues

U.S. Has More to Lose Than Russia in Spy Expulsions (The New Yorker) Statecraft is built on expectations of proportionality. But the United States stands to lose more in the latest round of spy expulsions.

Congress may mandate 'information warfare' plan for Russia (Washington Examiner) 'Russia is not America's friend,' Rep. Eliot Engel wrote. 'While we, too, would ultimately like to see better relations with Russia, the Kre...

Britain is a bystander in online privacy battle (Times) A few years ago, as a largely vexatious experiment, I asked Google to exercise my “right to be forgotten”. I planned to write about this at the time, but I forgot. Remembering yesterday, when I...

Congress looks to take the wheel on autonomous vehicles (Naked Security) With autonomous vehicles an obvious target for attack, moves by Congress to make their security a priority is a welcome start – but it’s only a start

No, the U.S. Government Should Not Disclose All Vulnerabilities in Its Possession (Lawfare) Newly revived calls for the U.S. government to release all the vulnerabilities it holds are understandable but misguided.

Good guys and bad guys race against time over disclosing vulnerabilities (Naked Security) What’s at stake when we don’t share vulnerability data?

Warrantless US Spying Is Set to Expire Soon. Let It Die (WIRED) Opinion: It's time to let the sun set on warrantless surveillance.

DHS CIO Staropoli Quits After Just Three Months (Infosecurity Magazine) DHS CIO Staropoli Quits After Just Three Months. Latest departure bad news for government cybersecurity strategy

Foster to leave as Department of Navy CIO (FederalNewsRadio.com) Rob Foster will join the National Credit Union Administration as its deputy chief information officer after stepping down as the Navy CIO.

Army gets a new, long-awaited CIO (C4ISRNET) Maj. Gen. Bruce Crawford arrives at Pentagon after months in waiting.

1st Federal CISO offers Trump administration cyber advice (Fifth Domain) Chatting live with Gen. Gregory Touhill, the first federal CISO, on the state of federal cybersecurity and his new role with Cyxtera and Bay Dynamics.

Trump Likes When C.I.A. Chief Gets Political, but Officers Are Wary (New York Times) Mike Pompeo has become a favorite of the president’s with tough talk and hawkish views at the helm of the C.I.A., which prides itself on being apolitical.

Litigation, Investigation, and Law Enforcement

Find the lost boys before the extremists do (Times) ‘Sometimes people with the worst pasts create the best futures” says a recruitment ad for the British jihadist group Rayat al-Tawheed, posted on Facebook, which shows a picture of a hooded man...

German police nab crooks with tighter anti-terror checks (Deutsche Welle) There are tighter passport controls across the EU this summer, aimed at keeping track of suspected terrorists. A side effect is that police have been able to catch up with other wanted criminals.

Rod Rosenstein: Mueller needs to come to me if he wants to chase any crime outside scope of Russia probe (Washington Examiner) 'Bob Mueller understands and I understand the specific scope of the investigation, and so no, it's not a fishing expedition.'

Duped Into Wiring $5 Million Cyber Insurance Could Cover It (New York Law Journal) In their Privacy Matters column, Richard Raysman and Peter Brown write: Courts have begun to encounter a growing number of disputes over cyber insurance coverage...

INTERPOL and Palo Alto Networks strengthen efforts in combating cybercrime (Control Engineering Asia) The accord provides a framework for threat information exchange focusing on data related to criminal trends in cyberspace, cyberthreats and cybercrime.

Internet hoax drives Haitian asylum seekers over US border to Canada (Times) It started with a WhatsApp message that read like an answer to the prayers of thousands of immigrants fearing deportation by President Trump. Canada wanted them, it promised — a revelation that...

Disney slammed with class-action complaint for unlawfully exfiltrating kids' personal data (Graham Cluley) Happiest Place on Earth owner accused of “highly offensive” privacy intrusions…

Lieff Cabraser and Carney Bates & Pulliam Announce New Class Action Lawsuit Against Viacom Alleging Violations of Child Online Privacy Protection Laws (News 9) Lieff Cabraser and Carney Bates & Pulliam announce the filing of a federal class action child privacy protection lawsuit on behalf of parents in California against Viacom and others.

Hotspot Shield VPN Accused of Breaking Privacy Promises (Infosecurity Magazine) Hotspot Shield VPN Accused of Breaking Privacy Promises. Non-profit group files FTC complaint over

Finjan Sues SonicWall for Patent Infringement (Sys-Con Media) Complaint filed in the Northern District of California

The FBI Booby-Trapped a Video to Catch a Suspected Tor Sextortionist (Motherboard) The FBI showed it uses more targeted methods to potentially deanonymize Tor users.

Top cop probed over crime intel boss' security clearance (IOL Politics) A high-ranking officer accused of fraudulently procuring a top security clearance certificate for the crime intelligence ...

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

The Chertoff Group Security Series presents “Security in the Boardroom” in Palo Alto, CA on August 23rd.
Cyber Security Conference for Executives

Newly Noted Events

Embracing Innovation and Diversity in Cybersecurity (Washington, DC, USA, August 11, 2017) Drawing from the experience of a panel of experts in the field, this event will explore how diversity in thought perspective, background, and professional experience is instrumental to solving today’s cybersecurity challenges. The conversation will examine how each speaker found their career, what advice they would give to others following in their footsteps and recommendations on how to increase diversity in the cyber workforce through mentoring and education initiatives.

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

Cyber Georgia 2017 (Augusta, Georgia, USA, October 12 - 13, 2017) Cyber Georgia 2017 will focus on convening industry, academia, and government to examine cyber threats and discuss how to better prepare for a cyberattack or denial of service in the hospital and public health arena.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling with security concerns. INsecurity will feature some of the industry’s most recognized and knowledgeable CISOs and IT security experts, in a setting that is conducive to interaction and conversation.You’ll have a chance to meet colleagues in the cybersecurity profession to discuss the everyday challenges you face in protecting enterprise data. And you’ll get in-depth insights on how other organizations perform security best practices, and how they manage their teams.

Upcoming Events

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited time the training is being offered at a $1295. This training will provide the ITP Manager / Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP /NISPOM CC2, and go beyond these regulations to establish a robust and effective ITP. Any individual involved with supporting an ITP will also gain valuable knowledge. A licensed attorney with extensive experience in Insider Threats and Employment Law will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Any organization (State Government Agencies, Businesses, Etc.) that are not required to implement an ITP, but are concerned with Insider Threat Risk Mitigation will also benefit greatly from this training.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The Leading Fall Forum on Cybersecurity on September 13 at the Washington Convention Center in Washington, D.C. will bring together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.