skip navigation

More signal. Less noise.

Daily briefing.

Ukraine yesterday accused Russia of conducting new cyber attacks on Ukrainian infrastructure. Oleksandr Tkachuk, chief of staff of Ukraine's security service, said at a press conference that Russian intelligence services were orchestrating a campaign that enlisted the aid of both security firms and criminal hackers to attack Ukraine's energy and financial sector. Tkachuk claimed that the intelligence Ukraine had developed suggested that the threat actors were those responsible for the BlackEnergy malware implicated in earlier attacks on his country's power grid.

CrowdStrike CTO Dmitri Alperovitch described how threat actors (again, principally Russian ones) had adapted their tactics since last year's influence operations directed against US elections. Alperovitch sees a trend: hackers are likelier than before to release compromising information taken from their targets, and they're showing a new readiness to alter that information before disseminating it.

Researchers at VU have published a method of bypassing the address space layout randomization (ASLR) protections in major browsers and operating systems. Should this exploitation method be confirmed, it would have serious general implications for security.

In industry news, Yahoo! may be reducing the asking price in its planned acquisition by Verizon. Reports suggest Yahoo! may now be willing to accept more than $300 million less initially planned. The reduction is seen as having been reduced as a result of the very large breaches Yahoo! disclosed last year.

Western security, intelligences, and diplomatic services make a concerted attempt to counter ISIS messaging.

US President Trump offers the National Security Advisor post to Robert Harward.

Notes.

Today's issue includes events affecting European Union, Iraq, Russia, Syria, Ukraine, United Kingdom, United States, and Yemen.

In today's podcast, we hear from Dale Drew of our partner Level 3 on choosing security providers, and our guest James Lyne from Sophos will offer his take on the RSA show.

Interested in some big-picture informed speculation about 2017? Give the special prognostication edition of our podcast a listen. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Dateline RSA 2017

In and Around the 2017 RSA Conference (Network World) Interesting announcements on cognitive computing, endpoint security, middleware, and threat intelligence

Photos: RSA Conference 2017 Expo, part 1 (Help Net Security) RSA Conference 2017 is underway at the Moscone Center in San Francisco. Here are a few photos from the Expo floor. Featured companies: Qualys, ThreatQuotie

Photos: RSA Conference 2017, Early Stage Expo (Help Net Security) Photos from RSA Conference 2017, Early Stage Expo

RSA 2017: Deconstructing macOS ransomware (Naked Security) Mac users, if you think your machines can’t be hit with ransomware, think again: they can. We look at some of the common variants and what you can do to protect yourself

RSA: Elite cryptographers scoff at idea that law enforcement can ‘overcome’ encryption (TechWorld) Attorney General Jeff Sessions’ call for a way to “overcome” cryptography met with scorn by a panel of elite cryptographers speaking at RSA Conference 2017.

Forget quantum and AI security hype, just write bug-free code, dammit (Register) Crypto panel lets loose at conference

7 deadliest cyberattack techniques for 2017 (Fifth Domain | Cyber) Experts from the SANS Institute explain the top threats currently evolving in cyberspace.

Why Connected Gadgets Need Security 'Nutrition Labels' (Fortune) The world is not transparent enough about its security, says Symantec’s tech chief.

McCaul tells cyber security conference of Russian role in US election (The Irish Times) ‘These were Americans in the crosshairs of the Kremlin’ US congressman tells RSA

Security is number one issue plaguing business, Michael Dell tells RSA Conference 2017 (Computer Busiess Review) On the ground in San Francisco, CBR reports from RSA Conference 2017 where Michael Dell was a surprise guest at the opening keynote of the show.

Dell Details Security Strategy at RSA Conference (eWeek) VIDEO: Speaking at the RSA Conference, Michael Dell discusses his company's security strategy.

Cloud Security Alliance Releases New Software Defined Perimeter for Infrastructure-as-a-Service Research (Cloud Security Alliance) The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the release of new research on Software Defined Perimeter (SDP) for Infrastructure-as-a-Service (IaaS)

Data-centric IoT security for Hadoop Big Data environments (Help Net Security) HPE SecureData for Hadoop and IoT is designed to easily secure sensitive information that is generated and transmitted across IoT environments.

ThreatConnect Launches Four New Threat Intelligence Products - American Security Today (American Security Today) Recognizing that security operations and threat intelligence are not one size fits all, ThreatConnect, has introduced a new suite of products designed for organizations just getting started with a threat intelligence program or those looking to expand. All products are built on the ThreatConnect Platform which was created to help organizations understand adversaries, automate their …

Nuance and BioCatch team up on biometrics-based fraud detection (Finextra Research) Nuance Communications, Inc. today announced from the RSA Conference that it has partnered with BioCatch, the global leader in behavioral biometrics to deliver continuous authentication on the web and mobile as part of the Nuance Security Suite solution.

Logtrust debuts analytics solution for detecting threats in real-time (Help Net Security) Logtrust announced at RSA Conference 2017 its Real-time Integrated Threat Analytics Solution Program. The program enables companies to build solutions that

Remote credential rotation for distributed environments (Help Net Security) Bomgar Vault helps organizations secure, manage, and administer, and shared and sensitive credentials for privileged users and IT vendors

Preempt Extends Behavioral Firewall with Support for New Contextual Data Sources and Threat Enforcement Solutions (Yahoo! Finance) RSA 2017 -- Preempt, pioneer of the industry's first behavioral firewall, today announced several new technology integrations for its Preempt Behavioral Firewall, which makes it possible for customers ...

Trustwave introduces proactive threat hunting service (Help Net Security) Trustwave announced new and enhanced managed security and professional services designed to help short-circuit an attacker’s activities.

New Security Research – the Software-Defined Perimeter for the Cloud - Cloud Security Alliance Blog (Cloud Security Alliance Blog) By Jason Garbis, Vice President of Products, Cryptzone On behalf of the Cloud Security Alliance, I’m pleased to announce the publication of our newest security research from the Software Defined Perimeter (SDP) Working Group, exploring how the SDP can be applied to Infrastructure-as-a-Service environments. Thanks to all the people who commented and contributed to this research …

Imperva Detects and Protects Against Ransomware with the Introduction of SecureSphere v12 (Yahoo! Finance) RSA– Imperva, Inc., committed to protecting business-critical data and applications in the cloud and on-premises, today announced the release of Imperva SecureSphere File ...

Proofpoint Launches Digital Risk Defense, First to Extend Integrated Phishing and Fraud Defense Across Critical Digital Channels - NASDAQ.com (NASDAQ.com) Digital risk market leader extends visibility and protection across company employees, company brands, and company customers to stop targeted phishing and social engineering attacks

New threat intelligence service from ESET helps enterprises predict emerging cyber threats (ESET) In today’s globalized world, it is critical for organizations to gather threat intelligence from the widest possible range of sources in order to adapt to the ever-changing security landscape.

FireMon Leads Industry with Intelligent Security Management at RSA Conference 2017 (Yahoo! Finance) Booth #S1121, South Hall, Moscone Center, San Francisco February 13-16, 2017 FireMon, the leader in Network Security Policy Management , is previewing its Intelligent Security Management ...

Cavirin Announces General Availability of Pulsar Continuous Security Compliance Platform at RSA 2017 (Yahoo! Finance) Cavirin Systems, Inc. today announces the general availability of Pulsar, its next generation security platform, which builds on Cavirin’s successful ARAP for an 80 percent decrease in the chance of breach and a 90 percent decrease in the cost of remediation.

Zentera Systems Wins Start Up of the Year Award from Info Security PG Global Excellence Awards 2017 (PRNewsire) Zentera Systems, Inc., the leader in infrastructure...

EdgeWave Honored As Best Product Winner in the 5th Annual 2017 Cyber Defense Magazine InfoSec Awards in Content Management & Filtering Solutions (Marketwired) Recognizing Innovation During the RSA® Conference 2017

Deep Instinct Honored as Hot Company Winner in the 5th Annual 2017 Cyber Defense Magazine InfoSec Awards in Anti-Malware Solutions Category (BusinessWire) Recognizing innovation during the RSA® Conference 2017

CloudPassage Halo Wins Product and Customer Awards for Innovations in Cybersecurity (Marketwired) Security-as-a-service platform selected as Most Innovative Cloud Security Solution, among other honors

Ivanti Scores Double Awards for its Security Solutions (Yahoo! Finance) Today at RSA Conference 2017, Ivanti , a leader in integrating and automating critical IT tasks, announced that it has received two industry awards for its ...

ThreadFix Receives Info Security PG's 2017 Global Excellence Awards (BusinessWire) Denim Group, a leading independent application security firm, announced today that ThreadFix has been named a Silver winner for the 13th Annual Info Security PG’s Global Excellence Awards® in Innovation and Compliance and a Silver winner for Security Products and Solutions for Finance and Banking.

CrowdStrike Wins 2017 SC Award for Best Security Company and Best Behavior Analytics/Enterprise Threat Detection (BusinessWire) Company also takes home three awards at the Info Security PG’s Global Excellence Awards, including Innovative Company of the Year

Tenable Wins Best Risk/Policy Management Solution at the 2017 SC Awards (BusinessWire) Leading cybersecurity company is recognized for providing customers comprehensive risk measurement and reporting capabilities

Duo Security Honors Extraordinary Achievements in InfoSec at Third Annual "Women in Security" Awards (PRNewswire) Duo Security, the leading cloud-based Trusted Access provider and one of...

Cyber Attacks, Threats, and Vulnerabilities

Ukraine charges Russia with new cyber attacks on infrastructure (Reuters) Ukraine on Wednesday accused Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes, the latest in a series of cyber offensives against the country.

Hackers shift tactics after 2016 US election: CrowdStrike (LiveMint) Undeterred by sanctions imposed on Russia by the US in response to cyber attacks, hackers are likely to leak altered information they steal, says CrowdStrike CTO Dmitri Alperovitch

XAgentOSX Mac malware linked to Russian hacking group (Help Net Security) The backdoor Trojan authors have called it XAgentOSX, which shares the name XAgent with one of Sofacy’s Windows-based Trojan.

Researchers bypass ASLR protection with simple JavaScript code (Help Net Security) A group of researchers have managed to bypass ASLR protections of major operating systems by exploiting a common feature of computer microprocessors.

AnC - VUSec (VUSec) Address Space Layout Randomization Address space layout randomization or ASLR in short is a first line of defense against attackers targeting Internet users. ASLR randomizes the location of an application’s code and data in the virtual address space in order to make it difficult for attackers to leak or manipulate the data or reuse the … Continue reading AnC →

Russian-Speaking Hacker Breaches Over 60 Universities and Government Agencies (Recorded Future) Recently we reported on the U.S. Election Assistance Commission hack. Rasputin’s latest victims include global universities and U.S. government agencies.

Russian-Speaking Hacker Selling Access to the US Election Assistance Commission (Recorded Future) Recorded Future has successfully attributed a breach of the U.S. Election Assistance Commission (EAC) to a Russian-speaking hacker.

Russian-speaking code writers fuel ransomware ‘business,’ says report (Fifth Domain) Several large groups of Russian-speaking cyber criminals have been identified as specialists in crypto ransomware development and distribution, which is surging globally according to attack statistics gathered by antivirus/cybersecurity provider Kaspersky Lab.

Security warning over Intel chip design flaw (Computing) Design flaw identified in Intel Haswell CPUs last year might be more widespread than first thought

Doubling Down Against the Jihadist Message (Cipher Brief) With the recent U.S. military raid in Yemen and the ongoing campaign in Mosul, the Trump Administration is so far continuing the United States’ longstanding counterterrorism strategy: conducting drone strikes to eliminate terrorist leaders; launching Special Forces operations to capture or kill high-value targets; and working with allies on the ground to offset conditions that foment extremism.

Mosul offensive producing treasure trove of intel (Washington Examiner) The second phase of the Iraqi operation to liberate Mosul will begin any day now, but the ground offensive has already produced a treasure trove of intelligence, thanks in part to the compulsive documentation by the Islamic State. The eastern part of the city has been freed from two years of brutal rule by ISIS, a time in which the terrorist group amassed voluminous records that have now been captured and are being exploited by Iraq and U.S. intelligence. I can tell you that in Mosul, a huge amount of material has been gathered, said Maj. Gen. Rupert Jones, a British general who serves as deputy commander for the counter-ISIS coalition. You know that Daesh [ISIS] are a very bureaucratic organization. They keep records, Jones told Pentagon reporters in a briefing from Baghdad Wednesday. It would be speculation at this stage as to what that material might lead to. But I think in all likelihood it will point to terror plots.

This Android Trojan pretends to be Flash security update but downloads additional malware (ZDNet) Malware tricks users into opening Android Accessibility menu, enabling the attacker to mimic users' clicks and select anything displayed on their screen.

Cisco defends Smart Install protocol (The Stack) Cisco has stated that the Smart Install protocol, which allows for remote, unauthenicated switch login is a value-added feature, rather than a vulnerability

University’s internet brought down by cyber-attack making vending machines search for seafood (Irish Examiner) This is worse than when they take your money but your crisps get jammed.

The six biggest cyber threats GCHQ's security centre wants us to be worried about (WIRED UK) Robots, the Internet of Things, government hacking and satellites all fall under GCHQ's National Cyber Security Centre remit

Attack types companies expect to encounter in 2017 (Help Net Security) What are the key attack types expected to cause the biggest security problems in 2017 and how successful will businesses be at defending against them?

Cyber Trends

Akamai: Rise of IoT Devices Causes Some Security Concerns (TV Technology) The Internet of Things (IoT) is a development that looks to connect the internet into everyday devices and a key part of many industries plans moving forward.

Exclusive: Mimecast Report Indicates Cybersecurity Lags Behind Both Perceived Threat And Real Damage (Forbes) Corporate cybersecurity has not kept up with either perceived security threats or damage resulting from security failures according to a report released today by Mimecast, an email security company.

Centrify Confirms the Enterprise Security Industry Has Failed to Stop Breaches (BusinessWire) Organizations spend $75B on security, yet Centrify-commissioned Forrester study reveals 83 percent are at high risk, and being breached at an alarming rate

AppRiver Releases 2016 Year-End Global Security Report (PRWeb) The report notes the rise of botnets, Internet of Things, and mobile malware and makes predictions for 2017.

European businesses are not prepared to handle a cyber attack (BetaNews) More than half of companies in the UK, US and Germany (53 percent) are not prepared to face a cyber-attack. This is according to a new report by specialist insurer Hiscox, which has polled more than 3,000 companies for the report.

Forget Artificial Intelligence. 'Artificial Stupidity' Is the Real Threat (Fortune) Says the head of Cisco's security business.

Marketplace

Cyber attacks lead Yahoo to accept price cut on $4.8bn Verizon deal (Financial Times) Internet company and acquirer close to agreeing $300m discount

Yahoo notifying users of malicious account activity as Verizon deal progresses (TechCrunch) Yahoo is continuing to issue warnings to users about several security incidents as it moves toward an acquisition by Verizon. Users are receiving..

Cisco earnings: Will big bets on software pay off? (MarketWatch) When Cisco Systems Inc. reports earnings Wednesday, the big question will be if the networking giant’s repeated gambles on software can reverse a yearlong sales slide, or at least point to a reversal of that trend in the future.

Gemalto In A Bruising Transition Period (Seeking Alpha) A steep decline in the SIM card business has drained the growth from this leader in digital security, and a slower EMV transition in the U.S. makes it even wors

Akamai Technologies, Inc. (NASDAQ:AKAM) Under Analyst Spotlight - UK Market News (UK Market News) Amid volatile financial markets and the presidential election, various investment brokerages have made amendments to their price targets and ratings on shares of Akamai Technologies, Inc. (NASDAQ:AKAM). Based on the latest brokerage notes which have been released to investors, 8 brokers have issued a rating of “strong buy”, 6 brokers “buy”, 9 brokers “neutral”, 1 …

KEYW Is A Pure Play On Cyber And Intelligence (Benzinga) RBC Capital’s Matthew McConnell believes KEYW Holding Corp. (NASDAQ: KEYW) has “share gain opportunities in untapped intelligence agencies, strong early returns from...

Avast CTO: AVG Purchase Lets Us Build Tools For Data-Driven Cybersecurity Era (Silicon UK) INTERVIEW: Avast bought AVG for £1bn last year so it can gain access to 1 in 3 PCs around the world and build new security tools

Symantec Inks Deal With British Telecom Parent (Investopedia) The new partnership with BT Group aims to meet the demands of a transformed hybrid IT ecosystem.

Microsoft has burnished its security credentials and garnered NSA's endorsement too! (Hardware Zone) Microsoft has announced a number of security initiatives on both its hardware and software services. In fact, some of them have even garnered the endorsement of the National Security Agency (NSA); do read on for more details.

Chuck Brooks Wins 2017 Cybersecurity Marketer of the Year | WashingtonExec (WashingtonExec) The 2017 Cybersecurity Excellence Awards announced Chuck Brooks as the Cybersecurity Marketer of the Year. Brooks serves as Sutherland Government Solutions

Products, Services, and Solutions

Encrypted chat app Wickr opens code for public review (TechCrunch) Security researchers have wanted a peek at Wickr's code since the secure messaging app launched in 2012, and now they're finally getting that chance. Wickr..

Clavister Launches Innovative Endpoint Protection Solution (PRNewswire) Clavister (Nasdaq: CLAV), a leader in high-performance network security, has...

Carbon Black only vendor to secure perfect prevention score in NSS Labs’ advanced endpoint protection test - stopped all attacks (CSO) Carbon Black, a leader in next-generation endpoint security, today announced it achieved 100 per cent block rate and 100 per cent total coverage score in NSS Labs’ Advanced Endpoint Protection (AEP) Test, securing the distinguished rating: “recommended for security effectiveness” by NSS Labs.

Anomali Announces Cybersecurity Updates, Phishing Protection (MediaPost) Anomali announced a host of new updates to its threat intelligence platform on Monday, including the addition of a detection service to halt damaging email-based phishing attacks.

Company Update (NASDAQ:FEYE): FireEye Inc Announces Exploit Prevention and Anti-Virus Replacement for the Endpoint Security (Smarter Analyst) FireEye Inc (NASDAQ:FEYE) announced several enhancements to its endpoint security solution designed to offer unparalleled ...

Metadefender Cloud Client use Heuristic Detection to analyze malware (The Windows Club) Metadefender Cloud Client is a free malware analysis tool that employs heuristic detection method with more than 40 malware detection engines.

TrapX Deepens Deception Capabilities with DeceptionGrid 6.0 (Marketwired) Latest version introduces powerful Deception-in-Depth architecture featuring a full OS that can completely replicate a production environment while increasing the ability to visualize attacks

Ixia Expands Visibility Portfolio with Industry’s Most Modular, Very High Density, Network Tap (BusinessWire) Ixia (Nasdaq: XXIA), a leading provider of network testing, visibility, and security solutions, today announced the latest addition to the industry’s largest portfolio of reliable network taps for monitoring live network traffic – Flex Tap™ VHD.

Bay Dynamics Quantifies the Financial Impact of Cyber Risk (Yahoo! Finance) During the 2017 RSA Conference, Bay Dynamics® is announcing a significant evolution of its flagship Risk Fabric® cyber risk analytics platform. Risk Fabric, which has been collecting, analyzing and correlating ...

HP (HPQ) Partners with Bromium; Unveils Sure Click Solution (Zacks) Leading PC manufacturer, HP Inc. (HPQ - Free Report) and Bromium Inc. have signed a new agreement aimed at providing secured Internet search experience to users.

ELEVI Associates Selects Light Point Security as Its Exclusive Isolated Browser Partner (Hawaii News Now) Light Point Security and ELEVI Associates form strategic partnership to bring malware-free browsing to ELEVI's Fortune 100 and government customers

Terror attacks? There’s an app for that (C4ISRNET) TerrorMate is the world's first encrypted terrorism alert app for smartphones, according to developer Defense Trading Solutions.

How Duo Beyond wants to remove the network perimeter and get rid of the VPN - TechRepublic (TechRepublic) Ruoting Sun, of Duo Security, reveals how Duo Beyond makes Google-style BeyondCorp trusted web access available to any enterprise, challenging the traditional approach to security.

Keybase offers encrypted chat where you control all the pieces (Macworld) The cryptographic identity validation service Keybase has added end-to-end encrypted chat to rival WhatsApp and iMessage.

Palo Alto Networks extends safe application enablement and breach prevention (DATAQUEST) Palo Alto Networks, a security company, announced advancements to its Next-Generation Security Platform that extends the ability for customer organizations to safely enable applications, including SaaS options, content and users...

Technologies, Techniques, and Standards

The Power of Persuasion in Countering Terror (Cipher Brief) As part of the State Department’s Bureau of Counterterrorism and Countering Violent Extremism (CVE) during the Obama administration, Michael Ortiz helped develop and launch a new CVE strategy and also worked to build the case internationally for those efforts.

Countering Extremism: A Problem for Civil Society (Cipher Brief) The Cipher Brief's Executive Producer and Reporter Leone Lakhani, spoke with Haras Rafiq, CEO of Quilliam, to discuss how the organization works to counter the narratives propagated by extremist groups.

Security researchers trick 'CEO' email scammer into giving up identity (InfoWorld) Dell SecureWorks is encouraging businesses to use these tips to fight back against phishing schemes

Security in the cloud (FCW) SaaS applications are changing the way agencies work -- but new security approaches are needed when you no longer have a perimeter to protect.

Research and Development

Hardware Over Hard Forks: How Accenture Plans to End Blockchain's Security Debate - CoinDesk (CoinDesk) Can dedicated hardware bring institutions on board with blockchain in a way that consensus-driven hard forks can't? This company is betting on it.

Academia

Government focuses on young people to tackle cyberskills shortage (Naked Security) Scheme aims to have nearly 6,000 teenagers trained in cyberskills by 2021

Legislation, Policy, and Regulation

The Kremlin Is Starting to Worry About Trump (Foreign Policy) Vladimir Putin's entourage cheered the outcome of the U.S. election – until they saw exactly what they were dealing with.

Digital Economy Bill Could Empower Government to Force Internet Companies to Act on Piracy (Computing) Search engine companies may be compelled by government to implement an "anti-piracy code"

HMRC denies reports it plans to develop its own authentication system and dump Gov.UK Verify (Computing) HMRC will still use Gov.UK Verify for individual taxpayers

Trump offers national security adviser post to Vice Admiral Harward: sources (Reuters) The Trump administration has offered the job of White House national security adviser, vacated by former U.S. intelligence official Michael Flynn, to Vice Admiral Robert Harward, said two U.S. officials familiar with the matter on Wednesday.

Trump Defends National Security Adviser He Ousted (VOA) US president condemns 'illegal' leaks from country's intelligence community that leads to forced resignation of Michael Flynn

Report: Intelligence officials withhold information from Trump (TheHill) The information was withheld from the president in fear that that it would be leaked.

Q&A: NGA program director tells states to get back to basics on cybersecurity (State Scoop) Getting everyone in the same room is a step that states can take today to help safeguard their assets, says the association's cybersecurity guru, Tim Blute.

Litigation, Investigation, and Law Enforcement

GAO: Cyber attack threat from federal employees (Washington Examiner) A new report points a finger at insider threats from federal workers on the government's vast cyber and computer system, joining foreign nations as a danger to sensitive and classified information and even personal info. The General Accountability Office also declared frustration with the Obama administration in its new report over its failure to implement 1,000 security fixes needed to close the door to hackers, inside and out. While the review of U.S. cyber effectiveness was done before President Trump took office, it provides fresh evidence that both foreign actors and insiders are a hacking threat to government systems.

Government Has Yet to Implement Roughly 1,000 Cyber Security Recommendations » THE DISTRICT SENTINEL news co-op (THE DISTRICT SENTINEL news co-op) A report released by the Government Accountability Office (GAO) on Tuesday revealed that federal agencies are dragging their feet establishing necessary safeguards against cyber attacks. The government watchdog noted that it has over recent years made about 2,500 recommendations to agencies to bolster their cyber defenses. “As of February 2017,” the report went on to state, “about 1,000 of our information security-related recommendations had not been implemented.” Federal information security, protecting critical infrastructure, and defending the government’s store of personally identifiable information are all listed as “high…

CrowdStrike denied bid to block security report in legal challenge against ''subversive'' NSS Labs | ZDNet (ZDNet) CrowdStrike deemed NSS Lab's operations "unethical, illicit, and subversive," but the courts did not uphold this belief.

‘World’s eighth-worst spammer sent more than a million emails’ (Naked Security) Michael Persaud faces 10 counts of wire fraud, each punishable by up to 20 years in jail

Man sues Uber after privacy flaws ‘led to his divorce’ (Naked Security) French plaintiff alleges that a flaw meant his wife was alerted to trips pointing to his affair despite him signing out of his account on a shared smartphone

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training...

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24,...

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can...

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers,...

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.