Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.
March 2, 2016.
By The CyberWire Staff
US NSA Director Rogers warned yesterday that the US should expect, as a matter of practical certainty, to sustain infrastructure attacks at least as damaging as December's disruption of electrical power in Ukraine.
The widely expected and hitherto mysterious OpenSSL patch arrived yesterday, and all now know what was being plugged: a TLS/SSL vulnerability now being called "DROWN" (a forced acronym derived from Decrypting RSA using Obsolete and Weakened eNcryption). It's generally regarded as serious: about a third of all https servers are thought to be susceptible to DROWN attacks, which depend upon the old EXPORT_GRADE backdoor formerly mandated for US-made security products.
TrendLabs finds a new variant of the BIFROS Trojan designed for deployment against Unix (and "Unix-like") systems. They attribute the development to the threat actors behind the "Shrouded Crossbow" campaign.
A group of Turkish hackers has claimed responsibility for the ransomware attack on Hollywood Presbyterian Medical Center. While the motive behind the attack seems clear enough—criminal extortion—those claiming responsibility cloak themselves in a nationalist mantle: they were also protesting American friendliness toward Kurds. (Sez they.)
Verizon releases a breach report with a difference: it doesn't replace the company's existing well-known annual report, but it supplements statistical treatment with instructive case studies.
In the UK, the Government prepares a new version of its surveillance bill. The Apple-FBI case is being closely watched in Europe, where observers fear it will have implications for the implementation of Privacy Shield. Partisans of both sides square off in Congressional testimony.
Today's issue includes events affecting Afghanistan, China, European Union, India, Iran, Pakistan, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.
2016 National Conference of Minority Cybersecurity Professionals(Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.
Women in Cybersecurity (WiCYS) 2016(Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.
Cryptography Pioneers Win Turing Award(New York Times) In 1970, a Stanford artificial intelligence researcher named John McCarthy returned from a conference in Bordeaux, France, where he had presented a paper on the possibility of a “Home Information Terminal"
CISOs Still Frozen Out of the Boardroom(Infosecurity Magazine) Cybersecurity is now front and center on organizations’ boardroom agendas (and budgets), but staffing shortages and lack of expertise persists, and most chief information security officers (CISOs) have yet to earn a seat at the table
Is Your CISO Out of Place?(IBM Security Intelligence Blog) There’s a good reason why Fast Company called the job of chief information security officer (CISO) the “hottest seat in corporate America today"
ForgeRock Wins Cyber Defense Magazine Award 2016(CSO) ForgeRock®, the leading open platform provider of identity management solutions, today announced that its ForgeRock Identity Platform™ has been recognised in the 2016 Cyber Defense Magazine Awards as “Best Product” in the Identity Access Management Solution Category
BluVector 2.0: Machine-learning malware detection(Help Net Security) At RSA Conference 2016 Acuity Solutions announced the release of version 2.0 of BluVector, its machine-learning malware detection and cyber hunting solution, which now provides to enterprises the ability to train their BluVector appliance on their environment through a new artificial intelligence capability
Islamic State group in competition for recruits in Pakistan(AP) Trying to lure him into the Islamic State group, the would-be recruiter told Pakistani journalist Hasan Abdullah, "Brother, you could be such an asset to the Ummah"— the Islamic community. Abdullah replied that he was enjoying life and had no plans to join the jihadis
Attack of the week: DROWN(A Few Thoughts on Cryptographic Engineering) To every thing there is a season. And in the world of cryptography, today we have the first signs of the season of TLS vulnerabilities
HackingTeam Releases New Malware Targeting Mac(Softpedia) For the past few weeks, security researchers from Palo Alto Networks, SentinelOne, and Synack have been analyzing a new malware sample targeting Mac OS X, which appears to be the work of the infamous HackingTeam
DDoS, Web Attacks Surge; Repeat Attacks Become the Norm(CSO) Akamai has announced the availability of the Q4 2015 State of the Internet – Security Report. The quarterly report provides analysis and insight into malicious activity observed across the Akamai Intelligent Platform™ and provides a detailed view of the global cloud security threat landscape
Companies are realizing that security and privacy go hand in hand(Help Net Security) 50 percent of companies over the past two years have increased the involvement of privacy professionals on their information security teams to enhance the prevention of data breaches, a joint study released at RSA Conference by the International Association of Privacy Professionals (IAPP) and TRUSTe has found
World’s 10 Hottest Cybersecurity Companies to Watch in 2016(Information Security Buzz) Cybersecurity Ventures announces the Cyber Top 10 for 2016, a global compilation of the leading companies who provide cybersecurity solutions and services. The ten companies sit atop the Cybersecurity 500, which is published quarterly by Cybersecurity Ventures
AVG Technologies Announces Second Tranche of Share Repurchase Program(PRNewswire) AVG® Technologies N.V. (NYSE: AVG), the online security company™, announced today the second tranche of its previously announced 1,666,667 share repurchase program intended to cover AVG's obligations to deliver shares under its employee stock options incentive and restricted share units plans, as announced on November 9, 2015 and subsequently on December 17, 2015
Engility taps former Raytheon exec as new CEO(Boston Business Journal) Engility Holdings Inc. (NYSE: EGL) said Tuesday it has hired board member and longtime defense industry vet Lynn Dugle as its new CEO as Tony Smeraglinolo has stepped down effective immediately
Britain floats revised bill for broad surveillance powers(SC Magazine) Britain floated revised legislation on Tuesday that would grant authorities wide-ranging surveillance powers including the right to see which websites people visit, saying the modified bill addressed concerns about threats to privacy
Apple lawyer, FBI director face off in Congress on iPhone encryption(Reuters) FBI Director James Comey told a congressional panel on Tuesday that a final court ruling forcing Apple Inc (AAPL.O) to give the FBI data from an iPhone used by one of the San Bernardino shooters would be “potentially precedential” in other cases where the agency might request similar cooperation from technology companies
F.B.I. Error Locked San Bernardino Attacker’s iPhone(New York Times) The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...
RSA Conference 2016(San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016
Cybersecurity: Defense Sector Summit(Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...
International Academic Business Conference(New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...
CISO Chicago Summit(Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...
Navigating Summit 2016(Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...
CISO Atlanta Summit(Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...
The Atlantic Council's Cyber 9/12 Student Challenge(Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...
SANS 2016(Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21
Pwn2Own 2016(Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...
Insider Threat Symposium & Expo™(San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...
ICCWS 2016(Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security
CISO Summit France(Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...
Risk Management Summit(New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...
Artificial Intelligence and Autonomous Robotics(Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...
Commonwealth Cybersecurity Forum 2016(London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...
Black Hat Asia 2016(Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...
SecureWorld Boston(Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...
Insider Threat Summit(Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...
TU-Automotive Cybersecurity USA 2016(Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.
Women in Cyber Security 2016(Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.