The CyberWire Daily Briefing 04.08.15

Summary

By The CyberWire Staff

More vandalism of Israeli websites is reported, but the annual OpIsrael strikes most observers as not surpassing its customary nuisance levels of damage.

People claiming to represent ISIS threaten Turkey with online devastation unless that country's authorities release all the ISIS-bound fighters they've detained.

In the US, the FBI warns businesses to beware fallout from OpIsrael (but so far little is reported). ISIS-sympathizing hackers (Ars Technica calls them "script kiddies") pose a more immediate threat: they've been exploiting WordPress flaws (patches available) to strew Caliphate-themed messages and threats across the blogosphere. Observers hope this will motivate users to patch WordPress.

The long-running investigation of US State Department and White House network intrusions increasingly turns toward Russian suspects. It appears the State Department's unclassified systems were of interest principally as a phishing path into the White House.

Fidelis publishes an extensive report on the AlienSpy remote-access Trojan.

Baby monitor hacking is back, and creepier than ever — one more element of creep in the increasingly disturbing Internet-of-Things homefront.

Mozilla retreats from "opportunistic encryption" in Firefox. Snapchat blocks third-party apps. Users still cling to Windows XP, and Microsoft seeks to nudge users of that OS and other products to upgrade through embedded nagging. (Fair-minded observers wish Redmond's nagging well.)

Analysts look at Heartbleed, and how it's changed the security conversation. Other security mavens debate the relative importance of users and technology in reducing risk.

In industry news, Singapore's Singtel buys Trustwave, and iSight acquires Critical Intelligence. Investment analysts evaluate security firms' stock prospects.

Notes.

Today's issue includes events affecting Australia, China, Botswana, Denmark, Iraq, Israel, Russia, Singapore, Syria, Turkey, United Kingdom, United States

Selected Reading

Cyber Trends

Heartbleed a Year Later: How the Security Conversation Changed (eWeek) In the year since Heartbleed's discovery, there is more scrutiny than ever on OpenSSL and critical infrastructure overall. A year ago today (April 7), I first saw the OpenSSL advisory about a new security vulnerability identified as CVE-2014-0160 and titled "TLS heartbeat read overrun"

Experts Say Users Not To Blame for Security Breaches (CIO) Recently, IBM Security researchers took the lid off an active campaign using a variant of the Dyre banking malware. So far, the malware has swiped over $1 million from its enterprise Relevant Products/Services victims

HP warns cybersecurity customers to focus on people and processes (Computerworld) Organizations put too much emphasis on new technology

Global Research from Accenture and Ponemon Institute Quantifies How Proactive Cyber Security Strategies Can Improve Security Effectiveness (MarketWatch) New research from Accenture ACN, +0.76% and the Ponemon Institute sheds light on the success factors of companies that have improved their cyber security strategies, resulting in quantifiable business benefits. The research shows that proactive strategies can improve and expand on value delivered to the business

Are you prepared for dealing with a breach? (Help Net Security) RSA, The Security Division of EMC, released the results of a new global breach readiness survey that covered thirty countries and compared those global results with a survey of the Security for Business Innovation Council (SBIC), a group of top security leaders from the Global 1000

Anticipating RSA 2015 (Network World) Focus on threat detection/response, endpoints, threat intelligence, IAM, cloud, and SDN

Huawei's security warning to Botswana (IT Web Africa) International ICT technologies provider Huawei has warned companies in Botswana to acknowledge existence of cyber crime, urging companies to be proactive

A Clear and Present Danger (Trend Micro: Simply Security) Over the past 5 years there has been a dramatic modernization of Latin American criminality. Non-state actor groups have migrated online for the purposes of cybercrime; counter intelligence against law enforcement; and digital money laundering

Legislation, Policy and Regulation

Are the World's Biggest Internet Companies Under the Turkish President's Thumb? (Global Voices) Twitter and YouTube were blocked in Turkey once again April 6, sparking plenty of fanfare across social networks

White House Executive Order Declares Cyber National Emergency (Threatpost) U.S. President Barack Obama last week issued an Executive Order declaring a national emergency and deputizing the Treasury Secretary and Attorney General to apply sanctions and other consequences for international actors deemed to have engaged in "cyber-enabled activities" detrimental to U.S. national security, foreign policy, economic health or financial stability

Obama's War On Hackers (Dark Reading) Cybersecurity legislation, for the most part, is a good idea. But not without protections for bug bounty programs and other vital, proactive security research

Rand Paul Vows to Stop NSA Spying 'on Day 1' of Presidency (Reason Hit & Run) Wants to "take back America" from special interests

Phone Surveillance Revelation Should Prompt Reassessment Of NSA Spying (TechCrunch) Does evidence of a decades-old surveillance program throw out the case many public officials have made for the modern surveillance state?

Talking About Section 215: A Readers' Guide (Just Security) Media coverage of John Oliver's critique about the lack of discussion surrounding government surveillance programs seems to prove his point. Much, if not most, of the attention given to Sunday night's episode of Last Week Tonight has focused on Oliver's interview with Edward Snowden instead of focusing on the fact that the law governing one of the most heavily-criticized surveillance programs is up for potential reauthorization in less than two months. We're talking about Section 215 of the Patriot Act, the provision allowing the NSA to collect vast quantities of Americans' phone records

Navy to launch new cyber strategy (C4ISR & Networks) The Navy's cyber component will soon release a new cyber strategy that centers on five key goals for modernizing the service's cyber operations, according to a top Navy official

Navy preps to launch offensive cyberattacks (The Hill) The Navy will prepare to launch offensive cyberattacks under a new, soon-to-be-released cyber strategy, a top official said Tuesday

Has the U.S. lost technological supremacy? (C4ISR & Networks) Technology in general and digital technology specifically has impacted every aspect of our daily lives. Our dependency on it will only grow as we move toward 2020. Let's face it: Our nation's economic well-being and national security are substantially dependent upon digital technology. That's what makes the following figures so troubling

DOD's IPv6 transition lags (FCW) The Department of Defense first laid out plans to convert its network to the Internet Protocol Version 6 standard in 2003. While DoD has hit several milestones along the way, a lack of a coordinated effort on the part of the CIO office and U.S. Cyber Command prevented an enterprise-wide switchover, according to a recently declassified inspector general report

Products, Services, and Solutions

Cisco pitches security for SMEs (Register) ASA plus FirePOWER for the rest of us

DOSarrest External Monitoring Service Launches iOS and Android App (Sys-Con Media) DOSarrest Internet Security, a fully managed cloud based DDoS protection service, today announced that their DOSarrest External Monitoring Service (DEMS), a real-time website monitoring tool, launches a new iOS and Android application for clients. This application is a complimentary service to all DOSarrest clients who are subscribed to DOSarrest's industry leading DDoS protection service. The new mobile application on iOS and Android will allow clients to easily access and view their website(s) status and performance in real-time 24/7/365, as well as enable them to historically view all of the statistics for up to 1 year from 8 globally distributed sensors

Keyboard Guard und Browser Cleaner für Consumer-Produkte von G Data (CRN) G Data hat seine Sicherheitslösungen für Consumer aktualisiert. Sie bringen nicht nur einen verbesserten Schutz fürs Online-Banking mit, sondern haben auch Features erhalten, die bislang nur in den Business-Produkten zu finden waren

Active Canopy™ Joins "Bit9 + Carbon Black Connect" Alliance Program as Managed Security Services Provider (MSSP) and Incident Response (IR) Partner (Nasdaq) Active Canopy uses Carbon Black to rapidly detect and respond to attacks and accelerate remediation efforts for its customers

Man in the Middle Attacks Also Threaten Mobile Security (Charon Technologies) While most typically mentioned with the security issues surrounding unsecure WiFi access points, Man in the Middle attacks can happen on almost any device and can lead to your communications being compromised. Lately, the most disconcerting Man in the Middle (MITM) attacks have been aimed at cell phones. MITM attacks against mobile phones are particularly worrisome because they result in enabling the attacker to identify an individual's location, eavesdrop on conversations, and intercept and manipulate SMS messages from the victim's phone

Mobile Call Interception is Affecting You (Charon Technologies) If your job involves security or intelligence, trade secrets, or research and development, you are a target for mobile call interception. When you use your mobile phone, either at work or in your personal life, you can't guarantee that you're actually connecting with a legitimate cell tower. While you might think your phone is connected to a secure AT&T or Verizon network, it's possible that your phone is connecting to a "rogue tower" without you knowing it — and that your calls and data are under surveillance

Deep intelligence required to defeat cloud threats (Computer Business Review) Technology from Anicut Systems will expand CipherCloud's portfolio

RiskVision 7.5 Enables Good Cyber Hygiene to Achieve Immediate and Effective Defenses Against Cyber-Attacks (BusinessWire) Next generation big data risk management solution offers essential building blocks for cyber security operational risk intelligence at enterprise scale

Thycotic Announces HSM Integration with Thales (Sys-Con Media) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced that its flagship solution, Secret Server, can now be used with Thales hardware security modules (HSMs)

Fast and effective malware detection — for free (InfoWorld) Everyone discovers software on the Internet that looks like the right tool for a specific job. But is it safe? The Malwr malware detection site can tell you

Technologies, Techniques, and Standards

Is Offensive Security the Future? (Tripwire) Having been the only UK person to attend, sit on a Panel and to have presented at the ISMG APT Summit in Atlanta, I have returned home refreshed, invigorated, and completely motivated by the multiple experiences I enjoyed with my US colleagues, who again demonstrated they do 'git-it' when it comes to the "cyber challenge"

Containing Security (Dark Reading) How to identify the appropriate security for your container-based virtual applications

Cyber War Games: Top 3 Lessons Learned About Incident Response (Dark Reading) Deloitte Cyber Risk Service stages executive war games to show what might happen in the C-Suite after a breach

Talking Security to the Board (BankInfoSecurity) Do's and Don'ts from Jim Anderson of BAE Systems

WatchGuard urges C-suite to act first in security battle (Reseller News) There's a running joke in IT about the secret to getting the network security budgets they need: wait for a breach

National Cyber Security Alliance and Better Business Bureau Encourage All Internet Users To Do a Digital Spring Cleaning (Better Buisness Bureau) This Spring, consider a cyber clutter clean up to stay safer and more secure online all year round

How to Prevent Identity Theft in 20 Essential Steps (Heimdal Security) Do you know how to prevent identity theft attempts?

Marketplace

Mach37 Accelerates Security Startups (eSecurity Planet) 'Cyber accelerator' offers $50,000 and lots of training to security startups

iSIGHT Partners Acquires Critical Intelligence (Dark Reading) iSIGHT Partners, Inc., the leading provider of cyber threat intelligence for global enterprises, today announced the acquisition of Idaho- based Critical Intelligence, the leader in cyber situational awareness and threat intelligence for Industrial Control Systems (ICS) owners and operators. Under the terms of the agreement, iSIGHT Partners has acquired 100% of Critical Intelligence, a 6 year old company and pioneer in identifying vulnerabilities and threats to critical infrastructure systems, including supervisory control and data acquisition (SCADA) and other process control systems (PCS)

Singtel buying U.S. cyber security firm Trustwave for $810 million (Reuters) Singapore Telecommunications, Southeast Asia's largest telecommunications operator by revenue, is buying U.S.-based cyber-security firm Trustwave for $810 million, marking its biggest acquisition outside the main telecoms sector

Cisco goes after Palo Alto/FireEye with new hardware, services (Seeking Alpha) Hoping to counter next-gen firewall leader Palo Alto Networks (PANW +2.7%), threat-prevention hardware/software leader FireEye (FEYE +4.5%), other smaller/share-gaining enterprise security firms, Cisco (CSCO +1.2%) has refreshed its ASA firewall line and rolled out new malware-protection and incident-response services

Nick Urick on FireEye's 'Adaptive Defense' Cyber Approach and How to Reimagine Security (ExecutiveBiz) Nick Urick oversees FireEye's work with federal agencies in his role as vice president of the federal division for the Silicon Valley-based network security company

The Biggest Risks Facing FireEye Inc. (Motley Fool) Cybercrime may be one of the single biggest threats facing businesses today. With criminals looking to exploit security vulnerabilities, companies' trade secrets and customer relationships might be only one major hacking scandal away from being lost forever

2 top small-cap stocks to profit from cyber security (Motley Fool) Data security breaches seem to be in the news on a daily basis at the moment, and Symantec's latest Internet Security Threat Report confirms that cyber threats are indeed growing. There were 253 security breaches in 2013 up from 156 in 2012. Even more concerning is that a total of 552 million identities were exposed in 2013, compared to 93 million in 2012. Savvy investors will be wondering how they can profit from this alarming trend

CEO Sees CyberArk As Refuge In Sea Of Cyberattacks (Investor's Business Daily) A secure place in stormy seas. That's what Udi Mokady and co-founder Alon Cohen envisioned when they decided that CyberArk Software (NASDAQ:CYBR) was the right name for their fledgling network security firm in 1999

Black Duck Software hires Veracode co-founder as company plunges into security business (Boston Business Journal) Burlington-based open-source software firm Black Duck software is making big bets on helping to make open-source software more secure for companies

Secunia Appoints Security Industry Veteran to CTO Post (Secunia) Secunia, a leading provider of IT security solutions for vulnerability management, today announced the appointment of long-time security industry veteran Santeri Kangas as Chief Technology Officer. Kangas will head up the company's Product and Technology Group

Leading Threat Intelligence Platform Provider Vorstack Names New CEO (MarketWired) Security veteran Anne Bonaparte hired to lead corporate expansion

Security Veteran Barry Shteiman to Jumpstart Exabeam Security Labs (BusinessWire) Exabeam takes proactive approach to cybersecurity, user behavior intelligence and SIEM with Shteiman's information security expertise

Waverley Labs Appoints James A. Holtzclaw General Manager, Federal Programs (Power Engineering) Waverley Labs, a leading digital risk management (DRM) company, today announced the appointment of James A. Holtzclaw as General Manager, Federal Programs. In the new position, Holtzclaw will oversee Waverley Labs corporate federal services for digital risk management (DRM) solutions supporting the Federal Government — including the Intelligence Community (IC) and the Department of Defense (DoD)

Security Patches, Mitigations, and Software Updates

SSL flaw forces Mozilla to pull Opportunistic Encryption (CSO) Security problems force Mozilla to drop security feature

Snapchat blocks third-party apps from accessing its APIs (Help Net Security) Snapchat has had its fair share of data breaches and security troubles, the latest of which stemmed from the fact that the app's internal API has been reverse-engineered and is used by a number of third-party mobile apps

Windows XP — It's Not Dead Yet (TrendLabs Security Intelligence Blog) Support for Windows XP ended over a year ago. By any standard, Windows XP ranks as one of the most influential versions of Windows ever, thanks to its longevity and widespread adoption by enterprises around the world. However, the end of support should have served as a clear signpost to users and organizations to immediately upgrade to newer systems

Microsoft seeds Windows 7, 8.1 PCs with Windows 10 upgrade 'nag' notices (Computerworld) Optional update delivered on March 27 hints at aggressive pitch to people eligible for free upgrade

Microsoft Aims for Quarterly Updates to Its 'Cloud-in-a-Box' (Redmond Channel Partner) Enterprise and service provider customers running Microsoft's Cloud Platform System (CPS) will receive software updates on a "predictable quarterly cadence," Microsoft said recently

Report: Two waves of updates planned for Windows 10 in 2016 (Ars Technica) It's still going to be called Windows 10, though

Cyber Attacks, Threats, and Vulnerabilities

Anonymous Hackers Target Israeli Websites and Leak Credentials (Hacker News) The infamous hacking group Anonymous that vowed an 'Electronic Holocaust' against Israel and promised to 'erase Israel from cyberspace' on 7th April, managed to launch a cyber attack, beginning Tuesday morning

Annual cyber-attack on Israel targets MK's website (Times of Israel ) Online campaign by Anonymous hackers defaces dozens of sites, fails to wreak promised 'electronic Holocaust'

Israel: Pro-Palestinian hackers hit Israeli websites after Anonymous threats of cyberattack (Associated Press via US News & World Report) Pro-Palestinian hackers disrupted Israeli websites on Tuesday, following threats from the Anonymous hacking collective that it would carry out an "electronic Holocaust," though Israeli cyber experts said the coordinated attacks caused little damage

ISIS Hackers Warn Turkey to Release All Caliphate-Bound Detainees or Face Attack (PJ Media Tattler) A document claiming to be from a southeast Asian chapter of the Islamic State Hacking Division states that ISIS is ready for cyberwar with Turkey if the republic does not free jihadists caught trying to cross into the caliphate

UK government website hijacked by Islamist hackers (Hot for Security) Want to know what air pollution is like in the UK today? There's a website for that: uk-air.defra.gov.uk, run by the British Government's Department of Environment, Food & Rural Affairs (DEFRA). Unfortunately it's not going to be able to help you today

FBI Issues Warning to U.S. Companies Over Imminent Attacks (Dark Matters) The FBI issued a warning for U.S. companies that extremist hacker groups from the Middle East and North Africa, which "routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations," are planning to conduct cyber attacks against Israeli targets in an operation dubbed #OpIsrael

FBI: Hackers Exploiting ISIS Notoriety To Promote WordPress Hacks (Forbes) Self-described sympathisers of extremist group ISIS have hacked their way into websites to leave messages for visitors, the FBI has warned. The law enforcement agency said yesterday many sites were being attacked because of unpatched flaws in their WordPress content management systems

Beware of pro-ISIS script kiddies exploiting WordPress sites, FBI warns (Ars Technica) Hacktivists may step up attacks on websites. Also watch out for fake gov sites

As many as 1 million sites imperiled by dangerous bug in WordPress plugin (Ars Technica) Persistent XSS in WP-Super-Cache allows attackers to insert malicious code

Hey, maybe ISIS can get you to update your WordPress site's security? (Graham Cluley) Run a self-hosted WordPress site? Then you should take security seriously

Russian hackers eyed in attack on White House, State Dept. (SC Magazine) Russian hackers that breached a non-classified email system at the State Department, then dallied around in the agency's network for months, used that vantage point to gain entry into some areas of the White House computer system, CNN reported Tuesday

Russian hackers used State Dept. systems to Phish White House staffers (CSO) Sources close to the investigation say U.S. State Department used as stepping-stone

Ratting on AlienSpy (General Dynamics Fidelis) This report is a comprehensive description of AlienSpy, a remote access trojan (RAT) with significant capabilities that is currently being used in global phishing campaigns against consumers as well as enterprises. Our goal with this paper is to provide detailed analysis of its capabilities, tie it to previous generations of RATs that have been observed over the course of many years and provide observations from recent encounters with the RAT. Further, we intend to support the broader research community with a Yara rule developed as a result of our research as well a rich set of IOCs from campaigns that are currently operational, extending the body of knowledge around this RAT

Don't Feel Left Out: Ransomware for IT Security Enthusiasts! (Securelist) LogmeIn, Pastebin, and obfuscation as parts of a perfect crime

Malware writers take a page from the spam industry to evade detection (CSO) While the volume of threats declined slightly last year, their sophistication increased

Android Installer Hijacking Bug Used as Lure for Malware (TrendLabs Security Intelligence Blog) Mobile users became alarmed after the discovery of an Android bug that was dubbed as the "Android Installer Hijacking vulnerability." This flaw can allow cybercriminals to replace or modify legitimate apps with malicious versions that can steal information. Given the high profile nature of this discovery, we decided to search for threats that might exploit this vulnerability

Drive-by-login attack identified and used in lieu of spear phishing campaigns (SC Magazine) A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust. With users becoming increasingly skeptical of unknown links and emails, attackers are having to turn to something other than phishing campaigns to wrangle in possible victims

Criminals Host Fake Government Services Web Sites to Acquire Personally Identifiable Information and to Collect Fraudulent Fees (IC3: Federal Bureau of Investigation) From May 2012 to March 2015, the FBI's Internet Crime Complaint Center (IC3) has received complaints regarding criminals hosting fraudulent government services websites in order to acquire Personally Identifiable Information (PII) and to collect fraudulent fees from consumers

Con artists posing as Verizon Wireless representatives (RCR Wireless News) Verizon Wireless customers beware! There have been reports of con artists posing as Verizon Wireless representatives asking for social security numbers and other personal information

How to protect from threats against USB enabled devices (Help Net Security) Reports have been circulating that e-cigarette chargers from China were corrupted and infected machines with malware. Many journalists took the story at face value, even though the only source was a single post on the

Baby cam plays creepy music, moves of its own accord (Naked Security) First, there was the strange music, coming from the nursery

3 Internet Of Things Devices That Threaten More Than Your Data (Dark Reading) Veracode study of IoT devices show how vulnerabilities in our always-on households can have dire real-world consequences

16-31 March 2015 Cyber Attacks Timeline (Hackmageddon) I am back in business after a short vacation period (now and then it happens!), just in time to publish the second Cyber Attack timeline of March (the first one is here), which confirms the growing trend we have been experiencing in 2015

Litigation, Investigation, and Enforcement

Court mulls revealing secret government plan to cut cell phone service (Ars Technica) Feds: SOP 303 mobile-phone kill-switch policy would endanger public if disclosed

FBI would rather prosecutors drop cases than disclose stingray details (Ars Technica) New documents released by NYCLU shed light on Erie County's use of spying tool

First Step After You’ve Been Hacked? Call the Feds (IT Business Edge) If your system has been hacked, what would your first reaction be?

Chicago man sues Facebook over facial recognition use in "Tag Suggestions" (Ars Technica) Plaintiff claims Facebook violates Illinois Biometric Information Privacy Act

Police chief: "Paying the Bitcoin ransom was the last resort" (Ars Technica) Suburban Boston police paid $500 ransom in wake of CryptoLocker infestation

Is Chinese Theft of U.S. Corn Seeds a National Security Issue or just another Example of Sleazy Business? (AllGov) The Federal Bureau of Investigation (FBI) employed tools designed to be used against terrorists when going after two Chinese nationals for trying to steal genetically modified corn seeds and send them back to China

Design and Innovation

How To Make Passwords Obsolete (InformationWeek) Why do we still rely on the human-memorized password for authentication? Here are seven alternatives worth considering

Insecure Passwords or Insecure People? (Infosecurity Magazine) For all the talk about multi-factor authentication and the mainstream adoption of biometrics, passwords are not going away. Whilst there are more secure alternatives, and other authentication methods that can be used alongside the humble password, like it or not, the password is going to be around for a long time

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security

Cyber Risk Wednesday: The future of Iranian cyber threat (Washington, DC, USA, April 8, 2015) Join the Atlantic Council's Cyber Statecraft Initiative on April 8, from 4:00 p.m. to 5:30 p.m. for a panel discussion on the Iranian cyber threat and the potential for a drastic escalation of cyber conflicts between Iran and the West. Few other events have so far dominated 2015 as the P5+1 negotiations to limit Iranian nuclear capabilities. Against the backdrop of the negotiations, it is likely that Iran, Israel, and the United States are gathering their strength for a renewal of cyber conflict of the past several years. The confrontations include attacks both from Iran, such as disruption of the US banking sector and against Gulf energy companies, and against Iran, such as Stuxnet and the Wiper worm. Should the talks fail, what are the chances of an escalating cyber conflict?

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.