The CyberWire Daily Briefing 02.18.15

Summary

By The CyberWire Staff

More reactions to Kaspersky's description of "threat actor" Equation Group appear. Journalistic speculation (especially but far from exclusively in Russian media, which display some triumphalism about Kaspersky's Russian roots, and quote SVR's and FSB's placid assurances of immunity to cyberespionage) equates Equation Group to NSA, although Kaspersky Lab itself declines to offer any attribution. Symantec offers its opinion that Equation Group is clearly a state actor. Consensus holds that the actor is very sophisticated and well resourced.

Targets are said to have been found in thirty countries, with a handful of middle-eastern nations apparently on an exempt list. Infection vectors include Web-based exploits, a worm ("Fanny"), compromised physical media (including CD-ROMs and USB dongles), and compromised hard drive firmware.

Kaspersky discerns signs of Equation Group activity as far back as 2001, possibly as long ago as 1996. Its target set suggests traditional espionage as opposed to economically motivated spying.

Some accounts suggest the group had tools capable of overcoming air gaps. War on the Rocks publishes a piece on the "third offset" — convergence of cyber operations with more traditional electronic attack.

Kaspersky's Cancun séances also describe another threat actor: "Desert Falcon." Reported to be an Arab group — perhaps a mercenary one — it displays a growing MENA-based cyber attack capability.

As the US State Department tries anti-ISIS messaging, Yahoo News looks at the aspiring caliphate's information operations.

Researchers believe they've found a smoking typo tying the Sony hack to North Korea.

Banks continue Carbanak recovery. The Vawtrak Trojan acquires malicious macros.

Notes.

Today's issue includes events affecting Algeria, Afghanistan, Australia, Bangladesh, Belgium, Brazil, Bulgaria, Cambodia, Cameroon, Canada, China, Czech Republic, Denmark, Ecuador, Egypt, France, Germany, Iceland, India, Indonesia, Iran, Iraq, Israel, Kazakhstan, Kenya, Democratic Peoples Republic of Korea, Kuwait, Lebanon, Libya, Malaysia, Mali, Mauritius, Mexico, Morocco, Nepal, Netherlands, Nigeria, Norway, Pakistan, Palestinian Territories, Philippines, Poland, Qatar, Singapore, Somalia, South Africa, Spain, Sudan, Switzerland, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States, Vietnam, Yemen and Zambia

Selected Reading

Cyber Trends

What's critical to the success of the Internet of Things? (Help Net Security) Managing identities and access is critical to the success of the Internet of Things (IoT), but in its current form identity and access management (IAM) cannot provide the scale or manage the complexity that the IoT brings to the enterprise, according to Gartner

Top 10 U.S. Privacy Developments of 2014 (National Law Review) Data Breaches: Studies show increase

Legislation, Policy and Regulation

Nine Takeaways From the White House Cyber-security Summit (eWeek) In May 2009, newly elected President Barack Obama — who was burning the midnight oil trying to revive a very sick U.S. economy — declared that cyber-security was going to be a national security priority within his administration

The Paradox of Today's Internet and Cyber-security (eWeek) There is no need to create a surveillance state for the Internet to prosper, but sharing information is necessary and there is key role that government plays

The U.S. government's cyber-go-round (The Hill) Official Washington?s response to perceived major crises generally follows a pattern: a serious security threat is proclaimed that requires vast new resources and legal authorities to defeat. A ?czar? may be appointed to help coordinate the federal response, or even an entirely new military command will be established to meet the challenge. When those efforts fail, a reorganization of the national security apparatus will be the next proposed step. The end result is usually more bureaucratic and policy failure

Will Companies Voluntarily Share Data Regarding Cyber Security at the President's Request? (JDSupra) On Friday February 13, 2015, President Obama spoke at the White House Summit on Cybersecurity and Consumer Protection at Stanford University. After his address, President Obama signed an executive order, Promoting Private Sector Cybersecurity Information Sharing, that will encourage private companies to share information regarding cyber security with the U.S. government. The executive order does not require private corporations to cooperate with the U.S. government in any affirmative manner. In addition, the executive order directs the U.S. Department of Homeland Security to develop voluntary standards related to cyber security

A "Cyber" Study of the U.S. National Security Strategy Reports (Tripwire: the State of Securiy) In early February, the White House released its 2015 National Security Strategy (NSS). Each NSS report is symbolic to the extent that it reveals the security issues the acting U.S. president intends to focus on for the coming months and years. While not constituting "hard," actionable strategies, these documents help to articulate the future security foci of the United States

American Cyber Espionage is Acceptable and Needed (Final Approach) Since the massive leaks in 2013 by former National Security Agency (NSA) contractor Edward Snowden, the media has relentlessly covered American cyber espionage. Many, particularly foreign nations, decry the NSA's widespread collection of data and communications, but these and other activities conducted by American actors in the cyber arena are critical to the United States' survival

Betty Sapp, NRO Director, Elected to Wash100 for Intell Operations Leadership (GovConExec) Executive Mosaic is honored to introduce Betty Sapp, director of the National Reconnaissance Office, as the newest inductee into the Wash 100 — a group of influential leaders in the government contracting arena

Products, Services, and Solutions

David DeWalt: FireEye?s Threat Intell Sharing Initiative Eyes Cyber Automation, Customization (Executive Biz) FireEye has unveiled its Global Threat Intelligence Sharing initiative to help customers exchange threat intelligence with community members such as industry partners and establish a unified cyber defense effort

Benefits of the Cisco OpenSOC security analytics framework (TechTarget) Cisco's open source security analytics framework aims to help enterprises address visibility and incident management challenges. Expert Kevin Beaver discusses OpenSOC and what to consider when integrating it into an enterprise security strategy

Why Retailers and SMBs Should Use a Managed Firewall Service (Virtual Strategy Magazine) eMazzanti explains the benefits of remotely managed data security solutions

Technologies, Techniques, and Standards

Hygiene, Honey Pots, Espionage: 3 Approaches To Defying Hackers (Idea Stream) The hack of insurer Anthem is one in a string of costly cyberattacks worldwide. In Silicon Valley and beyond, startups are taking very different approaches to helping companies outsmart the attackers

Hackers' Op-Sec Failures Important Clues to Uncover APT Gangs (Threatpost) Sophistication, resourcefulness and ingenuity are characteristics usually associated with state-sponsored espionage hacker groups. But they?re certainly not infallible

Encryption and Silence Can Be Targets' Best Assets (Threatpost) Things are getting real these days for executives, researchers, journalists and others involved in the security community. Targeted surveillance is a reality for many in the community, and researchers and activists are trying now to help them assess and address that threat to their privacy and security

Cyberespionage: You're Not Paranoid, Someone Is Spying on Your Company (Dark Reading) It's time for all of your counter-espionage tools to work together

Marketplace

As Cyber Threats Grow, Volume Soars in Cyber Security ETF (ETF Trends) The PureFunds ISE Cyber Security ETF (NYSEArca: HACK) continues to cement its status as a legitimate event-driven exchange traded fund

Palo Alto Networks: Well-Positioned For Growth (Seeking Alpha) With the pervasive threat and increasing severity of cyberattacks, the cybersecurity industry should see huge growth moving forward. Palo Alto Networks has become in a standout in the privatized cybersecurity space through its sophisticated firewall capabilities and new innovative security products

FEYE, CYBR, IMPV, KEYW rally after banking hack, Cramer remarks (Seeking Alpha) Kaspersky Labs uncovered an international hacking ring that (using sophisticated malware) has stolen up to $1B from 100+ banks in 30 countries. The scheme goes back to 2013, with the attackers coming from China and Europe

Jim Cramer's Stop Trading: CyberArk, FireEye in Security Sweet Spot (The Street) On CNBC's "Cramer's Stop Trading" segment, Jim Cramer said the cybersecurity and software-security group will continue rising because computer security is so important

Cyber City versus the hack attackers: how London can take charge of the cyber security scene (London Evening Standard) We will fight them on the breaches: as $1 billion is stolen from 100 banks in 30 countries globally, James Ashton reports on the London security start-ups leading the world in the war against massive financial data heists

Cyber-security merger (Winnipeg Free Press) The Winnipeg-based cyber-security firm Seccuris is merging with Montreal-based Above Security to form the largest firm of its type in Canada

CensorNet looks to 'cause pain' to Websense and Trustwave (CRN) Newly acquired content security vendor on hunt for more partners as it slams opposition

Cybersecurity company Co3 Systems rebrands as Resilient Systems (BetaBoston) Internet security company Co3 Systems announced today that it is rebranding as Resilient Systems. The company, which focuses on helping organizations react to security incidents, claims to protect companies from data breaches and other potentially harmful cyber attacks

WatchGuard Lays Off its India Team (Computerworld) Security solutions vendor WatchGuard has laid off its entire India team. As part of a renewed strategy the company has recruited Round Robin as its new master distributor

Leidos Wins 15th Nunn-Perry Award for Mentor-Protege Excellence (PRNewswire) Leidos (NYSE: LDOS) announced today that it received the U.S. Department of Defense (DoD) Nunn-Perry Award for mentor-protege excellence. This is the 15th time Leidos has been selected to receive a Nunn-Perry Award, which is named in honor of former Sen. Sam Nunn and former Secretary of Defense William Perry. The award recognizes outstanding mentor-protege teams formed under the DoD's Mentor-Protege program

Horacio Rozanski, Booz Allen CEO, Chosen to Wash100 for Consulting and Industry Teamwork Leadership (GovConExec) Executive Mosaic is honored to introduce Horacio Rozanski, chief executive officer of Booz Allen Hamilton, as the newest inductee into the Wash100 — a group of influential leaders in the government contracting arena

White Ops Appoints Gian Lombardi as Chief Revenue Officer (Sys-Con Media) White Ops, a pioneer in online fraud detection, today announced that Gian Lombardi has joined the company as Chief Revenue Officer

Cyber Attacks, Threats, and Vulnerabilities

Equation Group: Questions and Answers (Kaspersky Lab) The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. The Equation group uses multiple malware platforms, some of which surpass the well-known "Regin" threat in complexity and sophistication. The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen

Equation: The Death Star of Malware Galaxy (Securelist) One sunny day in 2009, Grzegorz Brzeczyszczykiewicz embarked on a flight to the burgeoning city of Houston to attend a prestigious international scientific conference. As a leading scientist in his field, such trips were common for Grzegorz

A Fanny Equation: "I am your father, Stuxnet" (Securelist) At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various parts of Stuxnet, such as the zero-days used in the attack

Fanny superworm likely the precursor to Stuxnet (CIO) The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet

Equation Group: Meet the NSA 'gods of cyber espionage' (International Business Times) Over the last couple of years we have been hearing about ever more sophisticated pieces of malware. From Stuxnet and Flame to Gauss and most recently Regin, all have shown increasing levels of technical prowess and all have been linked in some way with the US government

Kaspersky Lab Unveils 'Equation': the Grand Daddy of APT Groups (Infosecurity Magazine) Kaspersky Lab has uncovered what appears to be one of the most sophisticated cyber-attack groups in history — in operation for at least 14 years and which even had access to some of the exploits used in the Stuxnet and Flame campaigns

Your hard drives were RIDDLED with NSA SPYWARE for YEARS (Register) Kaspersky: 'Equation Group' attacked 'high value targets'

Equation cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia (CSO) The group's attack on hard-drive firmware is said to be one of the most advanced ever discovered

Password cracking experts decipher elusive Equation Group crypto hash (Ars Technica) Mystery solved after crackers find Arabic word that dogged Kaspersky for weeks

Russian researchers expose breakthrough U.S. spying program (Reuters) The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives

Russia's Kaspersky Lab Exposes U.S. Cyber Espionage Program (Moscow Times) Russia's intelligence services are not concerned by the discovery of an advanced cyber-espionage ring discovered by the Moscow-based security software maker Kaspersky Lab, state news agency RIA Novosti reported Tuesday, citing an intelligence official

Symantec Calls Equation Group's Cyber Attacks State-Sponsored Espionage (Sputnik News) Security analyst with Symantec Corporation said that the spyware of the recently uncovered hackers known as Equation Group is state-sponsored espionage

"How do I stop this virus?" Equation Group victim pleaded for online help (Ars Technica) Little did dkk know, s/he was wrestling with same 0-day that hit Stuxnet victims

Bridging the Air Gap: the Coming "Third Offset" (War on the Rocks) Consider yourself warned: other militaries appear to be developing an unsettling attack capability with game-changing consequences for America's ability to project military might abroad. This platform does not take the form of a precision-guided munition or a next-generation fighter aircraft. It is also not a cyber-attack in the traditional sense, over Internet connections and terrestrial wires

Vawtrack malware peddlers turn to malicious macros (Help Net Security) Cybercriminals spreading new versions of the Vawtrak banking Trojan are the latest ones to use the once again popular macro-based attack

Hackers steal directly from banks in 'new era' of cyber crime (USA TODAY) An international band of cyber crooks that worked its way into dozens of banks has experts warning of a "new era" of cyber crime where criminals steal directly from banks instead of their customers

Carbanak cyber bank raids prove human stupidity trumps any firewall (V3) The success of the Carbanak malware used to steal over $1bn from 100 banks in more than 30 regions across the world proves the need for better cyber security employee awareness, according to researchers

Hack highlights holes in cyber security (Asset Servicing Times) A string of cyber attacks that saw about $1 billion stolen from banks affected 100 banks, e-payment systems and other organisations in a two-year period, according to an investigation led by Kaspersky Lab

How safe are you and your bank from cyber-attack? (Guardian) We look at the implications for your cash and personal data if your bank succumbs to a cyber-attack

Arabic Threat Group Attacking Thousands of Victims Globally (SecurityWeek) Threat actors with Arabic roots are targeting multiple high profile organizations and individuals from Middle Eastern countries, according to a new report from Kaspersky Lab

Researchers uncover Arabic-speaking international cyber mercenary group (ComputerWeekly) A cyber espionage group is targeting thousands of high-profile organisations and individuals in the Middle East and around the globe, according to researchers at security firm Kaspersky Lab

The Desert Falcons targeted attacks (Securelist) The Desert Falcons are a new group of Cyber Mercenaries operating in the Middle East and carrying out Cyber Espionage across that region. The group uses an arsenal of homemade malware tools and techniques to execute and conceal its campaigns on PC and Mobile OS

APT Groups Emerging in Middle East (Threatpost) Since security researchers and vendors began exposing the inner workings of APT groups a few years ago, virtually all of the operations that have been made public have been the work of attackers in Europe, Asia or North America. But recently, groups in the Middle East have joined the game as well

Terror Inc.: How the Islamic State became a branding behemoth (Yahoo News) With Vines, tweets, and listicles, IS spreads its hateful message. Can the West find a way to fight back?

Code typo helps tie North Korea to the Sony hack (Computerworld) A security firm says code used against Sony has similarities to other malware linked to North Korea

How a single email can badly break your Android Gmail app (Graham Cluley) Security researcher Hector Marco has uncovered an interesting attack that can be launched against users of some versions of the Gmail for Android app

Beware of fake Windows 10 "activators" (Help Net Security) The considerable interest users have shown for testing Microsoft's Windows 10 Technical Preview version has not passed unnoticed by cyber scammers and malware peddlers

Flaw in Netgear Wi-Fi routers exposes admin password, WLAN details (Help Net Security) A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins

Bio-Hacking? It's Here To Stay, Says Kaspersky Labs (TechWeekEurope) Wannabe cyborgs received a boost today following the news that implants allowing us to 'upgrade' our bodies now have a major new backer

Scammers using obituary notices to acquire new victims (CSO) Family and friends of high-profile individuals seen as easy marks

Global data breaches hit 1,500 last year, public disclosures reveal (Techworld via CSO) After a bad 2013, the number of disclosed global data breaches rose by another 50 percent last year to reach 1,500, according to Gemalto's Breach Level Index (BLI) based on publically-disclosed incidents

Academia

Army Reserve partnership aims to grow cyber warriors (Army Times) The Army Reserve has partnered with universities and private companies across the country to recruit and grow cyber security professionals

Litigation, Investigation, and Enforcement

Russian Citizen Charged With Cyber Theft in US Pleads Not Guilty (Sputnik News) US Department of Justice announced that the Russian national Vladimir Drinkman, charged in the United States for data theft through cyberattacks, pleaded not guilty

Did GCHQ illegally spy on you? Here's how to find out (We Live Security) Want to know if UK intelligence agency GCHQ has been covertly spying on you? Now here's your chance

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Boston SecureWorld (Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Among the speakers are several leading figures in cyber law enforcement

TakeDownCon: Capital Region 2015 (East Hyattsville, Maryland, USA, June 1 - 2, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry?s most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks

upcoming Events

Cyber Risk Wednesday: Breaking the Cyber Information-Sharing Logjam (Washington, DC, USA, February 18, 2015) A moderated discussion on challenges and solutions for information-sharing, the Administration's recent proposals for better practices between the private sector and government, and goal-directed approaches to sharing. The event will be accompanied by the release of a report, supported by CISCO, which examines the challenges of information-sharing, the Administration's emerging proposals, along with solutions to breaking the current logjam

Cyber Framework and Critical Infrastructure: A Look Back at Year One (Washington, DC, USA, February 19, 2015) Last February, the Obama administration rolled out the nation's first cybersecurity standards to protect critical infrastructure. One year later, Dr. Phyllis Schneck, the Department of Homeland Security leader responsible for helping institutions implement the new standard, will reflect on how the nation has improved its protection of critical infrastructure over the last year. We'll discuss the effectiveness of the standard so far, whether security protections are strong enough, and if incentives are attractive enough to induce companies to take on the new standard

DEFCON &#124 OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon &#124 OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading awareness regarding the field of Information Security and OWASP Lucknow is a chapter of OWASP Community

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments

Cybersecurity for a New America: Big Ideas and New Voices (Washington, DC, USA, February 23, 2015) In addition to featuring keynote remarks by Admiral Mike Rogers, Director of the National Security Agency, this event will convene experts and practitioners from the public and private sector, military, media, academia, non-governmental and intergovernmental organizations for a series of discussion panels and first person "pop-up" style speeches on the wide range of cybersecurity issues that are affecting and infecting everything from personal devices and corporate networks to national defense and international affairs. The focus of the event will be to push past the status quo and instead explore the next generation of challenges, as well as highlight bold, new ideas to face them. CNN is the event's media partner and will provide a live-stream of the event

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in IT/cybersecurity who would benefit from business mentorship and hands-on practical work experience? If you said yes to either question please join us at the upcoming CyberWorks information session to learn how you can benefit from this innovative program. CyberWorks is an industry-led, workforce development program designed to help Maryland companies fill their cybersecurity needs with qualified candidates, while simultaneously helping individuals start careers and improve Maryland's economy

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals together to discuss security and connected devices. Purpose: Convene the leading industry, government, and academia leaders. Chief Objective: Influence professionals from the most innovative and influential organizations in the world will meet to unravel the relationship between the connected society and cybersecurity

The Future of Cybersecurity Innovation (Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight these battles hunkered over computers, working with strings of code — a laborious process that requires advanced engineering skills. That's why the Pentagon's advanced research arm, the Defense Advanced Research Projects Agency (DARPA), is building a system to give the military instantaneous knowledge of network attacks by displaying them in real-time with rich graphics and 3-D visualizations

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)

2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers and other risk professionals. An expert faculty comprised of leading security, regulatory, risk management, and cyber insurance authorities will provide their insights into the critical privacy, network security and insurance coverage now issues facing organizations and their insurers, with an emphasis on the business, technology and regulatory factors that make California and the West Coast unique

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates. Presented by Scott FitzPatrick of Norse

Mercury Proposers' Day Conference (IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of the program

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security Summit MENA — a highly interactive experience sharing platform for top experts from banks, insurance companies, monetary organizations and government institutions, accountancy companies, consumer finance, investment funds, stock brokerages and more

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, March 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown and undisclosed software vulnerabilities ("zero days"). Drawing from a real-world case study, Dr. Ellis investigates the tension between the development of offensive cyber capabilities and cybersecurity. The discussion considers different approaches to disclosing newly discovered vulnerabilities and highlights the key roles that government and industry can play in promoting enhanced cybersecurity

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.