Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

The daily briefing.

ESET warns that the threat actor behind BlackEnergy—involved in past attacks against sections of Ukraine's power grid—is back. This time it's infected three "energy and transport companies" in Poland and Ukraine. ESET notes that the group has developed a new malware suite, "GreyEnergy," and that it appears positioned for further campaigns. Reuters says that ESET doesn't call out a nation-state as responsible, but naming BlackEnergy associates the activity with the GRU. Others, notably Britain's GCHQ, have called out BlackEnergy (a.k.a. "Sandworm," in FireEye's nomenclature) as an operation of the Russian military intelligence agency.

There's also a reported spike in Russian activity against diplomatic targets in Central Asia. ESET and Kaspersky track the campaign as DustSquad and Nomadic Octopus.

ISIS may be on the ropes in the last shreds of territory it operates in, but its online operations (mostly inspirational and informational) won't disappear as the terrorist group enters its diaspora phase. And the US Department of Defense thinks that the ISIS cyber template will be used by other terror groups for years.

The US Department of Homeland Security downplays the increase in reported threats to midterm elections. The increase DHS sees is an increase in reporting, which isn't necessarily correlated with an increase in the level of threat. The Department also reminds everyone that the voting data Anomali found in black market souks is for the most part already public.

The EU is also preparing for its upcoming elections. The principal concern in Europe is with information operations.

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting China, European Union, Iran, Kazakhstan, Poland, Russia, Ukraine, United Kingdom, United States.

Through the LookingGlass™: Top Trends to Keep Your Organization Cyber Aware

It’s 2018 and threat actors continue to leverage the same tactics – phishing, ransomware, social engineering – against their targets. The best way to fight these threats is to start with the basics. Join LookingGlass on Wednesday, October 24 @ 2PM ET for a discussion on how cyber criminals are leveraging ‘old’ tactics in ‘new’ ways. We’ll give you tips and tricks to avoid being a victim to the same old schemes. Sign up now!

On the Podcast

In today's podcast, out later this afternoon, we'll be hearing from our partners at Cisco Talos as Craig Williams on dealing with FUD. We also have a preview of our special edition on election security, featuring a talk with Kim Zetter of New York Times.

Sponsored Events

SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, United States, October 22 - 25, 2018) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Register today for the original ICS/SCADA Cyber Security Conference – October 22-25 in Atlanta.

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Hackers accused of ties to Russia hit three East European... (Reuters) Hackers have infected three energy and transport companies in Ukraine and Poland...

DoD knows future terror groups will seek to copy ISIS, turn social media into a weapon (Military Times) ISIS' use of social media will likely be replicated by a future network.

ISIS threatens more attacks 'in cyberspace and the real world' in chilling warning to the West (The Sun) A SINISTER poster purporting to come from ISIS has threatened cyber attacks against the West. The chilling caption on the image, which has been circulating online, reads: “We will terrorise you in …

Ministry of Defence information exposed to nation state attackers in 37 incidents (Computing) Sensitive information was left exposed to physical and cyber attackers in 2017,

UK's National Cyber Security Centre gives itself big ol' pat on the back in annual review (Register) Nixing 139k phishing sites is pretty good going to be fair

Cyber defense expert reverse engineers “The Big Hack” and says I would have done it that way, in fact he even suggested it in 2010 (VT News) After Bloomberg reported ‘The Big Hack,’ denials from the tech industry and government officials were swift and most reporting focused on these contradictions. However, cyber defense expert Matthew Hicks’ reaction was a little more like deja vu. Over 8 years ago he suggested something almost identical in his dissertation.

DHS Downplays Report That Data Thieves Are Selling Millions of Voters’ Data (Defense One) But your personal data from voting rolls is more public than you likely realize.

DHS cyber head pushes back on report of increased attacks on election infrastructure (TheHill) The Department of Homeland Security’s (DHS) top cyber official said Tuesday that a report on an increased number of cyberattacks on election infrastructure points to a rise in reporting the attempted hacks and not necessarily a spike in the attack

Fear of Russian Meddling Hangs Over Next Year's EU Elections (Bloomberg) EU pushes for measures on cybersecurity, combating fake news

Russia-Linked Hackers Target Diplomatic Entities in Central Asia (SecurityWeek) A Russia-linked threat group tracked as DustSquad and Nomadic Octopus has been targeting diplomatic entities in Central Asia

Planning for ‘Cyber Fallout’ After the Iranian Nuclear Deal (Just Security) Post-nuclear deal Iran presents a unique cyber threat that requires understanding not only of technical capabilities but also cultural context. We need both to build an effective cyber strategy that will ‘defend forward' -- By Jessica 'Zhanna' Malekos Smith

FDA Warns of Flaws in Medtronic Programmers (SecurityWeek) A vulnerability in the software update process of certain Medtronic Programmer models has determined the company to block the functionality on some devices

New iPhone Passcode Bypass Method Found Days After Patch (SecurityWeek) A new iPhone passcode bypass method that works on the latest version of iOS was disclosed just days after Apple patched a similar vulnerability

Hackers tamper with exploit chain to drop Agent Tesla, circumvent antivirus solutions (ZDNet) A new campaign is spreading information-stealing malware including Agent Tesla and Loki.

Malicious RTF Documents Deliver Information Stealers (SecurityWeek) A newly discovered infection campaign is leveraging malicious RTF files to deliver information-stealing Trojans without being detected

In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack (The first stop for security news | Threatpost) The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority.

Feds Investigate After Hackers Attack Water Utility (SecurityWeek) Federal and state officials are working with Onslow Water and Sewer Authority after hackers attacked some of its computer systems.

Researchers expose security vulnerabilities in terahertz data links (Help Net Security) Researchers have successfully challenged terahertz data links security. It is possible for an eavesdropper to intercept a signal without detection.

Facebook data breach: Victims will not be offered free identity theft protection (Help Net Security) Facebook announced that the recent data breach it has suffered is a little less massive than initially thought: "only" 30 million users have been affected.

Facebook hack affected 3 million in Europe, creating the first big test for privacy regulation there (CNBC) A spokesperson for the Irish Data Protection Commission told CNBC on Tuesday that the Facebook security breach in September, in which hackers accessed information from user accounts, affected 3 million European citizens. 

Apple ‘Deeply Apologetic’ Over Account Hacks in China (WSJ) Apple apologized over the hacking of some Chinese accounts in phishing scams, almost a week after it emerged that stolen Apple IDs had been used to swipe customer funds.

Outage pulls the plug on YouTube, YouTube TV and YouTube Music (Engadget) It's not just you -- YouTube has been down since about 9:20 PM ET.

Text Bomb Causing PS4 to Crash (HackRead) Sony’s most prestigious gaming console till date PlayStation 4 or PS4 contains a bug that exploits and crashes the console through a text message. It is believed that malicious threat actors are sending infected messages to the console to crash it.

No, your Twitter was not hacked (TechCrunch) Twitter users on iOS were hit with a strange bug today. Instead of receiving notifications that included the tweet itself, they received a string of alphanumeric characters. The issue only affected iOS users, we confirmed with the company, and has since been resolved. Twitter was quick to address t…

Twitter Is Spamming Users With Unexplained Notifications And Everyone Is Losing Their Minds (Motherboard) Twitter is sending out strange notifications to users, and no one knows what's going on.

Security Patches, Mitigations, and Software Updates

Guidance on Oracle October 2018 Critical Patch Update (Waratek) The final Oracle Critical Patch Update (CPU) of 2018 fixes 12 Java SE-related vulnerabilities and a dozen new WebLogic flaws, part of the 301 patches across Oracle’s product set.

Major Browsers to Kill TLS 1.0, 1.1 (SecurityWeek) All major web browsers will deprecate support for the older Transport Layer Security (TLS) 1.0 and 1.1 protocols in the first half of 2020

Cisco says WebEx is totally fixed now (except for two problems) (CRN Australia) Outage and subsequent wobbles lasted 20 days.

Sony Fixed a Bug That Allowed Players to Crash PlayStations by Sending Them Messages (Motherboard) The PlayStation unicode glitch is a new spin on an old prank.

Cyber Trends

(ISC)2 Report Finds Cybersecurity Workforce Gap Has Increased to More Than 2.9 Million Globally (PR Newswire) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today announced...

Exploring the current state of employee knowledge in cybersecurity and data privacy (Help Net Security) In an age where our society is increasingly digitally connected, cybersecurity and data privacy are significant, real-time threats.

Tech Support Victims Fall as Consumers Get Savvy (Infosecurity Magazine) Microsoft stats also reveal fall in number losing money

6 Reasons Why Employees Violate Security Policies (Dark Reading) Get into their heads to find out why they're flouting your corporate cybersecurity rules.

Execs Fear Orgs Unprepared for Incident Response (Infosecurity Magazine) Lack of practicing cyber war games leaves employees at a loss when it comes to incident response, says Deloitte.

Marketplace

Cybersecurity Salaries Rise 6% in One Year (Infosecurity Magazine) Wage rise is double the national average

Jack Dorsey on Twitter's Role in Free Speech and Filter Bubbles (WIRED) The Twitter CEO talks with WIRED Editor-in-Chief Nicholas Thompson about how the social media service is different today than 12 years ago.

Facebook Expands Efforts to Squash Voter Suppression (Threatpost) The social network will crack down on those spreading disinformation in an effort to keep people away from the polls.

Facebook rolls out checks for UK political ads (TechCrunch) Facebook has announced it rolled out a system of checks on political ads run on its platform in the UK which requires advertisers to verify their identity and location to try to make it harder for foreign actors to meddle in domestic elections and referenda. This follows similar rollouts of politic…

Facebook News Feed now downranks sites with stolen content (TechCrunch) Facebook is demoting trashy news publishers and other websites that illicitly scrape and republish content from other sources with little or no modification. Today it exclusively told TechCrunch that it will show links less prominently in the News Feed if they have a combination of this new signal …

Rapid7 Acquires tCell (Dark Reading) The purchase brings together a cloud security platform with a web application firewall.

ZenMate Acquired by Kape Technologies (PR Newswire) ZenMate (www.zenmate.com), the leading VPN service provider owned by the internet security company ZenGuard...

UK Cybersecurity Startup Garrison Secures £23 Million Funding (Computer Business Review) The Garrison funding will be used to expand sales and marketing, grow engineering team, and enhance “safe web browsing as a service” cloud offering.

Exertis rebrands acquired US firm in the UK and Europe (CRN) Stampede becomes Exertis Pro AV Solutions

CensorNet guns for UK growth with move to two-tier channel (CRN) Security vendor appoints Infinigate as part of strategy to grow channel business.

Products, Services, and Solutions

Webroot Enters VPN Space, Launches Webroot® WiFi Security (PRNewswire) Webroot, the Smarter Cybersecurity® company, announced the launch of Webroot WiFi Security, a virtual private network (VPN) that provides security and privacy for users who connect to WiFi networks.

Why Should You Trust VyprVPN? (Golden Frog) The Center for Democracy and Technology (CDT) created an independent vetting process & standards to hold VPN companies to. Read more about VyprVPN and why you can find our service trustworthy.

How one company's software solution has stepped up the game against end node threats (Armarius) Armarius believes that understanding and controlling user behavior makes security compliance truly achievable. If you know how your employees use their computers, and they are locked down based on defined rules, then their adherence to their companies polices can be ensured.

Ayehu Announces Free 30-day Trial Availability of its Newly Enhanced Next Generation Intelligent IT Automation and Orchestration Platform (GlobeNewswire News Room) The Free Trial Version Featuring an Enhanced Workflow Designer and AI-Powered Automation Engine is Now Available for Download from the Ayehu Website

Tripwire Enterprise Now Fully Integrates Lastline Advanced Malware Threat Detection (Digital Journal) solutions for enterprises and industrial organizations, announced with

RiskRecon invents asset risk valuation algorithms (Help Net Security) New algorithms solve the cyber risk equation by automatically determining the risk value of computer systems, enabling cyber risk assessment and action.

Telit introduces new smaller IoT form factor module family (Help Net Security) Telit's xE310 form factor family meets the demand for wearable medical devices, fitness trackers, sensors, smart metering, and other applications.

Bacula Systems Introduces Native Backup and Recovery for Red Hat Virtualization (Digital Journal) Open Source-based Bacula Enterprise Edition version 10.2 adds advanced-functionality to Backup and Restore for Red Hat Virtualization

New IBM Security Platform Connects Data, Tools From Several Vendors (SecurityWeek) IBM Security Connect is a new cloud platform that brings together data, applications and tools from over a dozen vendors

It turns out that Facebook could in fact use data collected from its Portal in-home video device to target you with ads (Recode) Who you call and what apps you use could determine what ads you see.

Facebook may not be free, but paying with your data isn’t wrong (The Telegraph) If the data-slurping business models of Facebook and Google make you a little uneasy, then you should probably steer clear of Shiru Cafe.

Akamai Bolsters Intelligent Edge Platform With Focus on Security, Latency (Sports Video Group) After disclosing some new features with Sports Video Group at last month’s IBC 2018, Akamai followed up last week with more details on enhancements ...

Duo Security and Exabeam Partner to Expedite User-Based Threat Detection and Response (Duo Security) Duo Security and Exabeam have partnered to enhance and accelerate organizations’ threat protection with data-rich automated monitoring and incident response.

DataLocker Sentry K300 features encrypted micro SSD keypad flash drive (Help Net Security) DataLocker Sentry K300 is the next generation of DataLocker’s encrypted storage solutions that uses alpha-numeric keypads for secure access to data.

BestCrypt Explorer: Create and access storage space for data encryption on Android (Help Net Security) BestCrypt Explorer is an Android file manager that ensures a safer file storage ecosystem for customers on computers, mobile devices and cloud.

Zyxel launches SD-WAN solution for SMBs and MSPs (Help Net Security) Zyxel launches SD-WAN solution giving enterprise-class network performance, stability, security to SMBs and Managed Service Providers.

ISARA Corp. Introduces Catalyst™ Agile Digital Certificate Technology to Ease Transition to Quantum-Safe Future (BusinessWire) ISARA Corp., the world’s leading provider of agile quantum-safe security solutions, today announced the launch of ISARA Catalyst™ Agile Digital Certif

Nebbex™, a revolutionary new semi-decentralised vault, aims at solving the problem of asset losses from hacking which is af... (ADVFN) Nebbex™, a revolutionary new semi-decentralised vault, aims at solving the problem of asset losses from hacking which is af...

Technologies, Techniques, and Standards

An Army Veteran Wages War on Social-Media Disinformation (Wall Street Journal) Kris Goldsmith has become the cybersleuth for the Vietnam Veterans of America, hunting fake Facebook pages that sow discord and often have roots overseas.

Signals of Trustworthy VPNs – Questions for VPN Services (Center for Democracy & Technology) A list of questions that a trustworthy VPN service should be able to answer honestly, clearly, and thoroughly, signaling the provider’s commitment to earning user trust. The goal of these questions is to improve transparency among VPN services and to provide a way for users to easily compare privacy, security, and data use practices.

UK Launches “World First” IoT Code of Practice (Infosecurity Magazine) Experts caution it doesn’t go far enough

How To Use an Offensive Approach to Improve Enterprise Security (eSecurity Planet) Find out how the CISO of an infamously breached website uses an Offensive Risk Management approach to improve the security of his organization.

Legacy government networks stifle cloud migration (Help Net Security) Most government agencies’ legacy network infrastructures are not prepared to keep pace with the changing demands of cloud and hybrid networks.

You are who you say you are: Establishing digital trust with the blockchain (Help Net Security) While blockchain-based identity can disrupt the way users identify themselves, it will not replace all existing enterprise identity management systems.

Spies Among Us: Tracking, IoT & the Truly Inside Threat (Dark Reading) In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.

Why we need to bridge the gap between IT operations and IT security (Help Net Security) Nearly two out of three say complexity in deployment and complexity in daily use are the biggest hindrances in security tool effectiveness.

Protecting applications from malicious scripts (Help Net Security) The solution to preventing these kinds of attacks is to avoid giving client applications, such as web browsers, bad code to run in the first place.

How corporate boards are navigating cybersecurity risks and data privacy (Help Net Security) Developing a strategic path for an organization's digital transformation and devoting board oversight to cybersecurity and data privacy are now essential.

Few organizations use cyber wargaming to practice response plan (Help Net Security) Nearly half (46 percent) of executive-level respondents to a Deloitte poll say their organizations have experienced a cybersecurity incident over the past

Design and Innovation

Facebook’s former security chief warns of tech’s ‘negative impacts’ — and has a plan to help solve them (Washington Post) Facebook's former security chief plans to launch an institute at Stanford University to help technology companies and the public work together to solve the negative effects technology can have on society.

Collection Strategies: The Key Differentiator Among Threat Intelligence Vendors (SecurityWeek) Evaluating a threat intelligence vendor’s collection strategy effectively is a complex process that requires far more than simply obtaining the answers to the questions outlined above.

Google Tests of a Censored Chinese Search Engine Went Well (WIRED) At WIRED's 25th anniversary festival, Google CEO Sundar Pichai said the company would be able to serve more than 99 percent of queries.

Startup Puts Quantum Security on USB, Dongles (Semiconductor Engineering) Taking quantum-mechanical principles and dragging them kicking and screaming into the real world.

Is this the simple solution to password re-use? (Naked Security) Researchers concluded that passphrase requirements such as a 15-character minimum length deter the majority users from reusing them on other sites.

Research and Development

Pentagon Criticized for ‘Spray and Pray’ Approach to Innovation (Foreign Policy) A prominent tech leader says the Defense Department’s investment strategy hampers its ability to compete with China on military innovation.

Legislation, Policy, and Regulation

EU-U.S. Cyber Dialogue Joint Elements Statement (U.S. Department of State) On the occasion of the fifth meeting of the EU-U.S. Cyber Dialogue in Brussels on 10 September 2018, the European Union (EU) and United States reaffirmed their strong partnership in favour of a global, open, stable and secure cyberspace where the rule of law fully applies, where the same rights that individuals have offline are protected online, and where the security, economic growth, prosperity, and integrity of free and democratic societies is promoted and preserved.

Russia’s Strategy, ISIS’ Future & Countering China: CJCS Dunford Speaks (Breaking Defense) Gen. Joe Dunford, Chairman of the Joint Chiefs Staff, spoke last week with a small group of traveling reporters after attending a conference of NATO Military Chiefs in Warsaw...

After 2012 hack, Saudia Arabia relied on US contractors (Fifth Domain) The extent of Saudi Arabia’s reliance on western cybersecurity contractors appears to be extensive.

SEC Calls for Better Accounting Controls as Cyber Scams Increase (WSJ) Public companies that are easy targets of cyber scams could be in violation of accounting rules that call for firms to safeguard assets, the Securities and Exchange Commission said.

Privacy Regulation Could Be a Test for States’ Rights (Threatpost) As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption.

Status of Implementation of PPD-28: Response to the PCLOB’s Report, October 2018 (IC on the Record) Today, ODNI is releasing the report “Status of Implementation of PPD-28: Response to the PCLOB’s Report, October 2018” prepared by ODNI’s Office of Civil Liberties, Privacy, and Transparency (CLPT) in consultation with other relevant ODNI components and relevant elements of the Intelligence Community (IC). This report outlines the status of the IC’s implementation of Presidential Policy Directive-28, Signals Intelligence (PPD-28), and responds to the report on PPD-28 by the Privacy and Civil Liberties Oversight Board (PCLOB).  Today , the PCLOB released its report, in redacted form, and it was posted on PCLOB’s public website...

Litigation, Investigation, and Law Enforcement

Mueller Ready to Deliver Key Findings in His Trump Probe, Sources Say (Bloomberg) Rosenstein is pressing Mueller to wrap it up, official says

House Russia-probe witness invokes Fifth Amendment as Trump urges firing of DOJ official connected to dossier (Washington Post) The president appeared to be urging the attorney general to fire Bruce Ohr, on a day when Fusion GPS co-founder Glenn Simpson’s attorney and Trump’s GOP allies jousted on Capitol Hill.

Colorado’s “Strong Arm” law firm sues Facebook, seeks compensation in latest hack attack (The Denver Post) A Colorado law firm that advertises as ‘The Strong Arm’ is looking to wrestle Facebook in court over the latest breach of users’ personal information.

Advertisers Allege Facebook Failed to Disclose Key Metric Error for More Than a Year (Wall Street Journal) Facebook knew of problems with how it measured viewership of video ads for more than a year before it disclosed them in 2016, according to a complaint filed Tuesday by some advertisers.

Judge denies Qualcomm, FTC request for more time to reach a settlement in antitrust lawsuit (San Diego Union Tribune) Both sides request a delay in a key ruling to explore a deal, but a federal judge in San Jose denies the request.

Why the class action against Google for misuse of personal internet data was rejected by the Court (Computing) Rory Lynch, a solicitor in the media team at law firm Seddons, discusses a recent English High Court decision to stop a class action lawsuit brought against Google,

Google to charge a licensing fee for Android apps in Europe (Computing) Google responds to anti-trust fine over bundling of apps with Android by levying licence fee for apps in the EEA,

Will the Saudis’ Khashoggi Confession Get Them Off the Hook? (Foreign Policy) By claiming they were only trying to abduct the journalist, they’re hoping to draw a moral equivalence with U.S. renditions.

Judge rules against voting security advocates in Tennessee (AP NEWS) A federal judge declined Tuesday to order election officials in Tennessee's largest county to perform rigorous safeguards to its voting systems ahead of early voting for the November elections. U.S. District Judge Thomas Parker denied a request for an order requiring that the Shelby County Election Commission ask the U.S. Department of Homeland Security to perform risk and vulnerability assessments on electronic voting systems.

21-year-old who created powerful RAT software sentenced to 30 months (Ars Technica) DOJ says Colton Grubbs "has no respect for the law."

Iran says it killed 'mastermind' behind military parade attack (TheHill) Iran's Revolutionary Guard said Tuesday that it had killed Abu Zaha, the alleged "mastermind" behind an attack on a military parade last month.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

SecurityWeek 2018 Industrial Control Systems (ICS) Cyber Security Conference
Join the Cybersecurity Assoc. of Maryland and Universities at Shady Grove for the Nov. 9 cybersecurity career and education fair

Upcoming Events

FAIRCON18 (Pittsburgh, Pennsylvnia, USA, October 14 - 18, 2018) Focused on advancing cyber, operational risk management.The event will feature in-depth training seminars, insightful presentations from industry leaders, candid executive and practitioner-led discussions and keynotes aimed at driving awareness, knowledge and the development of operational blueprints for building quantitative risk management programs. FAIRCON18 will attract C-suite officers and practitioners responsible for information and operational risk management decisions. The event will unite leaders in information and operational risk management to explore FAIR best practices that produce greater value and alignment with business goals.

FAIRCON18 (Pittsburgh, Pennsylvania, USA, October 16 - 17, 2018) Hosted by the FAIR Institute and Carnegie Mellon University’s Software Engineering Institute (SEI) and the Heinz College of Information Systems and Public Policy, the 2018 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater value and alignment with business goals. Large enterprises and government organizations are creating breakthroughs in the management of information and operational risk that enable business-aligned communication, cost-effective decision-making and ultimately managing what matters. Interested in on-site FAIR training? Head to FAIRCON18 early to attend an on-site FAIR Analysis Fundamentals Course, October 14-15, for those that elect to partake in this optional conference add-on. The FAIR Institute is an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard information and operational risk management practices in a movement central to “cyber risk economics,” the revolutionary approach to measuring and managing information risk enabled by the Factor Analysis of Information Risk (FAIR) model.

PCI Security Standards Europe Community Meeting (London, England, UK, October 16 - 18, 2018) The PCI Security Standards Council’s 2018 Europe Community Meeting is THE place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches. Don’t miss out!

SecureWorld Cincinnati (Cincinnati, Ohio, USA, October 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

2018 ISSA International Conference (Atlanta, Georgia, USA, October 17 - 18, 2018) Join us for solution oriented, proactive and innovative sessions focused on Securing Tomorrow Today. Every day, cyber threats become increasingly intricate and difficult to detect. No cyber security professional can become an expert on these dangers without continued efforts to educate themselves on the industry’s latest trends and technologies. We look forward to welcoming you and over 1,000 of your colleagues and peers in Atlanta as we discuss topics ranging from incident response, to emerging technologies, to business skills for the information security professional. Join us at the 2018 ISSA International Conference and we’ll help you prepare to Secure Tomorrow Today.

Fifth Annual Cyber Warfare Symposium (New York, New York, USA, October 18, 2018) The Fifth Annual Cyber Warfare Symposium is an annual one-day event presented by the Journal of Law & Cyber Warfare in conjunction with academia, government and private industry organizations at NYU School of Law in New York City. The theme, “Attend. Engage. Learn,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side.

5th Annual Women in Cyber Security Reception (Washington, DC, United States, October 18, 2018) This annual networking event highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships and build new ones. - See more at: https://thecyberwire.com/events/s/5th-annual-women-in-cyber-security-reception.html

National Insider Threat Special Interest Group (NITSIG) - Insider Threat Symposium & Expo (Laurel, Maryland, USA, October 19, 2018) The NITSIG will hold an Insider Threat Symposium & Expo (ITS&E), on October 19, 2018, at the Johns Hopkins University Applied Physics Laboratory, in Laurel, Maryland. This is a must attend event if you are involved in Insider Threat Program (ITP) Management or Insider Threat Risk Mitigation. We have some outstanding speakers lined up with hands-on experience: Insider Threat Risk Mitigation Subject Matter Experts, managing or supporting ITPs, who work for the US Government, Defense contractors and private sector businesses. The symposium and expo will focus on, and provide guidance on developing, managing or enhancing an Insider Threat Program (ITP) / ITP Working Group, ITP Unintended Impacts / Consequences / Challenges, Insider Threat Fraud, Employee Threat Identification and Mitigation, Employee User Activity Monitoring, Protecting Controlled Unclassified Information and more.

2018 ICS Cyber Security Conference USA (Atlanta, Georgia, USA, October 22 - 25, 2018) SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS cyber security stakeholders across various industries and attracts operations and control engineers, IT, government, vendors and academics. Over the years, the focus of the conference has shifted from raising awareness towards sharing security event histories and discussing solutions and protection strategies. As the original cybersecurity conference for the industrial control systems sector, the events cater to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations.

Energy Tech 2018 (Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security and Policy. In 2018, we continue to expand our collaboration effort with professional societies including InfraGard, IEEE, SAE, AIAA, PMI, and others, to join in advancing the technology and system integration of these complex domains, and managing the risk scenarios confronting civilizations.

Cryptocurrency, Cybersecurity and the Law (Annandale, VIrginia, USA, October 24, 2018) Legal and security considerations for users of cryptocurrencies and blockchain technology.

Global Resilience Federation Summit on Third-Party Risk (Leesburg, Virginia, USA, October 24 - 26, 2018) The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management teams, and provide a platform for security leaders to share expertise and learn from each other to improve holistic security. The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. Space is limited for this complimentary event, and registration will be capped and by-approval only. Attendees will include ISAC/ISAO member organizations plus third-party vendors and suppliers.

Wild West Hackin’ Fest (Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event even better! As with last year, this IT Security conference promises to be the most hands-on, activity-driven con you can attend! We want this conference to be the most hands-on, activity-driven con you’ve been to yet! Never worked with a JTAG? You will. Never done a single thing with Software Defined Radio? You will. We will be having an SDR village and a hardware hacking village, among some other great events. The skills you learn here will be directly applicable to your job immediately when you get back to work… or home. We listened to your feedback and this year we’re adding even more lab time, so you can go to as many talks as you can fit AND also do all the activities. This Year’s Theme: Mining.

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be engaging round table debates with industry experts, colleagues and peers. The Symposium began with the inaugural conference in San Francisco March 2018. The conference focused on IoT Security, Secure Payments, Medical Device Security, Smart Cities, Block chain and other topics centered around IoT Security. As the world continues to become more connected, 20+ Billion IoT devices, protecting our devices and systems are critical. Linked devices (vehicles, computers, phones, industrial systems, personal assistants, homes, etc.), user identity and authentication all need a high level of security. As hacking, phishing, DDOS and ransomware continue to increase, one thing is certain: Securing The Internet of Things is critical to our survival!

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire, Inc.