The CyberWire Daily Briefing 02.26.15

Summary

By The CyberWire Staff

Those who noticed a US Congressman's call to kick ISIS off Twitter will be interested to see Recorded Future's analysis of the Islamic State's dramatically increased presence in the social medium: 250% more twittering per day in February 2015 than December 2014. The growth lies in Arabic-language tweets; it's not significantly attributable to bot traffic.

Lenovo's bad week continues with reputational damage unabated. Some brief, script-kiddiesque vandalism affects the company's website. (Krebs reports the vandalism, like last week's attack on Google's Vietnam service, may have been enabled by seizure of Malaysian registrar Webnic.)

Customers of for-profit companies like Anthem aren't the only ones who need to worry about becoming collateral damage in a data breech. The Urban Institute reports that its National Center for Charitable Statistics (NCCS) network has been compromised, with information from some 700,000 charities exposed.

Telegram disputes Zimperium's claim that Telegram's secure messaging application fails to protect content in memory.

Attackers are exploiting a vulnerable Google Maps extension to launch denial-of-service attacks from Joomla servers.

Onapsis reports finding five SAP vulnerabilities.

Mobile spyware remains an unresolved threat to corporate networks. Developers aren't fixing vulnerabilities quickly enough — these typically persist for months — and mistrust of smartphone security in particular is proving a drag on the mobile economy.

As the US Congress mulls cyber legislation, industry mulls the probably consequences of the President's recent Executive Order. Regulators also begin to move: the US FCC seems about to pass net neutrality; New York is likely to tighten financial cyber oversight.

Notes.

Today's issue includes events affecting China, European Union, Germany, Israel, Italy, Netherlands, New Zealand, Palestinian Territories, United Arab Emirates, United Kingdom, United States and Uzbekistan

Selected Reading

Cyber Trends

Mobile Apps Remain Vulnerable For Months (InformationWeek) Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy

People don't trust smartphone security — and that's choking the mobile economy (TechRadar) Security fears are diminishing consumer trust

Fewer Enterprises Able To Detect Hacks on Their Own (Sci-Tech Today) The nature of cybersecurity threats continued to evolve in 2014, with attackers using an array of tricks to evade detection, according to FireEye's latest "M-Trends" report. Released Tuesday, the annual report details the cyber-threats uncovered over the past year by FireEye's information security company Mandiant

Addressing cybersecurity business disruption attacks (Help Net Security) Although the frequency of a cybersecurity attack on a large scale is low, by 2018, 40 percent of large enterprises will have formal plans to address aggressive cybersecurity business disruption attacks, up from zero percent in 2015, according to Gartner

Sandia faces 1.5 billion "cyber events" every day (Albuquerque Journal) Cyberwarfare is not a thing of the future, but a pervasive battle that's well under way and growing at an alarming rate, according to John Zepper, Sandia National Laboratories? director of computer and networking services

Kiwi firms wake up to prolific security threats following Sony breach (Computerworld) Prolific cyber attacks against Sony capped off one of the biggest years on record for cyber security, as Kiwi organisations recognise the need to protect against data breaches in 2015

Legislation, Policy and Regulation

China's military still struggling with its cyber and electronic warfare capabilities, new RAND report says (FierceGovernmentIT) While China's military has made great strides over the last two decades to modernize itself, struggles still persist in several areas including its cyber and electronic warfare capabilities, according to a new study from RAND Corp

China's Incomplete Military Transformation: Assessing the Weaknesses of the People's Liberation Army (PLA) (RAND) Since the mid-1990s, the People's Republic of China has invested enormous resources in developing the People's Liberation Army (PLA) into a modern force that can secure various national interests both at home and now increasingly abroad

China narrows definition of terrorism in draft law by deleting 'thoughts' from list of liable offences (South China Morning Post) Official says deletion was ?for the sake of accuracy and applicability', but the ocument, now undergoing a review, still retains reference to ?speeches' that are liable for terrorism offences

Tough Talk From European Commissioner About U.S. Tech Companies (New York Times) American tech companies have long suspected that Europe is out to get them. They might be right

Homeland Security official: Shutdown would hurt cyber defenses (The Hill) A top Homeland Security Department (DHS) cybersecurity official on Wednesday painted a bleak picture of the agency?s cyber efforts under a shutdown

Cyber Collaboration in Government Still a Work in Progress (Nextgov) Amid the onslaught of cyberthreats faced by federal agencies, the potential for an even larger and more sustained catastrophic version of a digital attack has become an increasingly real possibility

DHS: New cyber threat center is not strictly about cyber (Federal News Radio) The Obama administration's plan to create a new Cyber Threat Intelligence Center would mean the government would put its collective knowledge about current cyber threats at any given time into one place. But the Department of Homeland Security sees the CTIC as serving two more purposes: Integrating cyber threat data with more old-fashioned intelligence sources, and declassifying the end-product so it can be shared outside the intelligence community

Privacy and cybersecurity get political legs (Brookings) When I joined the Obama administration five years ago, I set out with like-minded colleagues at the Commerce Department to tackle key issues for the digital economy and protect the ecology of the Internet. At the top of the agenda were cybersecurity and consumer privacy

Influencers: Obama's info-sharing plan won't significantly reduce security breaches (Christian Science Monitor: Passcode) Even if it passes Congress, 87 percent of Passcode's Influencers say President Obama's push for more information sharing between the government and the private sector will not significantly reduce security breaches

Competing cyber info-sharing plans in spotlight on Capitol Hill (Inside Cybersecurity) Two Department of Homeland Security officials will testify today on President Obama's legislative proposal on cybersecurity information sharing, but the stars of the House hearing could be two other cyber bills that have yet to be introduced

Tougher Internet rules to hit cable, telecoms companies (Reuters) U.S. regulators are poised to impose the toughest rules yet on Internet service providers, aiming to ensure fair treatment of all web traffic through their networks

Regulator warns of 'Armageddon' cyber attack on banks (USA TODAY) A New York financial regulator said he is considering new rules to protect against "an Armageddon-type" cyber attack that would devastate U.S. financial markets

Uzbekistan launches 'morality' crackdown on Internet cafes (World News Report) Authorities in Uzbekistan tightened control over Internet cafes in the capital Tashkent on Wednesday in a bid to stem the impact of "violent and immoral" web content and video games on children. A municipal resolution obliges the popular hangouts to close at 9 pm and bans children in the city of over two million from visiting the cafes during school hours

Products, Services, and Solutions

Google steps up its BYOD game; looks to secure more than a billion mobile devices (CSO) Today's security enhancement is brought to you by the word fragmentation and the number 1 billion

Bitdefender sells antivirus for your fridge in a box (Australian) Virus busting firm Bitdefender is about to sell Australians a little white box designed to stop your internet-connected fridge from being hacked

Blue Coat Systems and Prelert Partner to Provide Anomaly Detection in Security Solutions (BusinessWire) Advanced machine learning analytics enhance security solutions by automatically identifying known and unknown threats

KoolSpan encrypting voice comms for secure channel (Electronics Weekly) Secure communications provider KoolSpan is using Intercede?s MyTAM to enable government-grade protection of voice calls from malware and third parties

How safe are Android-based children?s tablets? (Help Net Security) Looking for an Android-based tablet for your child but don't know which one to choose?

Technologies, Techniques, and Standards

Customers Aren't the Only Victims: 5 Stages Of Data Breach Grief (Dark Reading) What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims

Just when you thought you had a handle on PCI DSS 3.0 (Dell TechPageOne) As reported last month, merchants who accept credit card transactions, and those who aim to keep that data safe, saw version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) come into effect on January 1

Cybersecurity: How health execs handle growing privacy threat [Special Report] (FierceHealthIT) Cybersecurity in healthcare is easier said than done, something both Franklin, Tennessee-based provider Community Health Systems and Anthem, the nation's second-largest health insurer, know all too well. In 2014, CHS — which operates 206 hospitals in 29 states--fell victim to hackers, compromising personal information for 4.5 million patients

Opinion: What cybersecurity pros can learn from 'Ocean's Eleven' (Christian Science Monitor: Passcode) In the movie 'Ocean's Eleven,' cunning crooks outwitted an elaborate defense system. The same dynamic plays out on the digital front. That's why cybersecurity requires strong threat deterrence and not just stronger locks and taller fences

Leave Your Laptop in Your Car and 9 More Ways to Mess with Your CISO (CIO) In a perfect world, employees would have excellent cybersecurity habits and never put the company?s network or data at risk

Marketplace

Companies expects others to protect them against DDoS attacks (Help Net Security) One in five businesses surveyed believe that their online services should be protected against DDoS attacks by their IT service providers (in particular, network providers). However, this responsibility often falls on the shoulders of companies that come under attack, according to Kaspersky Lab

Meet the world's hottest 500 security vendors (CRN) New list, topped by FireEye, Moka5 and AlienVault, claims to rank vendors based on subjective factors such as CISO feedback

Symantec's Renaissance Is On The Way (Seeking Alpha) Strong Buy rating with $35/sh one-year target price. Turnaround assets along with improving return on capital from FY14. Decoupling first time between EVA improvements and stock performance in 2014. Deeply undervalued with tremendous upside catalysts

IT Firm iNovex Acquires Mercury Systems' Intell Analytics Business (GovConWire) iNovex Information Systems has bought the intelligence analytics business of Mercury Systems for an undisclosed amount in a move aimed at growing iNovex's customer base and market presence

CSC Buys Autonomic Resources for Federal Cloud Market Push (GovConWire) Computer Sciences Corp. (NYSE: CSC) has acquired cloud computing infrastructure provider Autonomic Resources for an undisclosed sum in a push to expand cloud offerings in the federal and other government markets

UAE companies investing more in cyber warfare capabilities (Khaleej Times) At Idex, cyber security has taken a prominent place alongside traditional weapons of war such as tanks and combat aircraft

The hard truth about IT soft skills (FierceCIO) In the new world of IT, being a great technologist is not enough. Employers are more focused on hiring well-rounded tech employees--especially those with soft skills

Juniper Vet Bask Iyer to Succeed Tony Scott as VMware CIO (GovConWire) Bask Iyer, formerly chief information officer at Juniper Networks (NYSE: JNPR), will join VMware (NYSE: VMW) as CIO and a senior vice president on March 23

Tenable Network Security taps new VP, cloud services (Washington Technology) Tenable Network Security has named Sean Molloy vice president of cloud services

CertainSafe Adds Former Director for US Department of Homeland Security and Former Chief Privacy Officer for Microsoft as Board Members (PRNewswire) New additions bolster impressive roster of leading cybersecurity and privacy experts

iboss Network Security Appoints New Senior Vice President of Worldwide Sales (Virtual Strategy Magazine) iboss Network Security today announced the appointment of security industry veteran Frank McLallen to senior vice president of worldwide sales. McLallen was brought onboard to drive the company's global sales strategy, with an emphasis on growing the channel. In his new role, McLallen will focus on expanding the global sales team, building out comprehensive channel programs, and creating an aggressive go-to-market strategy

Retired cyber commander to lead LMI?s cyber practice (San Antoino Business Journal) Government consulting firm LMI has tapped the former vice commander of 24th Air Force, a component of United States Cyber Command, to lead its cybersecurity practice

Research and Development

Researchers create automated signature compiler for exploit detection (Help Net Security) A trio of researchers from Microsoft and University of Erlangen-Nuremberg have created Kizzle, a compiler for generating signatures for detecting exploit kits delivering JavaScript to browsers

IARPA to Launch Contest on Cyber Attack Predication (ExecutiveGov) The Intelligence Advanced Research Projects Activity?s Office for Anticipating Surprise is set to launch a four-year contest to develop new technology that can predict potential cyber attacks

Cyber Attacks, Threats, and Vulnerabilities

Explosive Growth in ISIS Tweets: Arabic Overtakes English (Recorded Future) The volume of tweets involving ISIS grew in August-October of 2014, then had a clear decline in November-December 2014, and has exploded in 2015. The growth in 2015 is almost entirely due to tweets written in Arabic

After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware (SC Magazine) In a Monday interview with SCMagazine.com, Joe Siegrist, CEO of LastPass, a security company that created a security tool for users to check whether they have Superfish on their machine, said that after investigating the adware issue, LastPass found that a major browser maker outside of the U.S. appeared to be accepting invalid certificates generated by Superfish

Are Lenovo and Superfish Evil or Incompetent? (Slate) Also, what's Komodia, and is it evil or incompetent?

Lenovo suffers cyber attack on its home page (MarketWatch) Chinese computer maker Lenovo Group Ltd. 0992, +0.34% LNVGF, -1.31% said Thursday that its main website had been hacked

Lenovo's website hijacked (briefly) by High School Musical-loving hackers (Graham Cluley) Everyday the internet seems to get weirder

Webnic Registrar Blamed for Hijack of Lenovo, Google Domains (KrebsOnSecurity) Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google's Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others

Washington D.C. Think Tank Hacked — 700,000 Charities at Risk (Dark Matters) The Urban Institute, a prominent Washington D.C. based think tank which provides research articles for nonprofits on management and governance, disclosed that the organization's National Center for Charitable Statistics (NCCS) network has been the subject of a major breach event that compromised sensitive information for up to 700,000 charities

New DDoS attack and tools use Google Maps plugin as proxy (Help Net Security) Attackers are using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching DDoS attacks

Telegram dimisses claim of a flaw in its secure messaging application (IDG via CSO) Zimperium says Telegram doesn't protect content in memory, but Telegram says it's hard to defend against

Onapsis Uncovers Five New Vulnerabilities Affecting SAP BusinessObjects and SAP HANA (Onapsis News and Events) High-profile cyber-risks reveal unauthorized users could retrieve and overwrite data stored on business-critical systems

The top software exploit of 2014? The Stuxnet XP flaw from 2010, reckons HP (Techworld via CSO) For cyber-attackers, the old flaws are still the best, according to HP's Cyber Risk Report 2014 and it has a startling piece of evidence to back up its claim — the most commonly exploited software vulnerability for last year was the infamous .lnk flaw in Windows XP made famous by Stuxnet in the distant summer of 2010

Mobile spyware running rampant in corporate America (FierceMobileIT) If your enterprise has at least 2,000 mobile devices on your network, there is a 50 percent chance that at least six of those devices are infected with malware that can spy on your network

Mac OS X is the most vulnerable OS, claims security firm; Debate ensues (ZDNet) According to a report by security firm GFI, Apple's Mac OS X is the most vulnerable operating system, with the iOS platform coming in second. A debate over reporting nuances and merits of the report quickly followed

Supervisor: No data compromised in Hinds cyber attack (Clarion-Ledger) The Hinds County website was the victim of a cyber attack Wednesday morning, however Hinds County District 1 Supervisor Robert Graham says it does not appear at this time any data was compromised

Koppie Koppie sells photos of your kids to prove you shouldn't post them online (Naked Security) Koppie Koppie, an online business selling coffee mugs with pictures of children printed on them, is stirring up controversy — after all, the kids' photos weren't given to Koppie Koppie by their parents, but grabbed from Flickr

Academia

Raytheon kicks off nation's largest collegiate cyber defense competition (MarketWatch) NCAA-style tournament fights U.S. cyber talent shortage, gives college students hands-on experience battling cyber attacks

UA Talent Pipeline Stopping Data Breaches (UA News) Because the University is a leader in preparing graduates with information security expertise, demand is high by employers and by students seeking to enter the MIS master's program

Litigation, Investigation, and Enforcement

European Cyber Police Try To Shut Down Ramnit Botnet That Infected 3 Million (Forbes) British, German and Italian police have claimed success in disrupting one of the world?s biggest botnets, Ramnit. The Ramnit malware, which sought to steal victims' banking login data, was believed to have infected as many as 3.2 million Windows PCs. It is currently sitting on up to 350,000 compromised computers

Study: SMBs lack thorough understanding of state data breach notification laws (SC Magazine) Considering the slew of headline-grabbing data breaches being reported, it should come as no surprise that small business owners are brushing up on their state data breach notification laws. However, one recent study found that only 33 percent of small business owners and decision-makers feel "very confident" in their understanding of their states' breach disclosure legislation

State Department 'Director of Counterterrorism' Charged With Soliciting Sex from a Minor (AP via Breitbart) A U.S. State Department official was jailed Tuesday on a charge of soliciting a minor

Design and Innovation

If you could go back in time… (CSO) Every week brings news of breaches, cybercrime and state-sponsored hacks, each more shocking than the last. Unfortunately, it's not practical to rip up the whole Internet and start over again with a more secure foundation. But wouldn't it be nice if we could go back in time to when it was first being built, and shake some sense into the early developers? We asked some security experts about what they would change if they could go back

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

upcoming Events

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools and techniques you can put to work immediately when returning to your office. The summit will allow you to learn from industry experts on attacker techniques, testing approaches in ICS, and defense capability in ICS environments

The Future of Cybersecurity Innovation (Washington, DC, USA, February 26, 2015) The US intelligence community has ranked cyberattacks as the No. 1 threat to national security — more than terrorist groups or weapons of mass destruction. But the military's cyberwarriors fight these battles hunkered over computers, working with strings of code — a laborious process that requires advanced engineering skills. That's why the Pentagon's advanced research arm, the Defense Advanced Research Projects Agency (DARPA), is building a system to give the military instantaneous knowledge of network attacks by displaying them in real-time with rich graphics and 3-D visualizations

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security Research, Trend Micro), and "Is your organisation setup for success in security?" (Patrick Brady, Independent Consultant)

2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers and other risk professionals. An expert faculty comprised of leading security, regulatory, risk management, and cyber insurance authorities will provide their insights into the critical privacy, network security and insurance coverage now issues facing organizations and their insurers, with an emphasis on the business, technology and regulatory factors that make California and the West Coast unique

Cybergamut Technical Tuesday: Tor and the Deep Dark Web (Columbia, Maryland, Sioux Falls, March 3, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates. Presented by Scott FitzPatrick of Norse

Boston SecureWorld (Boston, Massachusetts, USA, March 4 - 5, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Among the speakers are several leading figures in cyber law enforcement

Mercury Proposers' Day Conference (IARPA1, Washington, DC, March 5, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Mercury Program on March 5, in anticipation of the release of a new solicitation in support of the program

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security Summit MENA — a highly interactive experience sharing platform for top experts from banks, insurance companies, monetary organizations and government institutions, accountancy companies, consumer finance, investment funds, stock brokerages and more

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, March 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown and undisclosed software vulnerabilities ("zero days"). Drawing from a real-world case study, Dr. Ellis investigates the tension between the development of offensive cyber capabilities and cybersecurity. The discussion considers different approaches to disclosing newly discovered vulnerabilities and highlights the key roles that government and industry can play in promoting enhanced cybersecurity

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference will focus on three areas/tracks: management, technical and implementation. CEUs (7) are available for this event

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region. Much has changed in the field of security and data protection in recent times. There are popular new technologies in the form of SaaS (Security as a Service) and services in a cloud (cloud computing), green computing, etc

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges in cyber security. The vast scope of modern cyber threats calls for active participation from individuals and organizations across the state

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on addressing the Cybersecurity challenge

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry experts on many diverse topics such as: Risk Mitigation, Malware Detection, Digital Forensics, Cloud Security, Privacy, Big Data, PCI Compliance, Security Metrics, Encryption, Mobile Device Management, Incident Response, and much more. Keynote speakers will be Larry Ponemon (of the Ponemon Institute) and Christopher Pierson (General Counsel & Chief Security Officer, Viewpost)

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China for exploitation and theft. This results in huge losses of valuable trade secrets and sensitive customer information. This rampant industrial espionage costs American jobs." Join us for our annual Cyber Summit where thought-leaders from across the public and private sectors who have real-world experience effectively managing large scale policies and programs will provide information and updates to the POC attendees

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North West Cyber Security Conference. From large corporations to micro businesses the importance of protecting personal and commercial information has become much more important with the introduction of the smart phone and other portable device's. When it comes to Information Security Systems small businesses and large corporations believe they are doing all they need to secure themselves and their clients

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems they rely on every day. For this purpose, it is essential to maintain a direct, on-going contact with the latest developments and changes in the cyber defense market. To this end, we are pleased to invite you to Cybertech 2015, the International Conference & Exhibition for Cyber Solutions, taking place on March 24th-25th, 2015 in Tel Aviv, Israel. Cybertech Conference and Exhibition, an initiative of Israel Defense, is the largest exhibition and conference of cyber technologies outside of the US

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 will "Cybercrime". Industry experts will be on hand to brief attendees on the latest trends, and best practices, in cybersecurity. This one-day forum will offer IT, business, law enforcement, government, military, academic, training, and other professionals a unique, local opportunity to get up-to-date information on rapidly evolving cybersecurity challenges

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic, legal, regulatory and insurance impacts. Discuss cybersecurity issues and to focus on applied cybersecurity (i.e. implementing the NIST framework, R&D, legal and regulatory perspectives, state and local approaches). Present content that attendees can take back and use in their organizations

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women's representation in this male-dominated field of security is alarmingly low. Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel discussions and networking sessions

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively focused on insider threat awareness, insider threat program development and implementation and insider threat risk mitigation.The ITS&E will provide attendees with access to a broad network of security professionals to collaborate with on insider threat risks, insider threat detection, insider threat risk mitigation strategies and insider threat program development, implementation and management. The expo will include vendors that have proven technologies and services for insider threat risk mitigation

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.