The CyberWire Daily Briefing 04.06.15

Summary

By The CyberWire Staff

The annual hacktivist assault on Israeli networks (and on other identifiably Jewish sites) is due to return tomorrow; many intended targets tighten security and raise awareness. (Coincidentally, a University of Haifa study finds that cyber attacks can prompt severe psychological and physical stress.)

Ireland appears to be facing a smaller hacktivist threat, this one prompted by discontentment over water utility management.

Observers note Russian success in information operations, and wonder at the lack of comparable American capability. Those observers think the gap arises in part from relatively low financial support for effective organizations with Cold War roots, in part from mismanagement in the better-resourced precincts of the State Department. Russian success in social media seems particularly marked, and in online Russian news outlets like the (very American-looking) RT.

Trend Micro warns of two current threats: "NewPosThings" point-of-sale malware (found infecting airport shops) and "CRYPVAULT" (an evolved ransomware attack kit).

GitHub seems to have largely recovered from the denial-of-service attacks it suffered over the last two weeks.

VMWare has patched a Java information disclosure vulnerability. Payment service Venmo upgrades to two-factor authentication. Microsoft reminds users that support for Windows Server 2003 will soon expire.

Retailers struggle to implement lessons learned from last year's data breaches. Start-ups, app developers, healthcare institutions, and universities continue to appear security laggards: enterprises in the first two categories are resource-strapped, in the second two surprisingly unaware of their risks.

Reactions to last week's US Executive Order on sanctions for cyber attacks range from celebratory to cautionary.

Notes.

Today's issue includes events affecting Canada, China, Ireland, Israel, Republic of Korea, Russia, Spain, United States

Selected Reading

Cyber Trends

Cyber terrorism triggers severe psychological, physical stress, Haifa researchers shows (Jerusalem Post) "Vast majority of public are complacent and, until they are exposed to a personal cyber attack, they see cyber terrorism as nothing more than an inconvenience," expert says

Data breaches drive big changes for U.S. merchants (Examiner) Under the best of circumstances, business owners have a constant struggle to deal with fickle consumer tastes, increasing competition, and burdensome government regulation. But with the "data breach of the week" dominating today's headlines, the process of just getting paid is about to get even more complicated for U.S. merchants over the next three to six months

What Have You Learned, Target? (Slate) We still have no idea how to make companies take data breaches seriously

Poor Security Measures Make Startups Easy Hacking Targets (Social Times) Social media startups are full of energy and desperate to push their product to market. In this haste, basic security protocols are often overlooked. Snapchat has had many security flaws, and several Tor router projects were sunk by poor security. Because of this poor security, startups may have made themselves targets, according to The New York Times' Bits blog

Study: Half of app Makers Spend $0 on Security (Mocana On Blog) A study by the Ponemon Institute of over 400 large Fortune 500 companies reveals a staggering lack of mobile app testing, security and funding for their apps

How exposing more digital flaws could actually be harming security (Christian Science Monitor Passcode) Jeff Schmidt, whose firm discovered a widespread Microsoft bug, worries that businesses are suffering from vulnerability fatigue. As a result, he says, they aren't doing enough to protect themselves from digital assaults

RSA Conference 2015 preview: Is IoT hype justified? (TechTarget) The Internet of Things dominates the agenda at RSA Conference 2015, but experts believe enterprises should focus their attention on threat intelligence and other topics

Are you safe in the Internet of Things? (USA TODAY) The Internet of Things, the popular name for the technology by which devices are connected and controlled over the Internet, is big, and it is only getting bigger. The presently estimated number of Internet of Things devices of 4.9 billion devices is expected to rise to 25 billion by 2020. IBM has recognized the opportunities present in the Internet of Things and earlier this week announced it is investing $3 billion in a new business unit that will focus entirely on developing products and services for the Internet of Things

Legislation, Policy and Regulation

Turkey blocks Twitter, YouTube over hostage photo (Hurriyet Daily News) Turkish authorities have blocked access to Twitter and YouTube over their refusal to remove photos of a prosecutor who was taken hostage by militants in Istanbul. The ban on Facebook, on the other hand, has been lifted after the website complied with the court ruling

MP Rathgeber wants tougher oversight of electronic spy agency (Ottawa Citizen) Canada's system of watching the watchers needs better vision, says maverick MP Brent Rathgeber

Park, Obama Both Move to Strengthen Cyber Security (Business Korea) President Park Geun-hye appointed a new cyber security secretary, a newly-created post, presidential spokesman Min Kyung-wook said on Friday. Shin In-seop, a brigadier general who served as deputy commander of the military cyber command, will be integral to the latest government effort to strengthen the top office's role in cyber security. The move came three days after the Cabinet's approval of the new post

Anti-Hacker Executive Order: 5 Concerns (GovInfoSecurity) Security experts sound attribution, retribution warnings

New White House Executive Order: Sanctions in Response to Cyber Intrusions (The Adversary Manifesto by CrowdStrike) For the last 4 years, I have persistently advocated for a trade sanction approach in response to the vast economic espionage being conducted by numerous nation-states and foreign corporate threat actors

Expansion Of Federal Laws Won’t Deter Rogue States Or Diffuse Hacking Groups Trolling Web For Vulnerabilities (HS Today) In conjunction with the recent State of the Union Address, the White House announced a package of legislative proposals titled, Modernizing Law Enforcement Authorities to Combat Cyber Crime, aimed at providing law enforcement the "appropriate tools to investigate, disrupt and prosecute cyber crime"

Lawmakers in cybersecurity rush (The Hill) Lawmakers are rushing to pass a major cybersecurity bill this month before a divisive debate over reauthorizing the National Security Agency's surveillance programs bogs them down

Top GOP senator touts cyber privacy bill (The Hill) A top Senate Republican on Saturday touted a major Senate cyber bill aimed at better protecting privacy

Advancing cyber bills spark fresh NSA worries (The Hill) The House Intelligence panel is preparing to move a cybersecurity bill that privacy advocates argue would embolden the National Security Agency (NSA)

Strengthen privacy rights (Post and Courier) A major piece of business that Congress failed to complete last year was to strengthen the privacy rights of Americans by curtailing government spying on them. It should be at the top of the agenda this year

How the 2016 Republicans Will Debate NSA Reform (National Journal) Rand Paul and Ted Cruz are likely going to hit their opponents — and each other — early and often for backing mass surveillance

Senator wants bomb-making information removed from the Internet (CSO) After two U.S. women were charged this week with conspiring to build bombs in support of terrorist groups, a U.S. senator wants two publications that include bomb-making instructions deleted from the Internet

NSA looks to continue cybersecurity partnership with private sector (FCW via Washington Technology) National Security Agency Director Adm. Michael Rogers called for closer and more rapid collaboration with the private sector in investigating cyber intrusions

Products, Services, and Solutions

Intel, Broadcom Look to Secure IoT Payments (eWeek) Intel is partnering with Ingenico to develop devices to secure credit card payments, while Broadcom's new chips offer integrated NFC capabilities

Blue Coat Systems and Prelert Partner to Provide Anomaly Detection in Security Solutions (Framingham Patch) Prelert is a Framingham-based company

Barracuda Mobile Companion (ZDNet) The Barracuda Mobile Companion works with the Barracuda Mobile Device Manager and allows organizations to centrally manage Android devices. The agent is used to enroll devices with the cloud-based Barracuda Mobile Device Manager

Technologies, Techniques, and Standards

Guidelines on the auditing framework for Trust Service Providers (Help Net Security) A new ENISA report provides guidelines on the auditing framework for Trust Service Providers (TSPs). These guidelines can be used by TSPs (preparing for audits) and Conformity Assessment Bodies (auditors) having to undergo regular auditing — as set by the eIDAS regulation — and offer a set of good practices which can be used at an organizational level

PCI Security Standards Council Releases Tokenization Product Guidelines (SecurityWeek) The PCI Security Standards Council announced on Thursday the availability of guidelines designed to help organizations develop tokenization products

Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse (Dark Reading) Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here's proof

Putting IT In Perspective: Threat Intelligence (Business2Community) "Threat Intelligence" is one of those terms that high-tech marketers have recently grabbed on to, and are currently riding hard — you can check this out for yourself, with a quick look on Google Trends

The Unfolding Role of Risk Managers — New Demands, New Talent (Forbes) Melissa Sexton, CFA is the head of Product and Investment Risk for Morgan Stanley MS +0.25% Wealth Management. Prior to this, she spent nearly a decade serving as Chief Risk Officer at two different hedge funds in New York. Most of Melissa's 25 years of experience has been in a variety of risk management roles, though she has also traded derivatives and worked in operations, and has continuously worked on projects which integrate risk management with information technology. Ms. Sexton is a member of PRMIA New York's steering committee, received a BA in Mathematics and Economics from Boston University, and was awarded her CFA charter in 2001

How to Build a Successful IT Security Awareness Program (Tripwire: the State of Security) The first step towards creating a successful security awareness program is to recognize that this is not a project with a defined timeline and an expected completion date, but is instead a development of organizational culture

Anthem and Premera data breaches put healthcare industry on notice (IT Pro Portal) Recent headlines have put the healthcare industry in the spotlight, and have many asking if current security best practices are enough

Chris Thomas of RSA shares his views on hacking incidents in the corporate world (DNA India) The number of hacking incidents are constantly rising and companies are struggling to keep up with the attackers. In an exclusive interview at Black Hat Asia 2015, Chris Thomas, Security Analytics and Advanced Security Operations Specialist, Asia Pacific & Japan, RSA speaks to Krishna Bahirwani and shares his thoughts on where organizations are going wrong

The Cloud Could Be Your Best Security Bet (TechCrunch) Conventional IT wisdom says that you're safer and more secure when you control your own on-premises datacenter. Yet if you think about every major data breach over the last two years, whether Anthem, Sony, JPMorgan or Target, all involved on-premises datacenters, not the cloud

Encryption Still the Preferred Method for Protecting Cloud Data: Report (American Banker) Encryption still vastly outpaces tokenization as a means of defending data in the cloud, according to a new report from a cloud data cybersecurity firm, CipherCloud

Big companies aren't as well protected as they think (Technical.ly Brooklyn) Experts on enterprise cybersecurity discuss the Department of Commerce's guidance for keeping data and critical IT infrastructure safe

Security Is More than a Password — It's a Signature (CoinTelegraph) The technology behind Bitcoin and the blockchain is secure; we know this because it leverages mathematically proven cryptographic protocols. Known as the Elliptic Curve Digital Signature Algorithm (ECDSA), they "ensure that [Bitcoin] funds can only be spent by their rightful owners." However, this level of security doesn't always transfer to the businesses and applications offering services in the Bitcoin industry today

Defense-in-Policy begets Defense-in-Depth (SANS Infosec Reading Room) The majority of companies today focus solely on technical requirements for an information security program. When addressing the legendary AIC triad, companies focus on pulling controls from three categories: Administrative, Technical/Logical, and Physical/Environmental. Often, the Administrative category is overlooked, disregarded, and not given enough focus and attention from the business which can spell disaster for the security process as it provides the foundation and framework for the entire security program

DoD breaks mobile security roadblock (Federal News Radio) Securing smartphones and tablets is a lot easier said than done for most agencies. Federal security experts still are trying to find the right balance between mobile access and security of data and applications

The Shrinks Who Only See CIA Officers (Daily Beast) Some U.S. intelligence analysts spend days scouring ISIS beheading videos and jihadists' porn. When it gets to be too much, there's a cadre of therapists on call

Marketplace

Boards must up their game before the hackers claim checkmate (Help Net Security) In today's climate, the cyber security paradigm is a reactive cycle. When a threat is uncovered, it is examined and a counter-measure is created, with response times varying from weeks to years

Air Force Picks 17 for $6B Network Operations Support IDIQ (GovConWire) The U.S. Air Force has awarded 17 companies spots on a potential seven-year, $5.79 billion contract meant to provide federal civilian and military agencies with network operations and infrastructure services

RedSeal relauches with new features and $17M in funding (Vator News) RedSeal develops security risk management software so companies can eliminate cyber threats

Hudson's Corero opens Scotland R&D office (Worcester Business Journal) Internet security provider Corero Network Security of Hudson will open a research and development center in Scotland, the company announced Thursday

WatchGuard Technologies Named to JMP Securities' Fast 50 List of Hottest Privately Held Security and Networking Companies (PRNewswire) Report highlights WatchGuard's modular platform approach, ability to continually innovate to keep up-to-date with ever-changing threat landscape

FireHost CEO steps down; founder takes over top position (Dallas Morning News) FireHost founder Chris Drake is back at the top spot after CEO Jim Lewandowski stepped down two weeks ago for personal reasons, the Richardson-based secure cloud provider said today

Research and Development

The Quantum Leap into Computing and Communication: a Chinese Perspective (Eurasia Review) A nation's success in military operations often rises and falls on the basis of how well it communicates. When a nation does not secure its communications effectively, its enemies intercept and read its communications and win thereby military and diplomatic advantages

HITRUST to Launch First Comprehensive Study of Targeted Cyber Threats Impacting Healthcare Industry (BusinessWire) Lack of empirical data to be addressed by collecting and analyzing the methods, magnitude and pervasiveness of cyber threats

Security Patches, Mitigations, and Software Updates

VMWare Fixes Java Information Disclosure Vulnerability (Threatpost) Virtual Machine maker VMware has updated a slew of its offerings in order to address a critical information disclosure vulnerability in the Oracle's Java runtime environment (JRE)

It's safe to use Venmo again (Techno Buffalo) Venmo's credibility took a hit last month when a vulnerability was brought to light by Slate. Basically, the lack of two-factor authentication made it really easy for accounts to be hijacked, leading many users, including one of our own, to unlink their banking information from the service

Microsoft urges companies to upgrade old servers, warns of cyberdangers (Globe and Mail) You really need to upgrade your servers, Canada

Microsoft rolls back commitment to Do Not Track (Computerworld via CSO) Will stop setting the 'don't track me' signal as on by default in its browsers

Cyber Attacks, Threats, and Vulnerabilities

ADL Warns of Antisemitic Hackers' Plan of Cyber Attacks on Jewish Institutions (JPUpdates) International hackers are setting their sights on Jewish and Israeli targets as part of what has become an annual anti-Israel cyber-attack campaign

Anonymous Hackers Vow to Shutdown IT System of Irish Government (HackRead) Anonymous hackers from Ireland have vowed to target government of Ireland on 5th May 2015, shutting down its IT system and leaking confidential information online

Sanctions-Strapped Russia Outguns the U.S. in Information War (Bloomberg) Moscow drowns out Voice of America, and facts are a casualty

'NewPosThings' malware evolves, malicious traffic traced to airports (SC Magazine) While observing the evolution of point-of-sale malware, called NewPosThings, Trend Micro traced suspicious traffic back to two U.S. airports.

CRYPVAULT: New Crypto-ransomware Encrypts and "Quarantines" Files (TrendLabs Security Intelligence Blog) We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These "quarantined" files are appended by a *.VAULT file extension, an antivirus software service that keeps any deleted files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to an infected system

SWF Files Injecting Malicious iFrames on Wordpress, Joomla Sites (Threatpost) Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites

GitHub triumphant over its 'largest ever' cyber pummeling (Fortune) As the days-long distributed denial of service attack on GitHub subsides, more evidence links it to China

Expired Google certificate temporarily disrupts Gmail service (IDG via CSO) Google forgot to renew one of its TLS certificates, leading to service disruption Saturday for people using Gmail through third-party email clients

Bug at Change.org exposed email addresses (The Hill) A newly discovered bug at Change.org revealed email addresses of current and former subscribers and in some cases, the petitions they signed

Caminito del Rey over-booking chaos blamed on cyber-attack (EuroWeekly News) Investigations are underway to ascertain whether an alleged cyber-attack that caused over-booking for the Caminito del Rey yesterday, April 1, also affected other days

Academia

Competition pits students against simulated cyberattacks (News@Northwestern) A medium-sized health insurance company fires its IT staff, citing gross incompetence, and then hires a new team to defend its network against a band of highly skilled hackers looking for private data

Litigation, Investigation, and Enforcement

After Obama's cybersecurity order threatens Snowden fund, bitcoin donations spike (ZDNet) A new executive order is said to have made it illegal to donate to Edward Snowden's fund, which didn't go down so well with one good-spirited community

Oregon man wants to be arrested for donating Bitcoin to Edward Snowden (New York Daily News) An Oregon computer programmer hopes a measly donation of $0.33 in Bitcoin to Edward Snowden's legal fees lands him in trouble with the U.S. government

On John Oliver, Edward Snowden Says Keep Taking Dick Pics (Wired) John Oliver is worried that you don't care about government surveillance because you have no idea what it is. After doing an informal poll of passersby in Times Square, who for the most part had no idea who whistle-blower Edward Snowden was or what it was he leaked, Oliver said Sunday, "It seems like we've kind of forgotten to have a debate over what Snowden leaked"

Can a Company Remotely Wipe an Ex-Employee's Device? (Dark Matters) One of my favorite sayings about cyber risk is "an ounce of prevention is cheaper than the very first day of litigation." A recent case provides a nice example of exactly what I mean. In this case, an effective BYOD policy could have saved this company tens of thousands of dollars, at least

Cyber-bullying summit in Limerick will honour Phoebe Prince (Limerick Leader) Young people in Limerick will have a chance to influence online safety policy for social networks — and legislation in the area of cyber-bullying — by taking part in a summit being held in the city next month

California Attorney General Announces 18-Year-Prison Sentence For Cyber-Exploiter Who Created Revenge-Porn Site (CBS Los Angeles) California Attorney General Kamala Harris Friday announced that a man convicted of cyber-exploitation was given a nearly 20-year prison sentence

Monroe High School student hacker disrupts school district Internet (Monroe News) A Monroe High School student is facing possible felony criminal charges after the district's computer system was hacked and its Internet service disrupted several times over the past two weeks

Design and Innovation

Windows May Go Open Source: What It Really Means For Developers And Consumers (Tech Times) Microsoft — set to release Windows 10 later this year — is firmly established as the king of software. In spite of this, the company is open to change: Windows could soon become open source

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation

upcoming Events

Centers for Medicare and Medicaid Services (CMS) CISO Security & Privacy Forum (Woodlawn, Maryland, USA, April 7, 2015) The CISO Security & Privacy Forum is hosted by the Information Security Privacy Group (ISPG) at CMS. The Vision for ISPG is to provide leadership to CMS in managing information security and privacy risks appropriate for evolving cyber threats. The Mission is to enable the safe use of sensitive and privacy data while servicing the healthcare needs of the nation. The format for this event will include briefings from government and industry. Our featured speaker is from the Interagency OPSEC Support Staff and will present on "TRASHINT: Dumpster Diving", a very popular topic which teaches attendees how one person's trash can be another person's treasure

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts between Iran and the West. Few other events have so far dominated 2015 as the P5+1 negotiations to limit Iranian nuclear capabilities. Against the backdrop of the negotiations, it is likely that Iran, Israel, and the United States are gathering their strength for a renewal of cyber conflict of the past several years. The confrontations include attacks both from Iran, such as disruption of the US banking sector and against Gulf energy companies, and against Iran, such as Stuxnet and the Wiper worm. Should the talks fail, what are the chances of an escalating cyber conflict?

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.