The CyberWire Daily Briefing 04.02.15

Summary

By The CyberWire Staff

A major false alarm — Turkey's widespread power blackout apparently was not, as early reports blared, the result of a cyber attack — rattled users of the European electrical grid at midweek. While the disruption was contained and remediated, observers warn that power grids throughout the developed world remain vulnerable to cyber attack. Their warnings also have broader application to ICS/SCADA networks.

Israeli sources, led by Check Point, continue to point to Lebanon as the source of the Volatile Cedar espionage campaign. Attribution wavers between the Lebanese government and unnamed "political groups."

The Laziok reconnaissance and industrial espionage Trojan Symantec reported this week is decidedly not a cutting-edge tool, but that doesn't matter. It's been able successfully to exploit a flaw in Windows Active X Control that was patched back in 2012. This highlights, of course, the importance of patching, and of keeping systems up-to-date. (Coincidentally, NetMarketShare reports that Windows XP — support for which ended on April 8, 2014 — still has more users than its Windows 8 successor, which is hardly good news from the herd immunity point-of-view.)

The denial-of-service attack that began afflicting GitHub last week, now by consensus attributed to the Chinese government, might have been mitigated by more widespread use of https (or so says the Electronic Frontier Foundation).

Several reports track trends in cyber criminal markets.

In industry news, CipherCloud buys Anicut Systems, CACI acquires LTC Engineering Associates, and Motorola Solutions buys PublicEngines.

President Obama's "national emergency" Executive Order on sanctions for cyber attacks draws foreseeably mixed reactions.

Notes.

Today's issue includes events affecting Algeria, Belgium, Denmark, Estonia, European Union, Finland, Germany, Ireland, Latvia, Lithuania, Morocco, Norway, Sweden, Tunisia, Turkey, United Arab Emirates, United Kingdom, United States

Selected Reading

Cyber Trends

Why nation-state cyber warfare should be keeping you up at night (Information Age) If you think that nation-state cyber warfare has no influence over your company's IT security, think again

"Your location has been shared 5398 times" — Do we need a privacy assistant on our smartphones? (Naked Security) Do you know how much information your smartphone is giving away to app makers and advertisers?

Legislation, Policy and Regulation

Our Latest Tool to Combat Cyber Attacks: What You Need to Know (The White House Blog) For the first time, President Obama is giving our country a new tool to combat the most significant cyber threats to our national security, foreign policy, or economy. It's an important step, and many people may be wondering how it will work. Take a look at a few answers to some questions you may have on how the President's latest Executive Order will bolster our cybersecurity

U.S. targets overseas cyber attackers with sanctions program (Reuters) President Barack Obama launched a sanctions program on Wednesday to target individuals and groups outside the United States that use cyber attacks to threaten U.S. foreign policy, national security or economic stability

Opinion: Sanctions may be Obama's best idea yet to battle cyberattacks (Christian Science Monitor Passcode) Obama signed an executive order today authorizing a program of sanctions to battle digital assaults coming from overseas. While the order seems aimed at the Chinese, it might also be the president's most successful tool for thwarting cyberattacks

Obama Emergency Cyber Sanctions 'Another Salvo In War On Legitimate Hackers' (Forbes) Unconvinced by President Obama and the government's promises to protect security researchers, professional hackers have expressed concern the "cyber" sanctions announced today by the US administration could, perversely, be used to punish those trying to protect the country. They're also not sure about the need to call a "national emergency" as a result of digital attacks on the nation

House chairman: Obama order reveals 'piecemeal' cyber plan (The Hill) President Obama's executive order authorizing more sanctions on cyberattackers is a small move that doesn't cover up the lack of a comprehensive plan to countering cyber crooks, House Homeland Security Committee Chairman Michael McCaul (R-Texas) argued Wednesday

U.S. Army Builds Cyber Branch One Step at a Time (SIGNAL) The U.S. Army's newly created cyber school is prepared to accept its first class of second lieutenants this summer followed by enlisted personnel and warrant officers. The historic first class signifies a significant first step toward building the service's new cyber branch

Free WhatsApp Voice Calls: UAE telecom operator blocks new feature (Emirates 24/7) Close on the heels of WhatsApp allowing everyone — including users in the UAE — access to its new VoIP-based free voice calling service, the UAE's telecom operators have been quick to block the feature, citing regulatory compliance

Products, Services, and Solutions

Finding the Hidden Cyber Threats in the Power Grid (Green Tech Grid) How N-Dimension helped a Midwest utility distill 3.8 million cyber alerts into real-world security actions

The top cloud providers for financial services (ZDNet) Stringent compliance rules and potential security breaches might make cloud seem too risky for financial services. Don't overlook the benefits cloud providers can offer your firm

Microsoft ended support for Windows XP almost a year ago… and it still has more users than Windows 8 (BGR) How much has Windows 8 bombed with PC users? So much that an obsolete operating system that had its technical support cut off nearly a full year ago still has more global users

Huawei scales up data centre security (Computer Business Review) Industry's first NGFW card for data centre switches

Hexadite Launches Automated Security Incident Response Technology (eWeek) The goal of the new technology is to accelerate the time it takes to respond to a security incident after an alert is generated

CYREN (CYRN) Cybersecurity Tech Selected for Use by Mitsubishi, Siemens Joint Venture (Street Insider) CYREN (NASDAQ: CYRN) announced that UK-based Primetals Technologies, a joint venture by Mitsubishi Heavy Industries, Ltd. (MHI) and Siemens AG, selected CYREN's cloud-based cybersecurity technology to provide real-time protection from advanced cyberattacks, zero hour malware outbreaks, and hard-to-detect email threats, including viruses, phishing, spam and spyware

Leading Life Insurance Company Using EnCase® Security Products to Comply with PCI DSS (Insurance Weekly News) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations™, announced a leading life insurance company servicing more than 1,000,000 policies has invested in EnCase Cybersecurity and EnCase Analytics to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS)

Vidsys Innovates Software Platform to Converged Security and Information Management (Marketwired via Sys-Con Media) Vidsys, a top global provider of enterprise Physical Security Information Management (PSIM) software, announced today the next stage of evolution of its award winning, web-enabled software platform, to include the convergence of physical and cyber security along with information management solutions

Technologies, Techniques, and Standards

Do Threat Exchanges Work? (eSecuirty Planet) Sharing intelligence on security threats is an old idea getting new cred, thanks to Facebook's new Threat Exchange. But how well do such exchanges work?

Application of Threat Indicators: A Temporal View (Dark Reading) Better outcomes will be achieved when we're applying temporal considerations to threat indicators

Info governance committees could be strategic mistake (FierceContentManagement) You know the drill; you've seen it a thousand times. Whenever a company-wide initiative hits the planning stages, committees are formed, meetings are held and every component of the new strategy is discussed to death. Information governance committees are no different but IG attorney Linda Sharp says its time to turn that approach on its head

Why you should be spending more on security (CIO) As the cost and likelihood of security breaches increases, CIOs need to boost security measures — and spending — to mitigate the risk to your business

Q&A: Importance of virtualisation with Egnyte CSO Kris Lahiri (Computer Business Review) Kris Lahiri, Chief Security Officer at Egnyte, a file sharing service, tells CBR what virtualisation can do for businesses, and where it is most important

Social engineering: You got nailed! (TechTarget) Move beyond prevention to fast detection to combat a stealthy social engineering attack

To Respond to Targeted Attacks, You Must Detect the Unseen (Trend Micro: Simply Security) If you have not done so already, go play Targeted Attack: The Game. As of late, this is the reason why I ponder earth shaking questions such as the connection between the two inanimate objects you see above and targeted attacks. However, my hope is that after breezing through a few paragraphs, you will come to the following conclusion: Those who would perpetrate a targeted attack do not play by a set of predictable rules. To win 'the game,' you need to be able to detect things you would otherwise not see

Marketplace

CipherCloud Acquires Anicut Systems — Adaptive Security as a Service (Converge!) CipherCloud, which provides cloud visibility and data protection, announced the acquisition of Anicut Systems, a privately held provider of adaptive security as a service. Financial terms were not disclosed

CACI International (CACI) Announces Acquisition of LTC Engineering Associates (Street Insider) CACI International (NYSE: CACI) has acquired LTC Engineering Associates, Inc., a highly specialized provider of technical engineering solutions and services to the Intelligence and Department of Defense communities in the areas of software engineering, cybersecurity, signals intelligence (SIGINT) and communications intelligence (COMINT), and digital signals processing

Motorola Solutions Advances Smart Public Safety Innovation with PublicEngines Acquisition (BusinessWire) Transaction adds crime analysis, predictive policing and citizen engagement applications to cloud-based solutions

HyTrust raises $25M to grow cloud security business (Silicon Valley Business Journal) Cloud security startup HyTrust raised $25 million in Series D funding on Wednesday in addition to securing $8 million in venture debt and credit facilities

Cybersecurity Leader Qualys Posts Superb Earnings Growth (Investor's Business Daily) Shares of Qualys (NASDAQ:QLYS) have been pulling back in what is now looking like a new base for the computer security leader. The stock has been consolidating for nearly four weeks since peaking at 50 on March 5. It's also possible to interpret the chart as a seven-week-old base because the stock hasn't made a new weekly closing high in that period

Why I Prefer Fortinet To Palo Alto Networks As A Long-Term Holding (Seeking Alpha) Shares of cyber-security solutions providers Fortinet and Palo Alto Networks have been doing very well over the past 12 months. This has mainly been orchestrated by the high demand for reliable cyber-security solutions driven by a record number of data breaches being witnessed across diverse industries. Which company is the better long-term prospect?

Fortinet Further Invests in the Middle East region (Zawya) Fortinet® (NASDAQ: FTNT) — a global leader in high-performance cyber security — today announced that it has moved to a new and larger office and at the same time opened a unique Technical Assistance Center in Dubai, UAE

Infinigate adds Damballa to cyber-security arsenal (Channel Pro) US security firm Damballa enlists Infinigate to recruit UK channel partners

Research and Development

A search engine could become the first true artificial intelligence (Quartz) Everything in our online life is indexed. Every idle tweet, status update, or curious search query feeds the Google database. The tech giant recently bought a leading artificial-intelligence research outlet, and it already has a robotics company on its books

Security Patches, Mitigations, and Software Updates

Mozilla Adds Opportunistic Encryption for HTTP in Firefox 37 (Threatpost) Mozilla has released Firefox 37, and along with the promised addition of the OneCRL certificate revocation list, the company has included a feature that enables opportunistic encryption on connections for servers that don't support HTTPS

Stable Channel Update (Google Chrome Team) The stable channel has been updated to 41.0.2272.118 for Windows, Mac and Linux. A partial list of changes is available in the log

Google clamps down on ad injectors after 100,000 Chrome users complained (Naked Security) Google has picked a fight with ad injectors — programs that insert adverts into the pages you visit while browsing the web — following complaints from more than 100,000 of its Chrome users

Google fixed a vulnerability that allowed any YouTube user to delete any video (Quartz) Everybody makes mistakes. Google caught a big one before it was too late

Google Drops Trust in Chinese Certificate Authority CNNIC (Threatpost) Google has taken the unusual step of completely removing trust from Chrome for the Chinese certificate authority CNNIC in the wake of an incident in which certificates issued by the CA were misused

Cyber Attacks, Threats, and Vulnerabilities

Turkey blackout not cyber attack, no risk to Europe power link-up (Reuters) A power outage that blacked out most of Turkey on Tuesday was not due to a cyber attack and will not threaten a deal to link up with European grids, leading energy officials said

Did a cyber attack cause the blackout in Turkey? (Daily Sabah) After a nationwide blackout across Turkey on Tuesday, different scenarios for reasons for the power outage have been circulating

Turkey's 10-Hour Blackout Shows Threat to World Power Grids (Bloomberg) A massive power failure that crippled life in Turkey for almost 10 hours on Tuesday highlights the threats facing electricity grids worldwide

Texas Electric Grid Vulnerable To Cyber-Attack (KEYE TV) The warnings are getting louder and louder. "It's not a question of if," said Chris Humphreys with The Anfield Group. "It's a question of when." Energy security experts say the grid is vulnerable

Inside the rickety, vulnerable systems that run just about every power plant (IT World) In 1982, at the height of the Cold War, a vast explosion, visible from space, lit up Siberia. NORAD and others in the U.S. defense establishment worried: was this a nuclear test, or a missile being launched from a region where nobody had suspected that missies were stored? But no: it turns out the explosion, one of the largest non-nuclear blasts ever created, came from a remote area of the new Trans-Siberian Pipeline. And according to Thomas C. Reed, a U.S. National Security Advisor at the time, it was an audacious act of sabotage by U.S. intelligence

Stuxnet Five Years Later: Did We Learn The Right Lesson? (Dark Reading) No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security

Israeli security group blames Lebanon for major spying campaign (Lebanese Examiner) An Israeli security firm is pointing fingers at Lebanon after claiming to have discovered a spying campaign that "likely" originated with a government agency or political group in Lebanon

Mystery 'Explosive' cyber-spy campaign traced back to Lebanon (Register) Round up the unusual suspects, you know the drill

Laziok Trojan Exploits Three Year-Old Windows Flaw (Dark Reading) Data-stealing malware relies on old bug to break into systems at energy companies

Unsophisticated Trojan Malware Targets Middle East Energy Companies: Symantec (International Business Times) Cybersecurity specialist Symantec has exposed a new kind of malicious software that is being used as part of an ongoing international espionage campaign. The malware, dubbed Trojan.Laziok, has primarily targeted energy companies in the Middle East, though who first deployed it remains unclear

Pin-pointing China's attack against GitHub (Errata Security Blog) For the past week, the website "GitHub" has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute

Wider use of HTTPS could have prevented attack against GitHub (IDG via CSO) EFF said the GitHub attack reinforces the case for using HTTPS

'Revolution' Crimeware & EMV Replay Attacks (KrebsOnSecurity) In October 2014, KrebsOnSecurity examined a novel "replay" attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards. Today's post looks at one service offered in the cybercrime underground to help thieves perpetrate this type of fraud

Ransomware surges in early months of 2015 (Computer Business Review) Variants of CryptoLocker multiply as hackers try to innovate

Critical Vulnerabilities Affect JSON Web Token Libraries (Theatpost) Critical vulnerabilities exist in several JSON Web Token (JWT) libraries — namely the JavaScript and PHP versions — that could let an attacker bypass the verification step

Google Ad Injectors Affect 1 In 20 Visitors (InformationWeek) If you're seeing extra or unusual ads, you may have an unwanted ad injector

NewPosThings Has New PoS Things (TrendLabs Security Intelligence Blog) Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area — namely, versions for 64-bit and higher

Angler Exploit Kit — Recent Traffic Patterns (Internet Storm Center) Angler exploit kit (EK) has changed URL patterns (again) during the past month. I infected a Windows host so we can take a closer look. Let's see what Angler has been up to. First, here are the Angler EK URL patterns noted in traffic from an infected host

Caution! New SMS scam! (Panda Media Center) We have seen many scams involving text messages, the most recent one in Spain a few days ago; crooks sent innocent users this SMS

Is it safe to use public Wi-Fi networks? (Network World) Wi-Fi has significantly changed the way we work and play, enabling us to interact with the digital world from anywhere in the physical world. Furthermore, free Wi-Fi access is on the rise, from local coffee shops to international restaurant chains. However, the convenience of free Wi-Fi comes with some real threats, from computer viruses to identity theft

Academia

AACC cybersecurity program recognized (Capital Gazette) The National Security Agency and the U.S. Department of Homeland Security designated Anne Arundel Community College as a National Center of Academic Excellence for Information Assurance and Cyber Defense

Litigation, Investigation, and Enforcement

Report: EU preparing to bring antitrust case against Google (Ars Technica) Internet giant could face fine of up to $6.6 billion

Facebook hits back at report claiming it tracks pretty much everyone (Naked Security) Facebook has hit back at a new report commissioned by the Belgian Privacy Commission, which claims that Facebook tracks far more users than previously thought

Silk Road Boss' First Murder-for-Hire Was His Mentor's Idea (Wired) The allegation that the Silk Road's Dread Pirate Roberts attempted to pay for six murders has loomed over the story of that massive online drug market. How could the pseudonymous figure preaching non-violent, libertarian ideals stoop to commissioning the paid killings of half a dozen people?

Disgraced DEA agent from Silk Road case sent weird messages to Mt. Gox CEO (Ars Technica) "The American government and economy will crash in the next five years"

GPS tracking counts as a "search", says US Supreme Court (Naked Security) Torrey Dale Grady is a repeat sex offender who has finished serving time in US prison

UAE researcher calls for more stringent cyber security (The National) An Emirati researcher believes his work will help to improve the nation's ability to respond to cyber security threats

Parents aren’t the only ones to blame for kids playing violent video games (Quartz) Headteachers from 16 schools in Cheshire, UK, have warned parents by letter that they would be reported to the authorities if they allowed their children to play video games marked as suitable for adults with an 18+ age rating

Design and Innovation

Students Build Open Source Web-Based Threat Modeling Tool (Threatpost) Threat models help application developers answer some fundamental questions about potential risks and how to cut off vulnerabilities before they're put into production. Some software development lifecycles, however, don't include threat modeling as part of the code-building process because they've either never heard of it, or the process is too difficult

How to Protect Your Medical Device Against Cyber Threats (Medical Device and Diagnostics Industry Online) Facing the increasing risk of crippling cyber attacks, medical device manufacturers should take a new look at security to protect their devices and patient welfare

Advanced Analytics for the Masses (Wall Street Journal) Amplified intelligence extends the benefits of advanced analytics to drive operational efficiencies and improve decision-making throughout the enterprise

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Insurance and Corporate Governance: Facing New Threats (Brooklyn, New York, USA, April 2, 2015) Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable — and vulnerable — assets companies around the world possess: intellectual property and, in many cases, the sensitive personal information of millions

Coast Guard Intelligence Industry Day (Chantilly, Virginia, USA, April 2, 2015) With a blended focus of defense, homeland security, law enforcement, criminal investigations, intelligence and cyber issues, Coast Guard Intelligence is aggressively looking to collaborate with partners and stakeholders in support of mission of execution. This event will be Coast Guard Intelligence's most significant and inclusive outreach event of the year.

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks appropriate for evolving cyber threats. The Mission is to enable the safe use of sensitive and privacy data while servicing the healthcare needs of the nation. The format for this event will include briefings from government and industry. Our featured speaker is from the Interagency OPSEC Support Staff and will present on "TRASHINT: Dumpster Diving", a very popular topic which teaches attendees how one person's trash can be another person's treasure

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts between Iran and the West. Few other events have so far dominated 2015 as the P5+1 negotiations to limit Iranian nuclear capabilities. Against the backdrop of the negotiations, it is likely that Iran, Israel, and the United States are gathering their strength for a renewal of cyber conflict of the past several years. The confrontations include attacks both from Iran, such as disruption of the US banking sector and against Gulf energy companies, and against Iran, such as Stuxnet and the Wiper worm. Should the talks fail, what are the chances of an escalating cyber conflict?

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment

Cyber Security Summit: Financial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.