skip navigation

More signal. Less noise.

Daily briefing.

PriceWaterhouseCoopers and BAE are reporting a surge in Chinese government cyberespionage. "Operation Cloudhopper" is said to be targeting cloud and managed service providers with the goal of gathering information on their customers, including not only companies, but also diplomatic services. As has so often been the case with Chinese operations, the espionage extends beyond intelligence collection to theft of intellectual property. British targets are thought to be particularly affected, but the campaign is multinational in scope, and a comparable operation is being run simultaneously against Japanese targets. PWC and BAE have been tracking the operation since late last year, and they identify the specific threat actor as APT10 (also known as "Red Apollo," "CVNX," and "Stone Panda").

Lookout's report on Chrysaor, the Android version of Pegasus, is out and worth a look. Pegasus is a spyware product for lawful intercept uses produced by NSO Group. Pegasus came under scrutiny during investigation of surveillance of journalists, activists, and dissidents by various regimes, most famously in the United Arab Emirates. Lookout worked with Google on Chrysaor; it had earlier worked with Citizen Lab on Pegasus.

Microsoft has announced that, later this month, it will add Advanced Threat Protection Safe Links to Word, Excel, and PowerPoint, and that Office 365 will receive an upgraded Advanced Data Governance and Threat Intelligence package.

The No More Ransom platform has added fifteen ransomware decryption tools to its suite. AVAST, Bitdefender, CERT Polska, Check Point, Eleven Paths, Emsisoft, and Kaspersky have contributed decryptors. Bravo to them all.

Notes.

Today's issue includes events affecting Austria, Bangladesh, Brazil, China, Estonia, Finland, Germany, India, Ireland, Israel, Latvia, Lithuania, Philippines, Poland, Russia, Spain, Sweden, United Arab Emirates, United Kingdom, United States.

In today's podcast we hear from our partners at Level 3, as Dale Drew describes security ecosystem disruption. Our guest is Michelle Dennedy from Cisco, interviewed at WiCyS, on her work as Chief Privacy Officer and her experience being a woman working in cyber security.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security.

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Hear stories of triumph and tribulation, advice and inspiration from some of Maryland’s diverse and dynamic female cybersecurity professionals. Join us in-person for this free event or register to view the live stream online.

2nd Annual Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June. Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!

Dateline SeaAirSpace

U.S. Remains Largely Reactive to Cyber Threats (Seapower) At least four U.S. adversaries are developing “very thoughtful” cyber campaigns aimed at the United States, the commander of the U.S. Cyber Mission Force said April 4.

Service Vice Chiefs Press the Need for Funding Certainty, Expanding Cyber Security (Seapower) The pressing needs for the three naval services and the maritime industry are greater budget certainty, reversing the erosion in their readiness to meet global challenges, and expanding and modernizing their shrunken and badly aged forces, all of which would be made much harder if Congress relies on a continuing resolution (CR) for the rest of the fiscal year, their senior leaders said April 3.

New Nuclear C2 Should Be Distributed & Multi-Domain: STRATCOM Deputy (Breaking Defense) Just like the individual ICBMs, bombers, and submarines it oversees, the nation’s nuclear command-and-control architecture is aging Cold War tech that needs replacement. But if we just build newer versions of today’s command posts, communications networks, satellites, and so on, we’ll miss a major opportunity.

Cyber Situational Awareness for Aircrews (The CyberWire) Retired admiral William E. (Bill) Leigher, Raytheon's Government Cyber Solutions Director, characterizes a principal challenge of aircraft cybersecurity like this: "buses were build to trust everything that comes over them." In this respect at least, the challenge bears some interesting similarities to those encountered in securing the industrial Internet-of-things.

NAVAIR Training Systems Division Collaborates Across Service Lines (Seapower) Surrounding the Naval Air Systems Command (NAVAIR) Training Systems Division headquarters in Orlando, Fla., a community of industry and academia has formed into somewhat of a de facto campus, dedicated to improving training systems.

Coming soon: Sweeping personnel changes for Marine cyber operators (Marine Corps Times) The Marine Corps is creating a new occupational field and military occupational specialties for cyber.

USMC Won’t Let Standards Slip for New Cyber Marines (USNI News) The Marine Corps top cyber leader said it wasn’t going to lower physical standards to allow more candidates for its new cyber MOS. “First be a Marine, then a rifleman” and finally a cyber warrior, Maj. Gen. Lori Reynolds said on Tuesday at the Navy League’s 2017 Sea Air Space exposition.

Zukunft: Coast Guard Continues to ‘Punch Above its Weight’ (Seapower) After outlining a range of Coast Guard priorities and challenges in the near and long term, Adm. Paul F. Zukunft, commandant of the Coast Guard, capped his Sea Services Luncheon keynote address by reflecting on the enduring spirit and unwavering dedication of the men and women who serve in the smallest of the nation’s five military agencies.

Cool Capabilities: Sea Hunter, Tern on Display at Sea-Air-Space (Electronic Component News) Advanced software that can transform existing medium-sized vessels into unmanned ships able to autonomously complete naval missions. A four-legged, bio-inspired robot that can perform...

Cyber Attacks, Threats, and Vulnerabilities

'Serious' hack attacks from China targeting UK firms (BBC News) The hacking group is using tech service firms as a proxy to access data of its real targets.

Operation Cloud Hopper (PWC) Exposing a systematic hacking operation with an unprecedented web of global victims

Kaspersky: Lazarus launched global cyberattacks across sectors, hacking group still active (CIO Dive) Malware samples linked to Lazarus have appeared in financial institutions, casinos, software developers for investment companies and crypto-currency businesses around the globe.

Project Zero uncovers a nasty Wi-Fi chip exploit (TechCrunch) Google's Project Zero has been on a roll lately, unveiling sophisticated bugs in Cloudflare, LastPass and now Broadcom, a Wi-Fi chip supplier whose product is..

The Gap in ICS Cyber Security - Cyber Security of Level 1 Field Devices (Control Global) Failure or compromise of Level 1 devices can, and have, resulted in major catastrophic failures. Consequently, there needs to be more focus on securing and having situational awareness of Level 1 devices. Securing Level 1 devices requires an understanding of the devices and processes. A better understanding of Level 1 devices can help secure the IOT cloud as well as make facilities more reliable, safer, and secure.

IoT security in danger of being ignored, says Trend Micro (Security Brief) Organisations that install IoT technology also suffer by not ever using reinforced configurations, which means hackers can exploit significant holes.

What home products are most susceptible to cyber burglars? (CSO Online) In the matter of the Dyn situation, it was those Internet of Things devices that created the voluminous distributed denial of sevice attack. A DVR was used to attack Dyn’s network. To reduce the impact of such attacks, officials at InsuranceQuotes have noted some of the more popular smart home gadgets in your home that could be vulnerable.

Pegasus for Android: the other side of the story emerges (Lookout Blog) Today, Lookout and Google are releasing research into the Android version of one of the most sophisticated and targeted mobile attacks we’ve seen in the wild: Pegasus.

Google Just Found (Probably) The Most Dangerous Android Malware Ever Seen (Forbes) Google has uncovered the Android version of Pegasus, a mobile spyware created by NSO Group, an Israeli surveillance company considered the most advanced producer of mobile spyware on the planet.

Chrysaor Malware Found on Android Devices—Here's What You Should Know & How to Protect Yourself (Gadget Hacks) Chrysaor, a zero-day spyware believed to have been created by the Israeli "cyber war" group NSO, is an even greater threat to Android phones than it ever was to iOS. Related to the Pegasus hack that recently affected iPhones, Chrysaor is malware that baits the user into installing it.

Through inter-app data sharing, Android apps can get your data without permission (Help Net Security) A newly developed toolsuite can analyze Android apps and detect whether two or more of them can collude with each other to acquire information.

Latest numbers indicate Android is still the most targeted mobile device (Naked Security) The bad guys are increasingly using potentially unwanted applications to sneak past security defences, warns Sophos Labs

Phony VPN Services Are Cashing in on America's War on Privacy (Motherboard) Sad.

Samsung TVs Reportedly Ship With Major Hacking Flaws (Fortune) The reported problems affect the company's wearables, too.

45% of large British businesses sustained a successful ransomware attack (Help Net Security) Over a third of British businesses are not very confident that efforts to eradicate a recent ransomware attack from work systems have been successful.

Survey Highlights Downtime as a Key Cost of Ransomware Attacks (Yahoo! Finance) Imperva, Inc. , committed to protecting business-critical data and applications in the cloud and on-premises, today announced the results of a survey of 170 security professionals taken at RSA 2017, the world’s largest security conference, exploring their experiences with ransomware.

Lessons From Top-to-Bottom Compromise of Brazilian Bank (Threatpost) Hackers pulled off a stunning compromise of a Brazilian bank’s operations, gaining control of each of the bank’s 36 domains, corporate email and DNS.

Whitelists: The Holy Grail of Attackers (SANS Internet Storm Center) As a defender, take the time to put yourself in the place of a bad guy for a few minutes. You’re writing some malicious code and you need to download payloads from the Internet or hide your code on a website.

UW security researchers show that Google’s AI tool for video searching can be easily deceived (University of Washington) University of Washington researchers have shown that Google’s new tool that uses machine learning to automatically analyze and label video content can be deceived by inserting a photograph periodically and at a very low rate into videos.

Details Around Romanian Phishing Kit Creator, Campaign Revealed (Threatpost) Researchers at the Security Analyst Summit on Monday divulged details behind the alleged creator of a Romanian phishing kit.

Security Patches, Mitigations, and Software Updates

Windows Vista Reaches End of Life (Heimdal Security Blog) End of life means that Vista will no longer receive security updates. Here's why this matters for you and your security.

Microsoft will start blocking malicious links in Word, Excel, and PowerPoint (VentureBeat) Microsoft today announced that later this month it will introduce a new security feature in certain desktop apps for Office 365 ProPlus subscribers. Microsoft is taking its Advanced Threat Protection Safe Links feature, which prevents end users from unwittingly clicking on malicious links, and incorporating it into Word, Excel, and PowerPoint.

Microsoft announces several new enhancements to improve Office 365’s security and compliance capabilities (MSPoweruser) Microsoft today announced several new enhancements to improve Office 365’s security and compliance capabilities. Microsoft first announced the preview of Office 365 Advanced Data Governance and Threat Intelligence at RSA. Today, Microsoft announced the general availability of Office 365 Threat Intelligence. Threat Intelligence provides info about malware families, both inside and outside an organization, including breach …

Update your iPhone to avoid being hacked over Wi-Fi (Naked Security) Why risk breaking all the way into the phone if you can just hang around on the periphery and listen to all the data coming in and out?

Farmers go off-market to dig up patches for their tractors (Naked Security) Owners of John Deere tractors are the latest group to discover that they can’t do their own repairs thanks to proprietary software that limits fixes to approved outlets – so what does t…

Cyber Trends

What’s With The World’s C-Grade in Cybersecurity? (Business 2 Community) 2016 was a year of serious cybersecurity breaches all around the world, as can be seen in one glance at Information is Beautiful’s interactive graphic. No one was safe. Philippines’ Commission on…

What's the biggest threat? There's no easy answer, Fortinet finds (Security Brief) “What’s my biggest threat?” There is no one answer to that question, according to Fortinet’s latest Global Threat Landscape report.

Migrate, Manage, Protect: Organizations’ Journey to Productivity & Collaboration in the Cloud (Ave Point) The cloud is no longer an enterprise anomaly. Wherever you look—the public sector, Fortune 500 corporations, Main Street businesses—organizations are turning to cloud systems to scale their operations, increase their employees’ productivity, and facilitate innovation around their products, services, and customer experiences.

Cloud Security Report - Cybersecurity Insiders (Cybersecurity Insiders) The latest Cloud Security Report reveals that security concerns, lack of qualified security staff and outdated security tools remain the top issues keeping cyber security professionals up at night, while data breaches are at an all-time high.

Weak social network password security is more trouble than you think (Help Net Security) 53 percent of users haven't changed their social network passwords in more than one year – with 20 percent having never changed their passwords at all.

Bitglass Report: 87 Percent of Organizations Report Cyber Attacks as Breaches Surge in 2016 (Broadway World) Bitglass Report: 87 Percent of Organizations Report Cyber Attacks as Breaches Surge in 2016

Marketplace

TPG acquires Intel's McAfee cyber security unit (PE Hub) TPG Capital has closed its previously announced acquisition of a majority stake in Intel's McAfee cyber security unit in a deal that values the latter company at $4.2 billion. Intel will retain a 49 percent stake in the company while Thoma Bravo has joined as a minority investor.

Security Vendor McAfee Returns to Its Roots After Intel Spin-Out (Fortune) The security vendor is now its own company again.

McAfee boss Chris Young on what to expect from the 'new McAfee' (CRN Australia) Hitting the ground running as a US$2 billion security vendor.

Verizon's Oath for data privacy, data piracy (TheStreet) The sale of Yahoo!'s core assets nears as concerns on data marketing and cyber breaches mount.

The Wicks Group Invests in EZShield, Inc. (PRNewswire) EZShield, Inc. ("EZShield") announced that The Wicks Group of Companies...

Bury St Edmunds cyber security firm Foursys is acquired by Cheshire company Chess (East Anglian Daily Times) An award-winning cyber security firm based in Bury St Edmunds has been acquired by a Cheshire-based company.

What Makes Fortinet (FTNT) Stock a Potential Pick Right Now? (NASDAQ.com) The technology space continues to be investors' favorite due to its dynamic nature.

Better Buy: Palo Alto Networks Inc. vs. FireEye Inc. (The Motley Fool) Which unloved cybersecurity stock deserves some love?

A.M. BestTV: Data Drought Limiting Cyber Coverage Growth (Yahoo! Finance) In this A.M.BestTV episode, a report from the Deloitte Center for Financial Services says the growth of cyber coverage is limited on both sides: Click on http://www.ambest.com/v.asp?v=deloitte317 to view the entire program.

Kaspersky online security ad banned for 'normalising' sexting (Campaign) A TV ad for internet security brand Kaspersky has been banned by the ads watchdog after prompting dozens of complaints that the spot was "normalising" the practice of texting sexual images.

IoT garage door opener maker bricks customer’s product after bad review (Ars Technica) Startup tells customer “Your unit will be denied server connection.”

Products, Services, and Solutions

Barracuda Adds Advanced Threat Protection to SignNow E-Signature Platform (Barracuda) Barracuda (NYSE: CUDA) today announced updates to its SignNow e-signature platform designed to secure and simplify the workflow processes for enterprise customers.

Acclaim Consulting Group Grows API Management Practice to Support Increasing Client Demand for Digital Transformation and API Security (PRNewswire) Acclaim Consulting Group, Inc., a leading provider of Security, Identity,...

CISO Consulting Offers NIST SP 800-53A Revision 4 Data Assessments (Yahoo! Finance) CISO Consulting today introduced a new Assessment Service for those organizations concerned about and wanting to know their Information Security Program posture as it relates to the National Institute of Standards and Technology (NIST) Special Publication 800-53

Kensington Introduces ClickSafe 2.0 Keyed Laptop Lock, Allowing IT Administrators to Protect Multiple Devices - from Laptops to Projectors - Across Environments with One Single Key (PRNewswire) Kensington®, a worldwide leader of desktop computing and mobility...

Kensington Products Receive Prestigious Red Dot Design Award (NewsFactor Network) Two Kensington products, the Laptop Locking Station 2.0 and Ultimate Presenter, earned the prestigious Red Dot Product Design 2017 Award. Thousands of products globally were assessed.

Bitdefender app to help Windows users hit by Bart ransomware (iTWire) Security firm Bitdefender has released a free tool to help Windows users who have been hit by the Bart ransomware. The Bart Ransomware Decryption Tool...

Infinigate places bet on FireEye competitor LastLine (CRN) Distributor says recent deal it helped Lastline strike with UK bank helped prove the saleability of its malware defence technology,Security ,Infinigate,FireEye

ZENEDGE Expands Global Network Capacity Tenfold With Additional POPs In The US, Canada, Europe And Asia In Equinix Data Centers (Mondovisione) ZENEDGE, a leading provider of cloud-based, artificial intelligence (AI) driven Web Application Firewall (WAF), malicious bot detection and DDoS cybersecurity solutions, announced today a global network expansion with additional mega-POPs in the US, Canada, Europe, and Asia to accommodate unprecedented customer growth.

BlueCat Redefines Enterprise Security with BlueCat DNS Edge™ (PRNewswire) BlueCat, the Enterprise DNS company, today announced the launch of BlueCat DNS Edge. Managed in the cloud, BlueCat DNS Edge is a first-of-its-kind solution that uniquely leverages DNS data to identify and assess threats, and proactively works to block them before they can reach business-critical applications or data by driving policy down to DNS control points inside the network.

Corsa Appliance Spells a Quick End to DDoS Attacks (eSecurity Planet) The company's NSE7000 appliance can deflect DDoS attacks under a minute with a negligible impact on network performance.

This Company Will Create Your Own Tor Hidden Service (Motherboard) "People should be aware that tools like Tor exist and people shouldn't be scared of using technology such as Tor for good," the company owner told Motherboard.

Red Lambda Named a "Top 10 Cybersecurity Solution Provider" by Capital Markets CIO Outlook Magazine (Yahoo! Finance) Red Lambda, a leading provider of cybersecurity software , today announced that its MetaGrid solution has been selected as a "Top 10 Cybersecurity Solution ...

Technologies, Techniques, and Standards

15 new ransomware decryption tools added to No More Ransom (Help Net Security) Since December 2016, 15 ransomware decryption tools have been added to the platform, offering new decryption possibilities to the victims of ransomware.

Don't pay ransoms. But if you must, here's where to buy the Bitcoins (CSO Online) Ransomware grew into a $1 billion industry last year, and ransom payments now account for nearly 10 percent of the entire Bitcoin economy. Avoiding becoming part of that statistic requires good endpoint security and effective backups. But what if your defenses fail, your backups are inadequate, all attempts to restore the data fail, and you have to pay the ransom after all -- what do you do?

Privacy rollback can cause headaches for corporate security pros (CSO Online) Corporate security pros can add a new task to their busy days: handling panicky employees worried about privacy who are using the onion router (Tor) browser as a way to protect their online activity.

Design and Innovation

No Incentive? Algorand Blockchain Sparks Debate at Cryptography Event - CoinDesk (CoinDesk) Should incentives in blockchain systems be a last resort? The developer of the Algorand proof-of-stake system thinks so, but other experts disagree.

Academia

US Cyber Challenge: Cyber Quests Spring 2017 (US Cyber Challenge) Cyber Quests are a series of fun but challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security realms. Each quest features an artifact for analysis, along with a series of quiz questions. Some quests focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Other quests are focused around forensic analysis, packet capture analysis, and more.

Legislation, Policy, and Regulation

Wassenaar Arrangement: When small words have the power to shatter security (ZDNet) Katie Moussouris explains why a battle over wording could break the Internet's ability to defend itself.

WWW inventor Tim Berners-Lee opposes encryption backdoors (Help Net Security) Sir Tim Berners-Lee's opinions on things like online privacy and encryption backdoors should carry a lot more weight than those of most people.

Israeli summit deducts: Cyber terrorism world’s greatest threat (The Jerusalem Post) Rivlin: "The State Comptroller needs the skin of an elephant because nobody likes to be criticized."

Trump's erratic style could undermine China's agreement to stop hacking U.S. businesses (Los Angeles Times) Cyber security experts fear President Trump’s erratic style and free-form diplomacy could upend a cyber deal with China and unleash a new flood of hacks.

General: Cyber Command needs new platform before NSA split (FCW) U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

Lawmakers introduce bill to end warrantless phone searches at border (TheHill) Bill would require border agents to obtain warrant before searching Americans' phones.

FCC Privacy Rule Repeal Will Have Widespread Security Implications (Dark Reading) Concerns over the action are sending VPN sales soaring, some vendors say.

Minnesota pushes back against allowing ISPs to sell their users’ data (Naked Security) Bill would prohibit ISPs from refusing service to users who decline to share their data as Illinois ponders its own privacy-related legal moves

Are you ready for the internet of toll roads? (TechCrunch) With the appointment of Ajit Pai as the new FCC chairman and his public opposition to current regulations, the death of net neutrality is likely upon us.

White House Finds HHS Strengthening Cybersecurity Measures (HealthITSecurity) The White House's annual report to Congress on FISMA found that HHS has made several key improvements in its cybersecurity measures.

Litigation, Investigation, and Law Enforcement

Schiff: White House documents will be shown to intelligence panels (POLITICO) He said he would not comment on the content of the materials, noting they are classified.

Susan Rice: Allegations that Obama administration politicized intelligence 'absolutely false' (POLITICO) Conservative critics questioned whether she did so for political reasons, such as to spy on the Trump team, allegations that Rice flatly denied on Tuesday.

Susan Rice’s White House Unmasking: A Watergate-style Scandal (National Review) If Susan Rice unmasked Michael Flynn, she illegitimately assumed an authority that belongs to the FBI, CIA, and NSA.

Susan Rice Is Not Trump’s ‘Smoking Gun’ on Surveillance. That’s Not How It Works (WIRED) This is no "gotcha" moment in the Trump surveillance saga.

Susan Rice gets tangled up in her own statements about 'unmasking' Trump officials (Washington Examiner) First, Susan Rice denied any knowledge of unmasking the identities of Trump officials named in intelligence reports linked to the president's transition team. Then, the former national security adviser admitted that unmasking occurred, while insisting it wasn't for political purposes. What will the Obama administration official say next? If her Tuesday interview with MSNBC offers any answer, it's that Rice appears to shift her story in direct proportion to political pressure. In her most recent explanation, Rice explained to Andrea Mitchell, that from time to time the correspondence of private citizens would get swept up in legal surveillance of foreign actors. And occasionally when the redacted name of those persons was deemed pertinent to national security, she sometimes requested the unmasking of an individual.

I Hope Susan Rice Was Keeping Tabs on Trump’s Russia Ties (Slate Magazine) Not to do so would have been a dereliction of duty.

What is 'unmasking?' Susan Rice allegedly sought names of Trump associates under surveillance (Fox News) After FBI Director James Comey publicly acknowledged Monday the existence of an ongoing counterintelligence investigation into potential links between the Trump campaign and the Russian government, the White House introduced a new narrative to push back against the allegations.

Dual-Use Software Criminal Case Not So Novel (KrebsOnSecurity) “He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.” The above snippet is the subhead of a story published last month by the The Daily Beast titled, “FBI Arrests Hacker Who Hacked No One.” The subject of that piece — a 26-year-old American named Taylor Huddleston — faces felony hacking charges connected to two computer programs he authored and sold...

When social media surveillance gets it very wrong (Naked Security) A an exercise to identify protesters potentially hostile to police via their hashtags is a lesson in the unintended consequences of social media surveillance

Amid “muffled sobs,” ex-prosecutor pleads guilty to illegal wiretapping (Ars Technica) "I intentionally forged court orders that allowed me to wiretap cellphones…"

Uber’s Levandowski really doesn’t want to talk about any Waymo documents (Ars Technica) Showing a privilege log “would violate... the right against self-incrimination.”

Uber exec accused of stealing IP from Google made $120M, but worked on the side (Ars Technica) Google hammers on Levandowski, who remains in charge of Uber's self-driving cars.

ICO Fines 11 Charities for Privacy Lapses (Infosecurity Magazine) ICO Fines 11 Charities for Privacy Lapses. Household names guilty of underhand tactics

Police investigating alleged cyber-attack against Chestnut Ridge (The Tribune-Democrat) State police are investigating an alleged cyber-attack against Chestnut Ridge High School in Bedford County.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

cybergamut Technical Tuesday – 18 April 2017 – Operationalizing Deception for Advanced Breach Detection by Joe Carson of TrapX Security (Elkridge, Maryland, USA, April 18, 2017) Organizations continue to struggle with visibility of lateral movement inside their networks. When prevention technologies fail to stop the initial breach, an independent network based technology is needed...

Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps...

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy...

Upcoming Events

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.