Check out the Cyber Job Fair, April 19 in San Antonio.

Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, April 19 in San Antonio. Meet leading cyber employers including Bank of America, Parsons, Engility, Fulcrum and more. Visit ClearedJobs.Net or CyberSecJobs.com for details. 

The daily briefing.

As Facebook CEO Mark Zuckerberg moves from the Senate's frying pan to the House's fire, it appears that Facebook permissions allowed some apps to read messages between some users and their friends ("friends" in the sense of the Facebook term of art, not in the sense of people with whom one is connected by natural affection).

Yesterday's testimony appears to have won the social media platform few friends on either the left (Senator Cantwell looking for connections to Palantir) or the right (Senator Cruz suggesting that Facebook's a progressive monoculture). The Senators' performance strikes much of the industry press as revealing interesting gaps in the lawmakers' familiarity with technology. (In fairness to the Senators, they're not the only ones who have trouble grasping how Facebook handles data—WIRED thinks most users are in the same boat.)

Mr. Zuckerberg indicated willingness to accept closer Government regulation of social media. He also said artificial intelligence should have hate speech under control within ten years.

Patch Tuesday addressed sixty-six Microsoft bugs. One is an unusual keyboard issue; another is a SharePoint vulnerability that Redmond says hasn't been exploited in the wild despite its having leaked in advance of the patch.

Editorialists urge the EU to get serious about sanctioning Russia, support for Assad in Syria being the country's most recent offense. Attacks on infrastructure by Russian operators are still widely expected. Some US officials in and around NSA and US Cyber Command hint not-so-darkly about an ability to hold Russian infrastructure at risk.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

Today's edition of the CyberWire reports events affecting Australia, Brazil, the European Union, Hungary, India, Mexico, Pakistan, Russia, Sint Maarten, the United Kingdom, and the United States.

Headed to RSA? Get a free pass expo pass on LookingGlass!

RSA can be hectic, but we’ll make putting together your schedule easy for you. If want to know the latest trends and technology in cybersecurity and threat intelligence, look no further than LookingGlass Booth #100 in the South Hall. We offer solutions – not more work – for your toughest security challenges. Come meet with us on the Expo floor or at our meeting suite in the Marriott – enjoy the discussion, demos, and refreshments. Get your free pass here.

On the Podcast

In today's podcast we hear from our partners at Accenture, as Justin Harvey discusses cyber hygiene blind spots. Our guest, Nahuel Sanchez from Onapsis, makes everyone's flesh creep with tales of vulnerable password recovery systems.

Sponsored Events

Wombat Security at RSA Conference 2018 (San Francisco, California, United States, April 16 - 20, 2018) Cyberthreats lurk around every corner. Visit our booths at RSA to ensure you are providing your team with the tools they need to be cybersecurity heroes in your organization: South Expo 1033 and North Expo 4701. We’ll be presenting: a sneak peek at our new superhero-themed Awareness Video Campaigns; a free copy of our security awareness comic book, and previews of our newest training modules, including GDPR, Insider Threats, and Password Policy.

XM Cyber is coming to RSA (San Francisco, California, United States, April 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Cyber Job Fair, April 19, San Antonio visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, April 19, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, April 19 in San Antonio. Meet leading cyber employers including Bank of America, Parsons, Engility, Fulcrum and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

HackNYC2018 (New York, New York, United States, May 8 - 10, 2018) Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes. Use code CWIRE20 for 20% off the $50.00 individual ticket price.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Cambridge Analytica Could Have Also Accessed Private Facebook Messages (WIRED) A Facebook permission allowed an app to read messages between 1,500 Facebook users and their friends until October 2015—data that Cambridge Analytica could have accessed.

Here's what you need to know before Mark Zuckerberg's testimony in Washington (Popular Science) Mark Zuckerberg will talk user data, Russian meddling, and possible regulations

Facebook and the Price of Tech Utopia (WIRED) Was everything users gained from Facebook worth what they gave up?

Steve Wozniak explains why he deactivated his Facebook account (Naked Security) As his 5,000 Facebook friends are about to find out, Apple co-founder Steve Wozniak has well and truly left the building.

How Pizza Night Can Cost More in Data Than Dollars (Wall Street Journal) Even a low-key evening at home can mean handing over a trove of personal information to high-tech companies

Most Americans Feel They've Lost Control Of Their Online Data (WAMU) Firms like Facebook use a business model that makes use of people's data. But not all data is created equal. Sharing purchasing habits? Most say that's OK. But private communications? No way.

Reddit's most popular meme forum was a hangout spot for Russian propaganda trolls (Quartz) The company's CEO revealed that r/funny, the site's second most popular subreddit, contained the largest number of posts from accounts linked to Russia's Internet Research Agency.

The Era of Fake Video Begins (The Atlantic) The digital manipulation of video may make the current era of “fake news” seem quaint.

Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw (Dark Reading) Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.

Brazil's Critical Infrastructure Faces a Growing Risk of Cyberattacks (Council on Foreign Relations) Most of the world's critical infrastructure—nuclear plants, electrical transmission systems, water treatment plants, etc.—is managed by internet-connected hardware and software that makes them vulnerable to cyberattacks.

"Impregnable" radar breached in simulated cyber attack (Marine Electronics and Communication) The nightmare scenario cannot be ignored, says editor Martyn Wingrove. Ethical hackers have now proven radar and other bridge systems are vulnerable

Death in paradise: 'Cyber attack' takes out national government's IT (Register) Half of a tiny Caribbean island, population 42,000, but still

Report: Internet ‘noise’ can mask increasing dangers to federal networks (Fifth Domain) A complex mix of traffic and services on federal networks provides hackers with an increasing number of exploitable opportunities as the government migrates to the cloud, a Cisco report found.

Careful what you wish for: Alexa may be eavesdropping (Times) Amazon’s Alexa is supposed to listen only when you call her name but she could soon be getting a lot nosier, with plans to eavesdrop on conversations and “whisper” shopping suggestions. The...

Mobile phishing: The biggest unsolved problem in cybersecurity (Lookout) Mobile phishing brings together new channels for phishing employees (such as messaging apps and SMS) and reduced screen size, causing one of the biggest problems businesses have faced in cybersecurity yet.

8 ways a supply chain raises cyber security risks (Health Data Management) For starters, providers may not have control over security related to the manufacturing process.

Security Patches, Mitigations, and Software Updates

Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) Adobe and Microsoft each released critical fixes for their products today, a.k.a “Patch Tuesday,” the second Tuesday of every month. Adobe updated its Flash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities in Windows and associated software.

Microsoft April Patch Tuesday Fixes 66 Security Issues (BleepingComputer) Earlier today, Microsoft released its monthly roll-up of security patches known as Patch Tuesday, and this month, the Redmond-based OS maker has fixed 66 security issues.

It's April 2018 – and Patch Tuesday shows Windows security is still foiled by fiendish fonts (Register) Adobe's Flash also up the spout

Cyber Trends

The NGFW is Dead (Security Boulevard) The NGFW is Dead Let’s get this out of the way – the next-generation firewall (NGFW) is dead. In ten years, the NGFW will be reduced to a glorified router. The cloud is the prime suspect in the NGFW’s death. The shroud of death and decay are all around the NGFW products. They are bloated, The post The NGFW is Dead appeared first on Anitian.

Cybersecurity Perspectives 2018: The Data Breach Effect (Scale Venture Partners) On March 2, 2018, Equifax provided updates related to its 2017 breach...

2018 Cybersecurity Perceptions & Practices (Logrhythm) See insights from hundreds of IT decision makers across the U.S., U.K., and Asia-Pacific regions regarding the state of their teams’ security maturity.

'Machine learning is the big one': Deloitte expert looks to the future of tech trends (CNBC) The dominant tech trend in places like Southeast Asia will be machine learning, according to a researcher from Deloitte.

Marketplace

Expel Raises $20M Series B For Customer Cybersecurity (Crunchbase News) B2B cybersecurity platform Expel announced today that it raised a $20 million Series B led by Silicon Valley-based Scale Venture Partners. New Enterprise Associates, Battery Ventures, Greycroft, and other venture capital firms also participated in the round.

Palo Alto Networks to buy endpoint detection and response startup Secdo (CRN Australia) To bolster its data collection and visualisation capabilities.

Government launches new London Cyber Innovation Centre (Government Computing Network) Former head of GCHQ Robert Hannigan will lead the centre’s industry advisory board

Fidelis Cybersecurity Names Former NetWitness Founder and eSentire Executive Chairman Nick Lantuh as President and CEO (Fidelis Cybersecurity) Cybersecurity Veteran to Spearhead Growth Strategy for Automated Detection and Response Company

CyberSN Expands Sales Leadership Team by Appointing Jason DeAmato as Vice President of Sales Training (Benzinga) CyberSN Expands Sales Leadership Team by Appointing Jason DeAmato as Vice President of Sales Training ,#1 Amazon Bestselling sales author, Former Director of Sales Training at...

Intercede chief executive steps down after 26 years (East Midlands) He moves to become a non-exec

Infoblox appoints Cherif Sleiman as SVP for International Business (Tahawul Tech) Infoblox has announced the appointment of Cherif Sleiman as Senior Vice President (SVP) International Business, responsible for driving business growth in international markets.

Quick Heal Technologies appoints Ms. Priti Rao to Board of Directors (Equity Bulls) Quick Heal Technologies appoints Ms. Priti Rao to Board of Directors

Products, Services, and Solutions

Duo Security and Akamai Partner to Create a Zero-Trust Ecosystem for Remote Workers (Duo Security) The solution eliminates the need for traditional remote user Virtual Private Networks (VPNs) and significantly improves security for organizations

Introducing ObserveIT 7.5: A Modern Approach for a Post-DLP World ObserveIT (ObserveIT) ObserveIT 7.5, the newest version of our insider threat solution, offers new features to help your security team identify, investigate and eliminate insider threats. This further advances our approach to insider threat detection and prevention in the post-DLP world. Learn about the new capabilities!

The Chertoff Group Unveils New Ransomware Readiness Assessment, Empowering Organizations to Defend Against Ransomware Attacks (Chertoff Group) The Chertoff Group is a premier global advisory firm focused exclusively on the security and risk management sector..

SafeBreach Expands Visa Partnership for Deeper Threat Intelligence Integration in Breach and Attack Simulation (GlobeNewswire News Room) Extension of Market First Capability Empowers Payment Industry Unparalleled Speed and Agility in Attack Prevention; Partnership on Display at RSA Conference 2018

DNSWatch is Now Available (WatchGuard) Phishing is one of the greatest threats facing small and midsize enterprise organizations today. WatchGuard DNSWatch service provides additional security to protect users at the DNS level, and adds a layer to RED and WebBlocker capabilities to block malicious connections on all ports and protocols – including those necessary during a phishing attack. 

Portnox Brings Increased Network Visibility and Enforcement with TrapX Integration (BusinessWire) Portnox, a market leader for network visibility, access control and device risk management solutions, and TrapX Security, the global leader in decepti

ThreatConnect, Inc. Ramps Up Its Technology Partner Program In Q1 Most Recent Integrations Include Tenable, FireEye, ArcSight and ReversingLabs (ThreatConnect) ThreatConnect, Inc.©, provider of the industry's only extensible, intelligence-driven security platform, announces it has added four key technology partner applications with Tenable, FireEye, ArcSight, and ReversingLabs. These applications and integrations are now part of the more than 350 existing integrations available in the ThreatConnect Platform.

Origin Protocol + NuCypher: Private Data on a Public Blockchain (Medium) I am astounded by what today’s biggest sharing economies like AirBnB and Uber have accomplished, allowing someone to share their home or…

M-Files : solutions de gestion intelligente de l'information (M-Files) Avec la gestion intelligente de l'information M-Files, les entreprises trouvent, partagent et sécurisent les documents et les informations.

Next-Generation HSMs from Utimaco Deliver Stronger Cloud Security and Pave the Way for Post-Quantum Cryptography (BusinessWire) Next-generation HSMs from Utimaco Deliver Stronger Cloud Security and Pave the Way for Post-Quantum Cryptography

Comodo Adds Free Security Features to Management Platform (Channel Partners) Comodo is looking to tap into that potential market by offering something that might very well be irresistible to MSPs — a centralized IT management platform that supports the addition of security services, all at a price that any MSP can afford. Qualified MSPs can get the Comodo One management platform, referred to as C1, for free, the company recently announced.

Coin Mining Malware and What Akamai Can do About It (Security Boulevard) It has been a busy few months for crypto-mining!...

Jetico Kicks off New Campaign to Help with GDPR Compliance (BusinessWire) On May 25th, the General Data Protection Regulation (GDPR) will be enforced, and the fines will start rolling in for organizations which are not yet c

IBM beefs up server security with new z14 (WRAL TechWire) IBM's server lines have historically been known for being higher performing than their x86 counterparts, and wih the unveiling of the z14, they are investing in improving their reputation for even greater security capabilities achieved through pervasive encryption.

Hartford unveils cyber response policy (Business Insurance) The Hartford Financial Services Group Inc. has introduced CyberChoice First Response, a policy designed to help protect businesses against cyber attacks.

Splunk turns data processing chops to Industrial IoT (TechCrunch) Splunk has always been known as a company that can sift through oodles of log or security data and help customers surface the important bits. Today, it announced it was going to try to apply that same skill set to Industrial Internet of Things data. IIoT is data found in manufacturing settings, typ…

Technologies, Techniques, and Standards

FIDO2: Authenticate easily with phishing-resistant security (Help Net Security) The FIDO2 specifications collectively enable users to authenticate easily to online services with desktop or mobile devices with phishing-resistant security.

Analysis of a Multi-stage Document Attack (Menlo Security) A malicious document is sent as an attachment in a phishing or spearphishing email. It only includes an embedded URL, with no malevolent code, enabling it to evade existing security solutions, like sandboxes and AV. The URL leverages an exploit, downloading malware to the user’s device. This is how a multi-stage attack, increasing in popularity and use by attackers, is launched.

The value of 20/20 hindsight in cybersecurity (CSO Online) Security will find indications of compromise revealed in public disclosures exponentially more valuable if they find a way to go back and compare historical data against the new intelligence.

There's security – then there's barbed wire-laced pains in the arse (Register) How do you strike a balance with compliance and UX?

Four Key Elements Of An Anti-Phishing Program (Secplicity - Security Simplified) The news is regularly filled with headlines of another big breach. For example, recently millions of customers at Saks and Lord & Taylor stores were affected by a breach. While it is still under investigation, initial reports point to it being the result of a phishing attack. It’s not surprising that hackers use this approach …

Marines bringing cyber to the fight, commander says (Defense News) The Marine Corps is experimenting with how it adds cyber warriors at the tactical edge, to be better prepared for a modern fight, according to the chief of Marine Forces Cyberspace Command.

How ODNS keeps your browsing habits secret (Naked Security) “Oblivious DNS” keeps your DNS traffic private without retooling the internet

Research and Development

DoD official: US not part of AI arms race (C4ISRNET) Dr. Michael Griffin, the under secretary of defense for research and engineering, has expressed concern that Pentagon acquisition practices are causing the U.S. to fall behind in emerging technologies such as artificial intelligence.

DARPA official: To build trust in AI, machines must explain themselves (Defense News) A DARPA official described the the inexplicable algorithms powering artificial intelligence as a strain on human-machine relationships.

Academia

Crypto-Education Soaring High Thanks to Big-Name Universities Like Stanford, CMU and UW (CryptoSlate) Ever since Bitcoin started gaining widespread media traction a couple of years back, educational institutions all across the globe have been taking notice of this sector and have begun offering students with specially tailored programs that will give their digital careers a good head-start.

WPI Professor Debuts Start-up Company at RSA Security Conference (WPI) With the backing of the Department of Homeland Security (DHS), a WPI computer science professor is gearing up to show off his network security start-up at one of the world’s largest and most influential cyber security conferences.

Lewis University Wins DOE’s 2018 Cyber Defense Competition (Energy.gov) Lewis University Wins DOE’s 2018 Cyber Defense Competition

NSU doubles space allotted to cybersecurity (Virginian-Pilot) A grand opening April 23 will celebrate the 6,300-square-foot Cybersecurity Complex on the sixth floor of the Marie V. McDemmond Center for Applied Research.

Legislation, Policy, and Regulation

The EU must get serious about Russian sanctions (Times) The Russians are rattled, not so much by the war drums beating in the White House as by an extraordinary range of US sanctions that target the very essence of Vladimir Putin’s state. One Russian...

NSA official: U.S. has yet to hit Russia back 'where it hurts' for cyber aggression (Cyberscoop) Natalie Laing, the deputy director of operations at the NSA, said that the U.S. doesn't "yet have the political fortitude to say how we'll strike back."

Military Set for Cyber Attacks on Foreign Infrastructure (Washington Free Beacon) America is ready to shut critical infrastructures in China and Russia during a future conflict by conducting cyber intrusions into their networks.

The U.S. still doesn’t have a cybersecurity doctrine (Axios) The country's ability to fight back against cyberattacks is limited.

ASD to review Australia's cybersecurity and 'drive out known problems' (ZDNet) New Australian Signals Directorate chief Mike Burgess outlines his priorities for the restructured agency's next 12 months.

Big brother, robot overlords and intelligence acquisition reform (C4ISRNET) The slow pace of acquisition isn't the government's only problem buying new technology.

States to Game Out Election Threats in Homeland Security Drills (Bloomberg.com) The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote.

TRANSCOM chief calls on Congress for national cybersecurity standard (FederalNewsRadio.com) U.S. Transportation Command leader Gen. Darren McDew said Congress needs to bridge the cybersecurity gap.

Thomas Bossert, Trump’s Chief Adviser on Homeland Security, Is Forced Out (New York Times) A day after John R. Bolton went to work as national security adviser, he began shaking up the Trump administration’s national security ranks, ousting President Trump’s chief adviser on homeland security, Thomas P. Bossert.

Trump’s homeland security adviser resigns (Federal Times) Tom Bossert, who joined the White House as homeland security adviser the first day of the Trump administration, will leave the post after just over a year in it.

Litigation, Investigation, and Law Enforcement

Zuckerberg Faces Criticism From Congress at Facebook Hearing—Live Analysis (Wall Street Journal) Live updates and analysis of the Capitol Hill testimony by Facebook CEO Mark Zuckerberg.

Congress grills Zuckerberg, day one: How does this online stuff work? (Naked Security) On Tuesday, senators began their questioning of the virgin-to-Congressional-grilling, Mark Zuckerberg.

Watch Zuckerberg Struggle to Answer Sharp, Uncomfortable Questions About Peter Thiel’s Creepy Company (Slate Magazine) Sen. Maria Cantwell tried to tease out a really important thread.

Mark Zuckerberg's Privacy Shell Game (WIRED) In his testimony to Congress, Facebook CEO Mark Zuckerberg repeatedly misrepresented the amount of control Facebook users really have over their data.

If Congress Doesn't Understand Facebook, What Hope Do Its Users Have? (WIRED) The basic lines of questioning Congress pursued show just how inscrutable Facebook remains to most Americans.

Facebook boss Mark Zuckerberg agrees to tighter regulation (Times) Mark Zuckerberg, the Facebook chief, agreed last night to greater regulation of his company in response to a huge leak of personal information from the social network. He made the concession as it...

Mark Zuckerberg is confident he can “protect the integrity” of the 2019 Indian elections (Quartz) In less than a year, more than 133 million first-time voters are expected to take to the polls in the world’s largest democracy.

Mark Zuckerberg just gave a timeline for AI to take over detecting internet hate speech (Quartz) "Until we get it automated, there's a higher error rate than I'm happy with."

Putin says hopes chemical watchdog meeting can put end to Skripal row (Reuters) Russian President Vladimir Putin said on Tuesday he hoped a planned meeting of the global chemical weapons watchdog would help to defuse a major diplomatic row triggered by the poisoning of a former Russian double agent in England.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Wombat Security at RSA Conference 2018
XM Cyber is coming to RSA
Cyber Job Fair, April 19, San Antonio visit ClearedJobs.Net or CyberSecJobs.com for details.
HackNYC2018

Newly Noted Events

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio and the state of Texas. This conference is brought to you be the CyberTexas Foundation and the Federal Business Council (FBC), in conjunction with CyberUSA, and leaders from federal and local government agencies, industry, and academia. Key features of this conference include building on the four pillars of CyberUSA: Communication, Education, Innovation, and Workforce Development. Each topic will feature prominent speakers and panels from Texas and beyond to strengthen the cybersecurity ecosystem.

CyberMaryland 2018 (Baltimore, Maryland, USA, October 9 - 10, 2018) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. The theme, “Leading the Cyber Generation,” captures the event’s intent to provide unparalleled information sharing and networking opportunities for development of cyber assets on both the human and technological side. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cyber Security.

Upcoming Events

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language (Arlington, Virginia, USA, April 12, 2018) With the support of the Hewlett Foundation, the National Security Institute is excited to host “Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language.” This networking event brings together technologists and leading policymakers to bridge the gap between non-technical and technical cyber professionals.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

5th Annual Cybersecurity Summit (McLean, Virginia, USA, April 24, 2018) Join the Potomac Officers Club for the Fifth Annual Cybersecurity Summit to hear from public and private sector leaders on how federal agencies can improve their respective data security measures.

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will discuss the legal processes of projecting power in the domain of cyberspace and what capabilities require legal review relating to Defensive Cyberspace Operations (DCO) -- both Internal Defense Measure (IDM) and Response Actions (RA) -- as well as Offensive Cyberspace Operations (OCO).

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to tackle today's threats, as well as arm them with the knowledge, tools and expertise to protect their organizations and advance their careers. Registered attendees will be immersed in two days of insightful, strategic cybersecurity knowledge.

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for kinetic cyber attack. Be part of defining solutions and illuminate risks aimed at critical national Infrastructure. Hack NYC is about sharing big ideas on how we will fortify our daily life and economic vitality. The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative technical best practices. Don’t miss this outstanding opportunity to share your expertise with our Ignite community of distinguished security professionals and researchers.

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Asia-Pacific Community Meeting is the place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of EDM strategy and analytical capabilities, while of course remaining compliant. Join us for the only conference around to challenge your current data strategy and evaluate your technology investments. Have your voice heard at interactive workshop tables, learn from peers facing the same challenges at their respective firms, listen to the experts, hear their success stories, and meet 350+ senior decision makers over 5 networking breaks - all this for only one day out of the office!

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire, Inc.