Are you investing wisely in threat intelligence?

Download this free guide from Recorded Future to learn the 11 questions you must answer before buying threat intelligence.

The daily briefing.

AMD continues investigation of the backdoors CTS Labs says it found in AMD chips. CTS claims that chipsets are shipping with exploitable manufacturer's backdoors, installed by Taiwan-based manufacturer ASMedia, a subsidiary of ASUSTeK. The backdoors appear to be a supply chain issue. Motherboard observes that in February ASUSTeK settled a US Federal Trade Commission complaint over router hardware security flaws.

CTS Labs apparently gave AMD just a day before going public with its disclosure; they've been criticized sharply for the short deadline. Their report has also been called out for what critics regard as its strong marketing tone.

Proofpoint says BlackTDS, a traffic distribution system, is gaining significant black-marketshare, sold in dark web souks for $6 per day (longer subscriptions available at a discount). Criminal clients post their malware and BlackTDS handles distribution.

Kroll Cyber Security describes PinkKite, a small, unusually persistent bit of point-of-sale malware.

The US Securities and Exchange Commission has brought insider trading charges against a former Equifax executive who dumped his company's stock after learning of its 2017 breach but before that breach was publicly disclosed.

Moscow has taken a very hard line against British charges that Russia tried to assassinate a spy in the UK with nerve agent. Russian representatives demand to see evidence (including samples of the agent), call the attempted murder a provocation, warn against cyber retaliation, promise tit-for-tat expulsion of twenty-three diplomats, and caution Britain against threatening a nuclear power. The UK has requested an emergency meeting of the UN Security Council.

[250]

Cylance is proud to be the CyberWire sustaining sponsor for 2018. Learn more about how Cylance prevents cyberattacks at cylance.com

A note to our readers: the CyberWire is happy to have been chosen as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here.

Today's edition of the CyberWire reports events affecting the European Union, France, Germany, Russia, Sweden, the United Kingdom, and the United States.

Intelligent response to doing more with less

Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. How do you fend off these attacks when you don’t have the budget or resources for everything you need to protect your organization: data feeds, tools, analysis and mitigation? Learn more in our webinar on Wednesday, March 21 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast our partners at Palo Alto Networks, represented by CSO Rick Howard, share this year’s Cyber Canon nominees. Our guest is Ted Bardusch from Usermind who talks about data-rich marketing and the GDPR.

Sponsored Events

How to Sell Your Cyber Startup's Software to Large Fortune 500 Companies (Fulton, Maryland, USA, March 15, 2018) Joe Silva, VP Cyber Threat & Intelligence at TransUnion, will share his perspective on how large Fortune 500 companies approach buying software from cyber start-ups. Early stage founders and technology innovators come to learn, network & enjoy free food & beverages.

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

The Startup Journey: From Public Service to Successful Entrepreneurship (Fulton, Maryland, USA, March 22, 2018) At this DataTribe Meetup, Will Grannis, Managing Director Google CTO Office, will discuss his professional experiences spanning across entrepreneurship, public service, and Silicon Valley. Free food & beverages will be provided.

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors (Motherboard) Security researchers announced a series of 13 vulnerabilities within AMD’s RYZEN and EPYC processors that could make some data breaches even worse.

Linus Torvalds attacks AMD security report - claims security researchers 'look like clowns' (Computing) Linus Torvalds: AMD CPU security report is garbage and the security industry a circus

Security Firm Under Fire Over Disclosure of AMD Chip Flaws (SecurityWeek) AMD is investigating claims of critical flaws in its processors, while the company that found the vulnerabilities faces backlash over its disclosure method

HotSpot Shield, PureVPN & ZenMate found leaking users real IP addresses (HackRead) According to VPN Mentor, a critical vulnerability in HotSpot Shield, PureVPN, and ZenMate is exposing IP and DNS addresses of users.

BlackTDS Emerges as an As-a-Service Drive-By Kit for Malware Distribution (Infosecurity Magazine) BlackTDS hosts components for sophisticated drive-by attacks, like social engineering and redirection to exploit kits.

New POS Malware PinkKite Takes Flight (Threatpost) Researchers shed light on a newly discovered family of point of sale malware that is extremely small in size and adept at siphoning credit card numbers from POS endpoints.

Tropic Trooper’s New Strategy (TrendLabs Security Intelligence Blog) Tropic Trooper is believed to be very organized and develop their own cyberespionage tools that they fine-tuned in their recent campaigns. Many of them now feature new behaviors, including a change in the way they maintain a foothold in the targeted network.

'One of the Biggest' Coinhive Users Made $7.69 In 3 Months (Motherboard) A comprehensive report looks at the rise of in-browser cryptocurrency mining.

How Long Does It Take Hackers To Pull Off a Massive Job Like Equifax? (Popular Mechanics) How to steal 143 million customer records without anybody noticing.

Sophisticated hacking tools now in the hands of petty cyber-criminals (SC Media UK) Sophisticated nation-state hacking tools and techniques increasingly used by criminals, fueling concerns about state-sponsored hackers gone rogue.

Businesses need to take cryptojacking seriously (ComputerWeekly.com) Organisations must pay attention to cyber criminals hijacking computing resources to mine cryptocurrencies, because nearly half are affected and the impact is greater than many realise.

Speakers can be used to jump air-gapped systems (Naked Security) Bad news for fans of air-gapped security – researchers have outlined how it could be defeated by converting speakers into ultra-sonic transceivers.

Don’t fall for Fortnite invite scams! (Naked Security) You can’t buy, like, follow, retweet or comment your way onto the highly anticipated game.

Security Patches, Mitigations, and Software Updates

SPECTRE and Meltdown To patch or not to patch?..and HOW (Guest Diary) (SANS Internet Storm Center) The revelation in January 2018 of a vulnerability affecting modern processors was seen as a catastrophe.

Meltdown and Spectre will delay patching for most organizations (Help Net Security) Complexity and challenges associated with the Spectre and Meltdown patches will result in companies delaying future patch rollouts.

Microsoft kicks off bounty program for speculative execution bugs (Help Net Security) Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities, as well as bugs that can be misused to bypass Windows and Azure Spectre and Meltdown mitigations.

Microsoft Patches Remote Code Execution Flaw in CredSSP (SecurityWeek) Vulnerability CVE-2018-0886 can be exploited by an attacker to relay user credentials to execute code on a target system and puts all applications that depend on CredSSP at risk.

GE Working on Medical Device Vulnerability (ISS Source) GE Healthcare advises users to contact its services unit for assistance in fixing or working around a use of default or hard-coded credentials in multiple

Adobe Patches Critical Code Execution Flaws in Dreamweaver, Flash (SecurityWeek) Adobe patches critical arbitrary code execution vulnerabilities in Dreamweaver and Flash Player

SAP Patches Decade-Old Flaws With March 2018 Patches (SecurityWeek) SAP's March 2018 set of security patches to address High and Medium priority vulnerabilities in its products.

Cyber Trends

77% of Orgs. Face Challenges in Responding to Incidents (IBM News Room) Latest study from the Ponemon Institute finds too many organizations don't have a response plan in place.

Big data and insurance: Implications for innovation and privacy (Help Net Security) Firms and regulators face complex trade-offs when balancing the benefits and risks of using personal data from digital sources to calculate insurance premiums.

Marketplace

Cloud Security Firm Luminate Emerges From Stealth (SecurityWeek) Luminate emerges from stealth with $14 million in funding and a platform that secures access to enterprise applications and resources in hybrid cloud environments

Critical Start to Acquire Advanced Threat Analytics (PR Newswire) Critical Start today announced a definitive agreement to acquire Advanced...

Cyber-Attack Prevention Firm Solebit Raises $11 Million (SecurityWeek) Solebit Labs has rasied $11 million in a Series A funding round, which will be used to accelerate adoption and deployment of the SoleGATE Security Platform from the new headquarters in Silicon Valley.

Circle launches a Coinbase competitor in the U.S. (TechCrunch) Circle is launching Circle Invest in the U.S. except in NY, MN, HI and WY. The app is now available in the App Store and Play Store and lets you instantly trade the most popular cryptocurrencies without any fee. Circle Invest isn’t exactly an exchange as the app hides most of the complexities…

Cryptocurrencies fall as Google announces ad ban (Ars Technica) Facebook banned ads for cryptocurrency from its ad networks in January.

Reddit Has Been Quietly Banning Cryptocurrency Ads Since 2016 (Motherboard) Google, Facebook, and Reddit have now all banned cryptocurrency and ICO advertising on their platforms.

Cryptocurrency ad bans are a step in the right direction (TechCrunch) Google just banned cryptocurrency and ICO ads, a move that follows Facebook’s decision to do the same. The language is stark: You are no longer allowed to advertise “Cryptocurrencies and related content (including but not limited to initial coin offerings, cryptocurrency exchanges, cryp…

Crypto.com is not for sale (The Verge) The domain is owned by cryptologist Matt Blaze, and he’s not impressed with your ICO

Anomali Names Ray Mabus, Former Secretary of the Navy, to its Board of Advisors (BusinessWire) Anomali, the leading provider of threat management and collaboration solutions, announced today that former Secretary of the U.S. Navy, Ray Mabus, wil

Products, Services, and Solutions

F-Secure wants to secure the aviation industry (IT Pro Portal) Security firm announces new cyber-security solution built exclusively for the aviation industry.

DigiCert Replacement of Symantec-Issued Certificates Reaches Milestone; Millions of SSL Certificates have been Issued in Anticipation of Google Chrome 66 Distrust Date (PR Newswire) DigiCert, Inc., the leading global provider of SSL and other PKI solutions...

Playboy Enterprises to Introduce Cryptocurrency Wallet for Use on its Online Platforms (PR Newswire) Playboy Enterprises, Inc. announced today that the company is developing...

Prevent bot traffic from ruining Google Analytics (Help Net Security) Distil Bot Discovery for Google Analytics is a free offering that will give website owners the ability to understand the impact of bots on their business. The service is provided by Distil Networks, a company specializing in bot detection and mitigation services. How to differentiate a human website visitor from a

New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis (Dark Reading) Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.

TypingDNA launches Chrome extension that verifies your identity based on typing (TechCrunch) TypingDNA has a new approach to verifying your identity based on how you type. The startup, which is part of the current class at Techstars NYC, is pitching this as an alternative to two-factor authentication — namely, the security feature that sends unique codes to a separate device (usually your …

Technologies, Techniques, and Standards

The PCI SSC QIR program is changing to help merchants reduce risk (Help Net Security) The PCI SSC QIR program offers specialized data security training and certification to individuals that install, configure and/or support payment systems.

'Be prepared' – supply chain players must learn from the Petya attack (The Loadstar) Partners in container supply chains need to develop contingency plans, in the near-certainty that the industry will be hit by another cyber-attack.

Is GDPR a Tax or an Incentive? (Infosecurity Magazine) The common perception is that security and compliance activities reduce profit margins.

The Value of Threat Intelligence is Clear, But Are You Capturing It All? (SecurityWeek) As you create your threat intelligence program, make sure you take relevance into account when analyzing threat data and you’ll be well on your way to capturing the full value of threat intelligence.

What is security’s role in digital transformation? (CSO Online) Digital transformation is front of mind for many senior executives, but too often security is left behind.

Segmentation: The Neglected (Yet Essential) Control (Dark Reading) Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.

Supporting a Back-to-Basics Approach with Cyber Threat Intelligence (Infosecurity Magazine) Threat intelligence can be an invaluable early warning system in helping to identify and block potential threats before they escalate and become problems.

Modernizing Cyber Operations with Machine Intelligence (Booz Allen Hamilton) Discover how you can use machines to improve threat detection, hunting, and analysis.

Design and Innovation

Sierra Leone just ran the first blockchain-based election (TechCrunch) The citizens of Sierra Leone went to the polls on March 7 but this time something was different: the country recorded votes at 70% of the polling to the blockchain using a technology that is the first of its kind in actual practice. The tech, created by Leonardo Gammar of Agora, anonymously stored …

Research and Development

Artificial Intelligence Is Not the Right Tool for Everything, Top Army Scientist Says (Nextgov.com) AI isn’t always the right fix for every problem, experts warned.

Artificial Intelligence: Seduction Vs. Reality (Forbes) All the marketing behind artificial intelligence today reminds me of the push for the cloud (never worry about infrastructure maintenance again!) and big data (kiss concerns about structuring your data goodbye!) just a couple years ago.

Academia

MU to host digital forensics Cyber Day for high school students (The Herald-Dispatch) Marshall University is seeking local high school students interested in learning more about the world of cybercrime, digital forensics and cyber security. The university's Digital Forensics and Information

Legislation, Policy, and Regulation

Russian press slams UK, West in nerve agent attack coverage (Deutsche Welle) Kremlin-friendly takes are numerous and easy to find in the Russian press response to the UK nerve agent attack on Sergej Skripal. But as Miodrag Soric reports from Moscow, there are some critical voices in the country.

Russia to expel British diplomats ‘soon’ (Times) The Russian foreign minister confirmed this morning that Moscow will retaliate against the expulsion of 23 of its diplomats from Britain. Sergei Lavrov said the UK position, blaming the poisoning...

Russia demands access to British probe of nerve agent attack, vows to retaliate for any sanctions (Washington Post) The Russian foreign minister said there would be no official explanation in response to British claims of a “highly likely” Moscow link to last week’s poisoning.

Russia responds with veiled nuclear, death threats to UK nerve agent attack (Business Insider) Russian foreign ministry spokesman warned the UK not to threaten nuclear powers.

The Latest: Russian Suspect in Litvinenko Case Blasts UK (US News and World Report) One of the Russian suspects in the fatal radiation poisoning in London of former Russian security officer Alexander Litvinenko says Britain's statements about the Sergei Skripal poisoning case suggest that it was a provocation.

Jeremy Corbyn’s front bench angry over his refusal to condemn Moscow (TImes) Labour frontbenchers expressed fury yesterday after Jeremy Corbyn refused to blame the Kremlin for the nerve agent attack in Salisbury. The Labour leader faced criticism from all sides of the House...

UK calls for ‘urgent’ UN Security Council meeting over nerve gas attack (Financial Times) Brussels prepared to put issue on next week’s EU summit

Nikki Haley tells U.N. Russia responsible for chemical attack (NBC News) U.S. Ambassador to the United Nations Nikki Haley said on Wednesday the United States believes Russia is responsible for a chemical attack in Britain on a former Russia double agent and his daughter, and the U.N. Security Council should take action.

German minister: UK nerve agent attack a 'serious violation' of international agreements (Deutsche Welle) Germany's defense minister has vowed 'consequences' over a nerve agent attack on ex-spy Sergei Skripal that the UK blames on Russia. She also tied the attack to the use of chemical weapons in Syria.

French President Emmanuel Macron will announce new measures against Russia after UK nerve agent attack (The Independent) Emmanuel Macron has said he will unveil measures against Russia in response to the poisoning of the former spy Sergei Skripal on British soil in the coming days. The French president spoke with Theresa May on the phone on Thursday morning about “progress of the investigation” in the nerve agent attack, which the British Government says was carried out by Russia.

France's position on the Salisbury nerve agent attack explained (The Independent) France’s response to the poisoning of Sergei Skripal and Yulia Skripal has differed from that of Britain’s other allies: where the US, Nato and EU have lined up back Theresa May’s version of events, Emmanuel Macron’s government has been more careful.

I Knew the Cold War. This Is No Cold War. (Foreign Policy) Everyone's favorite historical analogy makes for disastrous foreign policy today.

Sweden’s plan to deter a Russian digital attack (Fifth Domain) Sweden plans to tap its private cybersecurity industry to help prepare for a potential attack from Russia.

Cyber needs change quickly, cyber policies have not (Fifth Domain) As the cyberspace domain continues to evolve, how should the authorities that govern cyber operations also change?

Negotiations With North Korea May Have Cyber Consequences (38 North) As unprecedented talks between the US and North Korean leaders promise to unfold in the next few months, the US…

How Europe's New Internet Laws Threaten Freedom of Expression (Foreign Affairs) At every level, Europeans are moving to impose restrictions on the expression that Internet companies can permit on their platforms.

House Proposal Targets Confucius Institutes as Foreign Agents (Foreign Policy) The draft bill is the first legislative attempt to push back against the Chinese state-run programs.

Everything You Need to Know About the Congressional Cryptocurrency Hearing (Motherboard) Topics ranged from regulation for cryptocurrencies and ICOs to white nationalist extremism.

Threshold for triggering TRIA cyber coverage high (Business Insurance) The inclusion of cyber attacks in Terrorism Risk Insurance Act coverage could be an additional benefit to covering cyber risk in a captive, but owners should be aware that there are numerous unknowns in triggering TRIA coverage.

Florida Could Start a Criminal-Justice Data Revolution (WIRED) A newly passed bill in the Florida Legislature would bring unprecedented levels of transparency to the criminal justice system.

California Net Neutrality Bill Would Go Beyond Original Protections (WIRED) Proposal from state senator would ban "zero rating" deals where specific services don't count against data caps.

Litigation, Investigation, and Law Enforcement

Equifax exec charged with insider trading, selling shares ahead of hack news (TechCrunch) Former Equifax exec Jun Ying has been charged with insider trading, according to the Securities and Exchange Commission. Ying is accused of knowing that Equifax had been hacked and selling company shares before the public was notified. Ying, who was “next in line to the be company’s glo…

Former Equifax Executive Charged With Insider Trading (U.S. Securities and Exchange Commission) The Securities and Exchange Commission today charged a former chief information officer of a U.S. business unit of Equifax with insider trading in advance of the company’s September 2017 announcement about a massive data breach that exposed the social security numbers and other personal information of about 148 million U.S. customers.

How to Interpret the SEC's Latest Guidance on Data Breach Disclosure (Dark Reading) Forward-looking organizations should view this as an opportunity to reevaluate their cybersecurity posture and install best practices that should have already been in place.

U.S. Energy Firm Fined $2.7 Million Over Data Security Incident (SecurityWeek) An unnamed energy firm in the U.S. has been fined $2.7 million over a data security incident that exposed critical cyber assets

Parents of Murdered DNC Staffer Seth Rich Sue Fox News Over Pulled WikiLeaks Story (New York Law Journal) The parents allege the company’s publication of the initial story—which was later retracted but not before fueling an online conspiracy theory—made them “collateral damage in a political war to which they are innocent bystanders.”

Gowdy breaks from GOP committee, says Russia worked to undermine Clinton (POLITICO) Move puts him at odds with his own party

Andrew McCabe, a Symbol of Trump’s F.B.I. Ire, Faces Possible Firing (New York Times) Mr. McCabe faces accusations that he was not forthcoming about F.B.I. media contacts. Attorney General Jeff Sessions is reviewing a recommendation that he be fired, just days before his retirement.

The Real Collusion Story (National Review) Is the Trump-Russia collusion narrative collapsing?

Hackers allegedly steal confidential reports from Police server (HackRead) Hackers stole hundreds of filed reports using a security flaw in an online tool used by the police but they did not inform the victims.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Register for DataTribe's Meetup on 3.15.18
Billington International Cybersecurity Summit, March 21, Washington, D.C.
Cyber Security Summit - CYBERWIRE50
Register for DataTribe's Meetup on 3.22
Third Annual Cyber Investing Summit 5/15/18

Newly Noted Events

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn how to better save the world from cyber destruction! At Detect '18 you will be able to: immerse yourself in 30+ hours of education and training; chooose from 30+ breakout sessions designed for every experience level; listen to peer presentations highlighting real-world issues and solutions; network, network, network with your peers in a social setting; and earn CPE Credits to keep your credential current.

Upcoming Events

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

KNOW Identity Conference 2018 (Washington, DC, USA, March 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the world’s most influential organizations and smartest minds across industries to shape the future of identity.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - November 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in source articles are those of the authors, not the CyberWire, Inc.