Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

The daily briefing.

Special Section: the eighth annual Billington CyberSecurity Summit (our regular summary appears below)

We're back in Washington today for the annual Billington CyberSecurity Summit.

The event has attracted approximately a thousand attendees, with speakers from ten countries. We'll be providing continuing coverage this week, with live tweeting (#Billingtonsummit) from the conference.

The view from the US Director of National Intelligence.

Director of National Intelligence Daniel Coats (delivering the opening keynote in a pleasantly self-deprecating tone) highlighted the importance of systematic and well-structured information-sharing to protecting a critical infrastructure that's increasingly connected and thoroughly pervaded by the Internet-of-things.

He began by alluding to the expanding array of international threats, cyber threats prominently among them, and reviewed the familiar classes of threat actors, singling out, in approximate order of severity, the threat from Russia, China, Iran, and North Korea. 

A "cyber 911," a major attack on critical infrastructure, he takes to be a real possibility. Increasing connectivity is amplifying the consequences of any attack. Coats placed unusual emphasis on the danger of attacks aimed at corrupting data. Such an emphasis is consistent with his overall emphasis on the adversaries' goal: erosion of public trust.

The DNI assured the audience that the Intelligence Community is doing all it can to deliver actionable intelligence to its partners. But he argued that such intelligence is actionable only when it is collaborative and understood in the context of vulnerabilities. Thus, he said, improved information sharing among government and the private sector is an imperative.

Coats thinks such sharing has become needlessly complex. He called for a common approach and a common vocabulary to facilitate collaboration, and he added that the ODNI's model for moving toward these is no secret. A common, structured, hierarchical approach will help all parties, he said.

His other major concern with respect to cyber lies in fostering security by design, which he regards as essential given the rapid proliferation of Internet-of-things devices across everyone's networks.

DNI Coats closed by inviting the private sector to join in fostering collaborative information sharing and security by design. The Intelligence Community is limited in what it can say publicly, but he wished to assure everyone that the IC is working professionally, objectively, and on good close terms with the Administration.

Today's regular daily summary starts here.

North Korea, hit by international sanctions over its missile and nuclear tests (and the explicit threats it's been making against many countries including but not limited to South Korea, Japan, and the United States) ramps up its raids on Bitcoin sources.

The Equifax breach extends to individuals outside the US. The first reports of non-US citizens' data being compromise arrived from Canada and the UK (British compromises may be as high as forty million). It's now thought that data belonging to people in Argentina were also lost on a large scale. Early indications suggest Argentina won't be the only Latin American country affected.

The breach has placed authorities on heightened fraud alert, and consumer anger hasn't been allayed by warnings that their attempts to place a freeze on their credit may be insecure. Equifax will surely take a major financial hit. The Ponemon Institute has estimated the probable loss in the tens of millions, but that should be interpreted as a low-end guess.

Yesterday was Patch Tuesday, and Microsoft swatted eighty-two security bugs, twenty-five of them rated "critical." One of them is the .Net vulnerability that's being exploited in the wild, reportedly to spread FinFisher spyware. The patches also address the BlueBorne vulnerability.

Tensions between Middle Eastern Shi'ite powers and Iran remain high (and tensions among some of the Shi'ite countries—notably Saudi Arabia and the United Arab Emirates on one side, Qatar on the other—are also non-negligible).

A prominent member of the Russian Duma crows about influence operations.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting Argentina, Bahrain, China, Egypt, the Democratic Peoples Republic of Korea, New Zealand, Qatar, Russia, Saudi Arabia, the United Arab Emirates, the United Kingdom, and the United States.

Third party breaches are here to stay – here’s how to stop the threat.

Threat actors are always looking for the easiest, fastest, and most inexpensive way to get what they want – enter third party breaches. How can organizations prioritize their efforts to reduce third party risk? Learn more in a webinar with LookingGlass Cyber Solutions’ Senior Sales Engineer Ryan Curran on Thursday, September 14 @ 2pm ET. Ryan will discuss how to tell if your vendors are already compromised, and how to use threat intelligence for actionable intelligence on your vendors’ vulnerabilities. Sign up now.

On the Podcast

In today's podcast we hear from our partners at the Johns Hopkins University, as Joe Carrigan talks about the prospect of VPN providers collecting private user data. Our guest, Dr. Richard Ford (Chief Scientist at Forcepoint) shares insight into the Equifax breach.

Sponsored Events

EAGB Breakfast Series: Leading the Cyber Transformation (Baltimore, Maryland, USA, September 19, 2017) Join us to discuss how the Baltimore-Washington region’s ‘tech hub’ reputation has helped build a solid foundation in cyber activities. Our panelists will discuss the transformation that is underway on the commercial side of cyber.

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Maryland Cyber Day Marketplace: Information. Connections. Solutions. (Baltimore, Maryland, USA, October 10, 2017) Register today to participate. Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for CYBERSECURITY BUYERS (commercial businesses, government agencies, academic institutions and non-profit organizations of any size in any industry) to connect with, get to know and purchase cybersecurity solutions from Maryland's CYBERSECURITY PROVIDERS. The day will be a combination of face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking and a wrap-up luncheon with a keynote speaker. Presented with our program partner the Better Business Bureau of Greater Maryland.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

North Korea Hackers Step Up Bitcoin Attacks (Bloomberg.com) Prices and popularity are rising.

In Persian Gulf, computer hacking now a cross-border fear (Fifth Domain) From suspected Iranian cyberattacks on Saudi Arabia to leaked emails causing consternation among nominally allied Arab nations, state-sponsored hacks have become an increasing worry among countries across the Persian Gulf.

Ayuda! (Help!) Equifax Has My Data! (KrebsOnSecurity) Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans.

Expert: Fraudsters may already be trying to use breached Equifax data (Yahoo! Finance) Forter, an e-commerce fraud prevention company, said they saw a "huge" spike in account takeovers in August, something they believe is a result of the recently-disclosed Equifax data breach.

How Much Will the Data Breach Cost Equifax? (Data Center Knowledge) The company is certain to eventually be out untold tens of millions of dollars from the data breach it announced last week.

Equifax flaws exposed by hack attack (Financial Times) Questions about strength of cyber defences have fuelled rising anger over data breach

What's the Fallout from the Equifax Breach? Hint: It Isn't Looking Good for Anybody (The VAR Guy) From Equifax to the 143 million Americans whose data is at risk, nobody is coming out of this breach unscathed.

Equifax Hack Teaches Hard Lessons About Data Regulation and Incident Response (New York Law Journal) The credit bureau's leakage and widely reported missteps in its assessment tool could proffer a cautionary tale for other organizations.

Five questions about the massive Equifax breach (TheHill) The breach is potentially of a scale and scope the country has never seen.

FireEye pulls Equifax boasts as it tries to handle hack fallout (Register) Now credit freezes may not even be secure

Equifax hack: What's the worst that can happen? (CNNMoney) The Equifax hackers made off with the most crucial tools that identity thieves need to impersonate you. The worst-case scenario is a very real threat to millions of Americans.

After Equifax cyberattack, prepare for the next hack: experts (PennLive.com) Experts say consumers should monitor their information for potential breaches, and to prepare for others.

The Equifax hack could make the next hack worse (Financial Times) One of the reasons Equifax’s data breach is so bad is that it could make future cyber attacks far more effective.

Linux Malware Could Run Undetected on Windows: Researchers (Security Week) A new Windows 10 feature that makes the popular Linux bash terminal available for Microsoft’s operating system could allow for more malware families to target the operating system, Check Point researchers claim.

Bashware: Malware Can Abuse Windows 10's Linux Shell to Bypass Security Software (BleepingComputer) Bashware is the name of a new technique that allows malware to use a new Windows 10 feature called Subsystem for Linux (WSL) to bypass security software installed on an endpoint.

.NET Zero-Day Flaw Exploited to Deliver FinFisher Spyware (Security Week) One of the vulnerabilities patched by Microsoft with this month’s security updates is a zero-day flaw exploited by threat actors to deliver FinFisher malware to Russian-speaking individuals.

Disclosure of 10 D-Link Zero-Day Flaws Raises Huge Router Security Concerns (Security Intelligence) Router security fears have prompted a researcher to recommend that members of the general should disconnect their D-Link 850L routers from the internet.

Hackers Got Into America’s Power Grid. But Don’t Freak Out. (Fortune) Symantec's report on Dragonfly 2.0 implies hackers infiltrated America's power grid and can cause blackouts. That isn't true.

'Ransomware of things' spell trouble for transportation industry (SC Media UK) The next step in the evolution of ransomware would be to target connected devices subsequently creating a ransomware of things (RoT).

Crashes at Sea Dog U.S. Navy in Crowded Waters – The Cipher Brief (The Cipher Brief) While maritime accidents are bound to occur, the consistency and regional concentration of the U.S. Navy mishaps in the Asia-Pacific beg for explanation. Cyber vulnerabilities have long been acknowledged against commercial maritime vessels, but the targeting of new naval systems – whether for navigation, engine and steering control, or commanding emerging autonomous surface and submersible … Continue reading "Crashes at Sea Dog U.S. Navy in Crowded Waters"

5 reasons why device makers cannot secure the IoT platform (Network World) Security standards will not protect the emerging IoT platform that will remain vulnerable until post-platform security arrives.

Sharing IOT malware rife, botnets now child's play as teen arrest shows (SC Media UK) Teen hacker caught trying to build up botnet to hack CCTV cameras: attacking IoT devices is literally child's play, thanks to widespread sharing of malware.

How is Pegasus malware different on Android than on iOS? (SearchSecurity) Pegasus malware is now a threat to both iOS and Android devices. Here's a look at the difference between the iOS version and the Android version, Chrysaor.

Mobile cyber attacks on a dramatic increase (Information Age) With the cyber threats faced by mobile phone users ramping up, the need for more secure mobile apps is increasing

Scam Alert: Red alert issued for software that alters delivered email (Reading Eagle) A new email exploit, RopeMaker, undermines the security and nonrepudiation of email.

Are cryptocurrencies a dream come true for cyber-extortionists? [Commentary] (Fifth Domain) In researching cybercrime and cybersecurity for more than a decade, I have found that obtaining cybercrime proceeds is often the biggest challenge that cybercriminals face.

The Threat Of Cybercrime As A Business (Forbes Middle East) Who isn’t aware of the continuing threat of a cyberattack or a cybercrime? The potential loss in financial, social and reputational cost due to our lack of awareness, preparedness or appetite in addressing the threat of a cyber breach fills countless column inches daily.

Why are redditors ripping images from Instagram? Because they can (Naked Security) If you’d rather a bunch of random people on the internet didn’t ‘archive’ your photos, you’re not alone – Instagram is trying to stop them

F1 'lucky' to have avoided a cyber-attack (Eurosport) Formula 1 has been "lucky" to avoid a serious ransomware attack, claims a leading computer expert who has become heavily involved in grand prix racing.

Bad News If You Watch Porn On Your Phone (D'Marge) Your next sneaky session of porn on the smartphone or mobile device could see your public life crash and burn.

Security Patches, Mitigations, and Software Updates

Microsoft September Patch Tuesday Fixes 82 Security Issues, Including a Zero-Day (BleepingComputer) Moments ago, Microsoft published the September 2017 Patch Tuesday, and this month the OS maker fixed 82 security bugs. Among the patches, there is one zero-day vulnerability exploited in the wild and three bugs whose details became public but have yet to be exploited in attacks.

Microsoft Patches .NET Zero Day Vulnerability in September Update (Threatpost) Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.

Netwrix Releases Free Add-ons for Privileged User Monitoring on Linux and Unix Systems and for Generic Linux Syslog (PRNewswire) Netwrix Corporation, provider of a visibility platform for user...

Cyber Trends

John Davis Of Palo Alto Networks Discusses The Security Landscape (International Business Times) John Davis, Vice President and Federal Chief Security Officer at Palo Alto Networks, discusses the public and private side of cybersecurity and what the sectors can learn from one another.

Steps to tackle cyber security breaches (ETtech) With more organizations introducing technology-based systems such as cloud computing into their work culture, the threat of a cyber-security breach ha..

Indian businesses least prepared for cyber breaches despite high cybersecurity awareness: ESET Survey (AsiaOne) Despite 77% of SMBs in India having cybersecurity awareness programmes in place for employees, Indian SMBs also experienced the highest rate of cybersecurity breaches (73%) within the past three years

Marketplace

Cybersecurity Stock Eyes Breakout After Equifax Hack (Investor's Business Daily) A Relative Strength Rating upgrade for FireEye shows improving technical performance.

Equifax's massive breach focuses attention on Symantec's LifeLock (TheStreet) People are frantically searching for information on LifeLock in the wake of the Equifax data disaster.

Maryland firm acquires Johns Hopkins startup Fractal Technology (Technical.ly Baltimore) Cofounders Alex Sharata and JR Charles will join Sunayu in the deal. They're applying the technology to a new area of cybersecurity.

Five Months Into Activist Campaign, Elliott Offers to Buy Gigamon (TheStreet) The insurgent investor had been pushing to have the network visibility and traffic monitoring technology company sell itself. Now it may be hoping that its bid will stimulate demand from strategic buyers. However, the activist fund may be hoping that Gigamon agrees to be acquired by the fund's private equity unit.

Russian Cyber-Security Firm Kaspersky Could Shutter Washington Offices (Moscow Times) The creators of the famous anti-virus software face increased scrutiny over suspected ties to Russian security services

In Search Of Growth: Fortinet (Seeking Alpha) The Street continues to value Fortinet like an average player, which it isn't. Fortinet's depth and breadth of innovation is being overlooked as Mr. market favo

Avast hits partners with AVG integration (Channelnomics) Vendor discusses unified portfolio and partner program with Channelnomics

Northrop Grumman Adds to Growing Cybersecurity Hub in San Antonio | Xconomy (Xconomy) San Antonio---Northrop Grumman, the military contractor that makes everything from cybersecurity systems to fighter planes, has signed a five-year lease on

New Dayton cyber-security firm celebrating new home (Dayton Daily News) Dayton Galois open house

Deutsche Telekom, Orange, Singtel, Telefónica pick innovative tech start-ups (WebWire) Go Ignite, an alliance of the world’s leading telcos including  Deutsche Telekom,  Orange,  Singtel  and  Telefónica  today announced the winners of the second global search for start-ups that offer the most innovative solutions for three key technologies including Consumer Experience Artificial Intelligence, Connected Homes and Internet of Things Cyber Security. This year’s winners are Sparkcognition and NanoLock Security for IoT Cyber Security; Cujo and Vayyar Imaging for Connected Hom...

How to find cyber security Jedi heroes to fight "The Dark Side" (Tech Wire Asia) The demand for skilled cyber security professionals is stronger than it has ever been. Cyber criminals see no geographic borders and have the capabilities and tools needed to target people, organizations, and systems anywhere in

BlueCat Expands Board to Disrupt DNS Security Market (Canada NewsWire) Internationally Recognized Security Expert, Richard Clarke, and Former CEO of Fieldglass, Jai Shekhawat, join BlueCat...

Generali Global Assistance Appoints Vladimir Poletaev as VP of Global Business Development for Identity & Digital Protection - Generali (Generali) Generali Global Assistance (“The Company”), a leader in the assistance industry since its founding in 1963, part of the global Generali Group, and the developer of a proprietary and innovative identity and digital protection platform, today announced the appointment of Vladimir Poletaev as Vice President of Global Business Development for Identity...

Pierce Atwood Partner Peter J. Guffin Selected as Arbitrator for EU-US Privacy Shield Program (Pierce Atwood) Peter Guffin, who heads Pierce Atwood’s Privacy & Data Security practice, has been selected by the US Department of Commerce and European Commission to serve as an arbitrator for the EU-U.S. Privacy Shield arbitration program. The 16 individuals selected to serve as arbitrators are among the country’s leading privacy law scholars and practitioners.

Cybersecurity Luminary Ron Gula Joins KoolSpan’s Board and Cyber Sales Veteran Mark Leveratt Joins as VP Sales EMEA (Sys-Con) KoolSpan, Inc., the global leader for secure calling and messaging solutions for mobile phones, announced today that renowned cybersecurity industry veteran Ron Gula has joined the company’s Board of Directors and cybersecurity veteran Mark Leveratt joins as VP Sales EMEA.

Northern Virginia Technology Council Announces New Appointments to Its Board of Directors (Benzinga) Senior Leadership from Microsoft, BAE Systems, IntelliDyne, CALIBRE Systems and The Ambit Group Join NVTC Board.

SpyCloud Appoints Cisco and Thales e-Security Executives to its Board of Directors (Sys-Con Media) SpyCloud welcomes two cybersecurity industry veterans to the team

Flashpoint - Industry Veteran Seán McGurk Joins Flashpoint to Lead Advisory Services (Flashpoint) I’m thrilled to announce that industry veteran Seán McGurk has joined Flashpoint as our Executive Director of Advisory Services.

Products, Services, and Solutions

AdaptiveMobile Launches SIGIL, the World's First Global Signalling Intelligence and Security Analytics Service (BusinessWire) Company develops proprietary AI cloud offering to identify evolving signalling threats, enabling operators to proactively protect against next-generation attacks

The Finnish Kaitotek makes network measurement tool developed by VTT available to industry (EurekAlert!) Kaitotek Oy (Ltd), which was founded early this year, is continuing the development of software, begun by VTT Technical Research Centre of Finland, for measuring and monitoring the quality of service of networks.

ManTech’s Advanced Cyber Range Environment achieves full operational capability (Homeland Preparedness News) ManTech International Corporation recently announced full operational capability of its Advanced Cyber Range Environment, a system that enables users to test and evaluate the cyber-preparedness of their networks and to train in the latest defensive cyber technologies...

WISeKey's new IoT platform and Semiconductors ideally positioned to capture substantial market share on the 'Path to a Trillion IoT Device' (markets.businessinsider.com) WISeKey's new IoT platform and Semiconductors ideally positioned to capture substantial market share on the 'Path to a Trillion IoT Device'

SailPoint and VMware Partner to Deliver Identity Governance to Modern Mobile Workforces (BusinessWire) SailPoint today announced an extension of the company's existing partnership with VMware.

ThreatConnect makes order out of threat feed chaos (CSO Online) Dealing with too many threat feeds exemplifies that old proverbial wisdom that too much of a good thing can become a bad thing. That's where ThreatConnect comes in.

Hill Top Security Secures First Customers for Military-grade, Cyber Security Platform (PRNewswire) Hill Top Security, Inc. ("HTSI" or the "Company") and...

Technologies, Techniques, and Standards

Equifax breach confirms need for NIST cybersecurity measures (Information Management) This attack is totally inexcusable. This wasn’t a technical assault – this was a simple access by hackers through a web application that was not properly secured.

How to defend yourself against identity theft after the Equifax data breach (USA TODAY) Worried about having your identity stolen by hackers who stole your personal data from Equifax? Put a "freeze" on your credit report.

Vietnam CERT plays major part in ASEAN cyber response drill (Security Brief) Vietnam’s Computer Emergency Response Team (VNCERT) conducted a major ASEAN CERT Incident Drill this week.

Security Channel Chiefs: Here's Why Legacy Security Technologies 'Won't Cut It' Anymore (CRN) There's a new generation of security technologies. In a roundtable discussion at XChange 2017, top channel chiefs define what that next generation of security means, and why solution providers shouldn't place their bets on legacy technology.

Organizations are uncovering a cloud security paradox (Help Net Security) Security remains a top concern for enterprises moving to the cloud as their legacy on premise security/SIEM tools are insufficient.

Why end-to-end encryption is about more than just privacy (Help Net Security) End-to-end encryption is also critical for protecting business data, and our very lives and limbs as the Internet of Things becomes the norm.

Cyber companies urged to share — and not sell — threat info (Cyberscoop) Companies that manage and distribute threat intelligence need to stop thinking of their curated feeds as a competitive advantage and instead share them as widely as possible, officials and executives from the power and telecoms sector urged last week...

Locking Down Multiple Devices in the Office (Kensington) More IT theft takes place in the workplace than many realize.

Deloitte urges organisations to be "Regulator Ready" (IOL Business Report) With the implementation of the Protection of Personal Information Act, organisations should be regulator ready within the next 18 months.

Design and Innovation

How blockchain can save consumers from a hack like Equifax (FreightWaves) Hacking of personal information could become harder on blockchain

The case for blockchain in healthcare (Pharmaphorum) Blockchain is the tool needed to manage the vast quantities of data swamping healthcare systems.

New iOS11 features create fresh headaches for law enforcement (Naked Security) The latest version of the iPhone and iPad platform requires a six-digit passcode before it will sync with a new laptop – and revealing a passcode does have Fifth Amendment protection

Does Apple Face ID Make It Easier For Feds To Hack The iPhone X? Yes And No (Forbes) Apple has done plenty of good for security and privacy-conscious individuals.

Karamba’s Autonomous Security Meets New NHTSA, U.S. DOT Guidance for Automated Driving Systems Safety and the SELF DRIVE Act (GlobeNewswire News Room) Karamba Security, a provider of cybersecurity solutions for connected and autonomous vehicles, today announced that Karamba’s Autonomous Security enables automotive technology providers to meet the goals set out in the National Highway Traffic Safety Administration (NHTSA) and U.S. Department of Transportation (DOT)’s newly published federal guidance, Automated Driving Systems (ADS)...

Research and Development

DARPA Wants to MacGyver the Internet Using Only What's in Troops' Pockets (Defense One) The research agency wants to tap the computer power of the devices warfighters already have to network anywhere.

DOE invests $50 million to improve critical energy infrastructure security (Help Net Security) DOE will award of up to $50 million to support early stage research and development of next-generation tech for critical energy infrastructure security.

Legislation, Policy, and Regulation

The New Face Of War: Security In The Age Of Cyberwarfare (HuffPost) National security is a bipartisan issue of the utmost importance.

Russian pol: US intel missed 'Russian intelligence' stealing 'the president of the United States' (TheHill) On a Sunday panel show, Russian politician Vyacheslav Nikonov said U.S. “intelligence missed it when Russian intelligence stole the president of the United States.”

Experts Discuss Future of Cyber Threats in Politics (Harvard Crimson) Campaign managers for Hillary Clinton and Mitt Romney lamented cyber attacks on their respective campaigns at the IOP Monday.

Trump wants Congress to reauthorize surveillance tool (Fifth Domain) Attorney General Jeff Sessions and National Intelligence Director Dan Coats wrote a letter Monday to top Republicans and Democrats in Congress, asking them to not only reauthorize it as it’s written, but make it a permanent fixture in the law books.

Lawmakers Want Limits on Wiretaps Despite Trump Administration Objections (New York Times) House Judiciary leaders want to temporarily extend and curb an expiring surveillance law, but national security officials want it made permanent without changes.

Ratcliffe explores using private sector best practices to recruit, retain cybersecurity workforce - Ripon Advance (Ripon Advance) U.S. Rep. John Ratcliffe (R-TX) convened a hearing on Sept. 7 to examine strategies for the Department of Homeland Security (DHS) to recruit and retain qualified cybersecurity personnel. Ratcliffe, the chairman of the House Homeland Security Subcommittee on Cybersecurity and Read more...

Litigation, Investigation, and Law Enforcement

Equifax feels the heat in Washington for breach (TheHill) Equifax is under intense scrutiny in Washington for a massive data breach that potentially exposed the personal information of 143 million Americans.

Senate Russia investigators weigh issuing interim report (POLITICO) Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and top Democrat Mark Warner of Virginia have had at least one meeting on the matter and plan to continue discussing it.

Trump campaign starts giving documents to Robert Mueller as part of Russia probe: Report (Washington Examiner) Lawyers at Jones Day, the law firm representing the campaign, are locating the documents requested by Mueller and his team of investigators.

White House: Justice Department should 'certainly look at' prosecuting former FBI Director James Comey (Washington Examiner) 'If they determine that's the course of action to take, then they should certainly do that,' Sarah Sanders said of the Justice Department pr...

China-born New Zealand MP probed by spy agency (Financial Times) Government politician Jian Yang spent decade at elite Chinese military academies

Police bust UP gang for cloning fingerprints of Aadhaar operators (Moneycontrol) The incident once again highlights vulnerabilities in the Union government's identity project.

Regulator warns of ‘scam’ virtual currencies (Times) The City watchdog has warned about the perils of investing in virtual currencies such as bitcoin as it emerged that one fund purporting to invest in so-called cryptocurrencies had collapsed with...

Shropshire cyber attack: Student who targeted county firm to be sentenced for world-wide offences (Shropshire Star) A student who ran a web business supplying malware that was used to attack the accounts of a Shropshire business as well as some of the world’s leading companies will be sentenced at Manchester Crown Court tomorrow.

Henderson uses Homeland Security grant for cybersecurity (KTNV) Henderson is using a Department of Homeland Security grant to augment the city’s cybersecurity program by enhancing the monitoring of its presence on the internet and the darknet.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

EAGB Breakfast Series: Leading the Cyber Transformation
Earn a master’s degree in cybersecurity from SANS
Maryland Cyber Day Marketplace: Information. Connections. Solutions. Hundreds of Cybersecurity Buyers and Providers in One Location on One Day.
Florida’s Annual Cybersecurity Conference

Newly Noted Events

Workplace Violence Prevention - Active Shooter / Assailant Response Workshop (Laurel, Maryland, USA, October 23, 2017) The National Insider Threat Special Interest Group (NITSIG) has partnered with Law Enforcement (Maryland State Police), OSHA, Maryland Emergency Management Agency and and other Workplace Violence Prevention experts to provide a one-day training workshop for security professionals and others interested in implementing a Workplace Violence Prevention and Active Shooter / Assailant Response Program. Workshop participants will gain valuable in-depth knowledge about workplace violence, including legal issues, prevention, intervention, and response. (The intelligence and privacy issues have cyber dimensions.)

Upcoming Events

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda here.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While the Federal government is focused on security, new adversaries and attack vectors still emerge hourly. What are the early grades on the new Administration’s response to the growing cyber threat? How can collaborative tactics and integrated intelligence tools strengthen a proactive cyber defense? Join us at the sixth annual Cyber Security Brainstorm on September 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times.

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create further awareness of cyber security among the youth of the UAE.

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their organizations would be successful this year. Top causes for this exposure relates to a lack of skilled people, budget, and awareness. New techniques for mobility, using personal devices, and applications represent a more than 60% risk. Only 11% of organizations rate their defenses very effective (Schulze, 2017).

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful information that attendees can develop into an action plan. Key Areas of Focus Include: Strategy, Process Improvement and Alignment, Innovation and Technology; Career Management and Leadership Development.

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking organizations. The goal of our conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations. (ISC)² members are eligible for special discounted pricing and will have opportunities to attend exclusive member events.

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment. (Note: the call for speakers is open through April 4, 2017.)

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance innovative solutions to cybersecurity challenges.

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals, it is the most participative and productive event of the year. Undoubtedly the world's best annual source of advice in Information Security, COSAC makes available to you, in a fully residential format, presenters and facilitators who are the very best in the world. Collectively they have many hundreds of years of practical experience, have published thousands of major articles and books, and have proven records of success all over the globe.

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You need to be aware of the most effective tactics and tools to meet the ever-growing threat. CSX 2017 offers keynote speakers and sessions that dive deep into what you need to know now.

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity for meaningful interaction between growth oriented cybersecurity companies and our Fortune 1000 client base.

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the new and continued threats such as Crash Override malware, Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransomware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity USA meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks on Saudi Aramco and the continued threats such as Stuxnet, Havex, Dragonfly, Black Energy, and the potential impact of ransome ware like #Wannacry on industrial control systems, the Cyber Senate return for the 4th Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure.

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations and international bodies, to discuss the threats and set out a vision for safer, more secure digital communications and data networks in the transport industry. CyberSecurity4Rail will draw on the experience of recent incidents and the expertise of those who are working to protect systems and prevent cyberthreat.

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity Europe, Infosecurity North America will focus on bringing together the information security community and end users to discuss how to overcome the most pressing cybersecurity challenges today. The topics include malware, cloud security, governance, regulation and compliance, threats, professional development, application security and digital forensics.

Hacker Halted (Atlanta, Georgia, USA, October 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those chapters and applying them in our newfound digital age. In an age where war is waged over cables and microchips instead of battlefields, one challenge is defining what war is and when war should be declared. Boundaries are being eroded as the globalization of technology continues its march across our physical landscape. Come learn strategies for Cyber War: Hacker Halted 2017.

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue together to unlock our potential and use the opportunities ahead. CYBERSEC’s mission is to foster the building of a Europe-wide cybsersecurity system. Our goal is to create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

2017 ISSA International Conference (San Diego, California, USA, October 9 - 11, 2017) Each day, cyber threats become increasingly intricate and difficult to detect. Over the past year, we saw that with the rise of device connectivity came boundless opportunities for malicious hackers to attack device vulnerabilities. No cyber security professional can become an expert on these digital dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and as many as 900 of your colleagues and peers in San Diego as we discuss topics ranging from incident response to application security to business skills for the information security professional. Join us at the 2017 ISSA International Conference and we’ll help you navigate the Digital Danger Zone.

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, October 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity solutions from Maryland's cybersecurity providers. This event combines face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking with a keynote and a wrap-up luncheon.

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and current administrations, the U.S. military, industry, and academia for a discussion of the past, present, and future of the security of our nation’s cyber infrastructure.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.