The CyberWire Daily Briefing 04.09.15

Summary

By The CyberWire Staff

ISIS-sympathizing hackers take down another target-of-opportunity, French television network TV5Monde. Libya's Ansar al-Sharia takes a step toward aligning itself with the aspiring Caliphate (and the Libyan group's social media activity increasingly resembles that of ISIS).

Most observers finger Russian intelligence services in the long-running, long-investigated hacks of the US State Department and White House, but the White House itself declines any attribution as "not in our interest." (Diplomatic observers nonetheless see the US Administration dog-whistling an "I-know-what-you're-doing-online" warning in the direction of Moscow.) Russia officially denies any involvement, loyally seconded by the hardly disinterested journalists of Sputnik, who cite Kaspersky researchers on the virtual impossibility of attributing hacks to nations. (In fairness to Kaspersky, the company has long been very reticent with respect to attribution.) The White House says that, while no classified information was stolen, "sensitive" material was compromised.

Fox IT warns of a large-scale malvertising campaign that appears to be passing through a Google ad reseller. Heimdal warns of malice in Webpage Screenshot, a once popular app now removed from the Chrome store. ESET cautions against unexpected ZIP files that may contain the Waski malware downloader.

US-CERT alerts the public against the polymorphic downloaders of the AAEH family, and passes on the Network Time Foundation's NTP Project finding of vulnerabilities in the network time protocol daemon.

The White House hack raises investors' interest in cyber security stocks.

An Atlantic Council panel discusses the future of Iranian-US cyber conflict post-preliminary-nuclear-deal. (Watch the whole thing: cyberpeace isn't about to dawn.)

Notes.

Today's issue includes events affecting Australia, Austria, Bulgaria, China, France, India, Iran, Iraq, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Libya, Netherlands, Russia, Singapore, Syria, Ukraine, United States

Selected Reading

Cyber Trends

How data breaches break down by state and sector (CSO) The number of data breaches since 2005 are sliced and diced by state and sector, but nobody should be really surprised by the results

Legislation, Policy and Regulation

The future of the Iranian cyberthreat (Christian Science Monitor Passcode) Iran's interim nuclear deal with the P5+1 negotiators has been hailed at the White House and greeted with ambivalence in the halls of Congress. But how it impacts Iran in cyberspace remains to be seen. Iranian cyberconfrontations have been among the world's most explosive in recent years, including both attacks from Iran, such as disruption of the US banking sector and against Gulf energy companies, and against Iran, such as Stuxnet and the Wiper worm

Create framework to fight cyber attacks on markets: Sebi (Economic Times) To protect the securities market from cyber-crimes, India's capital market regulator on Wednesday said there is a need to put in place a framework of regulation

Cyberattack Shows That China Isn't Content to Censor Its Own Internet (Slate) The Chinese government has increased its Internet censorship and propaganda recently, cracking down on wife-swapping and one-night-stand stories and releasing a digital collection of the president's collected sayings, dubbed "Xi's Little Red App." Around the same time, San Francisco-based GitHub was hit with a five-day denial-of-service attack that slowed computer programmers' work across the world. The timing doesn't seem to be a coincidence

Seoul, Washington, Tokyo to hold security meeting next week (Korea Times) Korea and Japan are expected to hold a trilateral security meeting with the United States next week although Tokyo's recent territorial claims over Dokdo have worsened ties between the two neighbors

US, Japan near cyber defense agreement (The Hill) The U.S. and Japan are close to striking a bargain on bilateral defense rules that would bolster joint efforts to defend cyberspace

Is Russia More Powerful Than China in Cyberspace? (The Diplomat) Recent intrusions by Russian hackers indicate that Moscow's cyber espionage activities are expanding

Obama to Putin: Stop Hacking Me (Daily Beast) The U.S. is calling out Russia for a "dramatic rise" in cyber espionage against America. It's part of a veiled threat to the Kremlin: We know what you're doing online

Rand Paul's Ties to the Surveillance State (Bloomberg View) Few national politicians have the credibility of Senator Rand Paul when it comes to the issue of privacy. In his stemwinder Tuesday to kick off his presidential campaign against what he called the "Washington Machine," the Kentucky ophthalmologist promised to end the government's dragnet collection of telephone metadata from U.S. citizens

It's Taking Nearly a Decade To Upgrade the Pentagon's Internet (Defense One) Defense Department IT officials are still using a technology transition plan that doesn't even reflect the role of U.S. Cyber Command, which launched in 2009

Products, Services, and Solutions

Review: Anonabox or InvizBox, which Tor router better anonymizes online life? (Ars Technica) Intended to provide simple Internet privacy, two Tor routers take much different paths

HardSploit: Dedicated hardware pentesting tool (Help Net Security) As Internet of Things adoption is gaining momentum, and we hear time and time again that making it secure will be the biggest challenge, French IT security consultancy Opale Security has come out with a plan for a tool that will allow auditors to audit IoT and industrial device, SCADA systems and basic electronic products used in everyday life

NSA Clears Hypori Platform to Manage Classified Mobile Govt Data (ExecutiveGov) The National Security Agency has approved a Hypori cloud environment application to help defense agencies manage and secure mobile information over classified networks

ThreatStream Joins Forces with HITRUST to Speed Detection of Cyber Threats Targeting Healthcare Industry (InsuranceNewsNet) ThreatStream®, the leading provider of an enterprise-class threat intelligence platform, today announced a groundbreaking partnership with Health Information Trust Alliance (HITRUST), the leader in information risk management supporting the healthcare industry. Through this partnership, HITRUST is offering the HITRUST Cyber Threat XChange (CTX), powered by ThreatStream, a service that streamlines cyber threat information sharing and significantly accelerates detection of and response to cyber threats targeted at the healthcare industry

OPSWAT Announces New Malware Analysis Tool in Metascan Online (PRWeb) Statistics page aids in analysis of top threats and their detection rates

Splunk to be backbone for critical F-35 system (Washington Technology) Splunk is lending a big hand to Lockheed Martin's F-35 Lightning II program thanks to a subcontract that the company won to watch over some of the fighter's most critical systems

Clearswift Recognized for Adaptive Data Loss Prevention on Cybersecurity 500 List (BusinessWire) Data loss prevention provider ranked highest among competing technologies

Technologies, Techniques, and Standards

'Let's Encrypt' Will Try To Secure The Internet (InformationWeek) The Linux Foundation has lined up financial support for a group producing an easier way to encrypt Web site and mobile device traffic

Tokenization would not have prevented most retail breaches (CSO) Tokenization would not have helped in the majority of retail breaches over the past two years

Guide outlines specifications of smart card-based PACS (Help Net Security) Smart cards are increasingly accepted as the credential of choice for securely authenticating identity, determining appropriate levels of information access and controlling physical access

Solving the Right Problem: Stop Adversaries, Not Just Their Tools (Dark Reading) A malware-centric strategy is mere child's play against today's sophisticated adversaries. Here's why

Five Steps for Managing Cyberthreats in the Health Care Industry (Wall Street Journal) New information technologies and innovative business models are transforming the health care industry in several ways. The industry is beginning to focus on creating seamless interoperability among organizations, greater efficiencies in the delivery of care and increased consumer engagement through access to electronic health records and use of mobile health devices and apps

Four Essential Building Blocks of Cyber Security (SecurityWeek) Despite increased investments in preventive security measures, many organizations are losing the war against cyber criminals

Proactive Security Strategies Dramatically Improve Security Effectiveness (Dark Matters) A new study from Accenture and the Ponemon Institute confirms that companies that employ proactive security strategies realized a greater return on security investments than companies who depend on more traditional approaches to securing their networks

What’s next for your awareness program? (CSO) When I talk to CISOs or security awareness professionals, I frequently hear the same frustration about the results of their awareness programs. The supposed awareness programs have been a place for a year or more, and they have not yielded noticeable results, and in many cases seem almost useless, as user created incidents seem to continue to increase. When I ask them to describe their programs, what I get are descriptions of components of an awareness program and not a program itself. They describe computer-based training (CBT), and sometimes phishing simulations

Marketplace

Cybersecurity Stocks In Focus After White House Security Breach (TheStreet) A number of cybersecurity stocks are moving higher this morning after media reports indicated that hackers infiltrated the White House's computer system

Don't Miss These Top Hacker-Beating Tech Stocks (Investor's Business Daily) It doesn't matter what industry you're in when it comes to cybertheft. Health insurer Anthem (NYSE:ANTM) earlier this year became the latest data breach victim, joining JPMorgan Chase (NYSE:JPM), Target (NYSE:TGT) and other high-profile targets

Should FireEye Inc. Be Worried About Palo Alto Networks? (Motley Fool) Cyber security is big business — and it's expected to get even bigger. Research company Markets and Markets expects the demand for cyber security products to swell to around $156 billion in 2019, up from about $95 billion last year

Cyber security and the importance of investing and innovating (South Coast Today) As digital threats against the United States from criminals, terrorists and state actors continue to loom large, our ability to fight back is not measuring up. This grim assessment was delivered by Adm. Michael Rogers, who heads both the U.S. military's Cyber Command and the National Security Agency (NSA), before the U.S. Senate Armed Services Committee late last month

Singtel acquisition of Trustwave shows its managed security ambitions (Networks Asia) In a move to improve its portfolio of security services, Singtel has signed an agreement to acquire a 98% equity interest in US- based managed security services provider (mssp) Trustwave. This US$810 million (S$1.1 billion) deal will see Trustwave Chairman and CEO, Robert J McCullen, holding the balance 2% equity interest

SIGINT engineering and signal processing company bought by CACI (Military Embedded Systems) CACI International Inc. officials announced that the company has acquired LTC Engineering Associates, Inc., in Sarasota, Fla., which provides digital signals processing, cybersecurity, software engineering, signals intelligence (SIGINT), and communications intelligence (COMINT) to the intelligence and Department of Defense (DoD) communities

Damballa opens office in Japan (Atlanta Business Chronicle) Damballa Inc. expanded into Japan with a new office in Tokyo that houses a manager, sales support and partners

CSA to hold hackathon featuring $10,000 prize (Help Net Security) The Cloud Security Alliance (CSA) will hold its third Hackathon at the RSA Conference 2015 in San Francisco, to continue to test the CSA Software Defined Perimeter Specification V.1. A top prize of $10,000 is available to the first participant to gain access to a password provided account

Welsh: Future hot jobs for airmen in cyber, drones (Air Force Times) Want to be a part of the Air Force of the future? Be ready to fly drones, or learn to hack. The hottest future jobs for the Air Force will follow the increasing need for cyber forces and the insatiable need for surveillance, Chief of Staff Gen. Mark Welsh said Wednesday

CloudPassage names new chief marketing officer (Financial News) CloudPassage said it has selected Mitch Bishop as its chief marketing officer (CMO)

Research and Development

Can the Military Make a Prediction Machine? (Defense One) The planet is awash in open, free data. Can military-funded research turn it into a crystal ball?

Security Patches, Mitigations, and Software Updates

Apple fixes loads of security holes in OS X, iOS, Apple TV, Safari (Naked Security) Apple's latest tranche of updates has shipped

Using Office 365 at work? It's dangerous to go alone! Take this… (Register) Microsoft touts new weapon to fend off Exchange email exploiters

Microsoft Security Essentials review — latest results highlight plight of out-of-date Windows machines (Expert Reviews) Utterly outclassed when installed on a poorly-maintained computer, but an effective tool if you keep your machine updated

New Tor version fixes issues that can crash hidden services and clients (Help Net Security) Two new versions of the Tor anonymity software have been released on Tuesday, with fixes for two security issues that can be exploited to crash hidden services and clients visiting them

After School app grows up after child safety criticisms (Naked Security) Anonymous social media apps aimed at youngsters are kind of like their teenage target market: they like to think of themselves as edgy

Cyber Attacks, Threats, and Vulnerabilities

Islamist hackers take French broadcaster TV5Monde off air (IDG via CSO) French-language TV network TV5Monde was hit by a crippling cyberattack Wednesday that disrupted broadcasting across its channels and also involved the hijacking of its website and social media accounts

Cyber attacks against TV stations aren't a new thing. Just ask CNN (Graham Cluley) Remember this from ten years ago?

Spiritual Leader of Libya's Biggest Jihadi Group Pledges Allegiance to ISIS (Newsweek) Ansar al-Sharia's propaganda is also beginning to resemble that of ISIS. Ansar al-Sharia, the top jihadi group in the civil war-torn country of Libya, has edged closer to pledging allegiance to ISIS after its spiritual leader and top judge, Abu Abdullah al-Libi, defected to the radical group, according to an audio message released by the terror group

Cyberattack on Israel fails to push country's buttons (Israel Hayom) Anonymous hacker group's attempt to electronically cripple Israeli cyber infrastructure fails. Major servers exercise recommended protection protocols, escape disruptions. Dozens of minor websites hacked, none reporting significant damage

Russian Paper Removes Article About Soldier Wounded In Ukraine (Radio Free Europe/Radio Liberty) Journalists at a Siberian newspaper say they spent three days using scissors to cut an article about a Russian soldier who was wounded fighting alongside pro-Russian rebels in Ukraine out of 50,000 copies of the publication

Russian Hackers Breached White House Via US State Department (Dark Reading) Attackers who recently breached the US State Department compromised an unclassified White House system by sending spearphishing messages from a hijacked State Department email account, officials say

Russian hackers executed the US State Department, White House network breaches (Help Net Security) The October 2014 breaches of some of the computer systems of the US State Department and the White House have been executed by Russian hackers, unnamed US officials familiar with the investigation told CNN reporters

WH: Hackers accessed 'sensitive' data but nothing confidential (The Hill) The White House on Wednesday acknowledged hackers had access to "sensitive" data during a breach last fall, but reiterated no confidential material was lifted and the networks were never damaged

Russia Didn't Carry Out White House Computer Hack, Peskov Says (Bloomberg) Russia rejected a report that its government had been involved in hacking a non-classified White House computer network

White House will not name those behind 2014 cyber attack (AFP via Economic Times) The White House said Wednesday it would not name those behind a cyber attack on official Washington targets last October, after reports blamed Russia

Identifying Hackers' Country of Origin is Impossible (Sputnik) The chief malware expert at Kaspersky Lab said that it is almost impossible to guess hackers' nationality. The hardest problem about finding the source of cyberattacks is attribution since a hacker's country of origin can only be guessed by clues in the malware code, the chief malware expert at Kaspersky Lab said Wednesday

White House hackers accessed schedule of President Obama's whereabouts (Naked Security) Since the cyber intrusion into the White House was first discovered in October, the US government has said that ongoing cyber breaches into the president's executive office network — suspected to come via the US State Department's system — have only affected an unclassified system

White House battles cyberattacks on a daily basis (USA TODAY) The White House is under attack every day. Cyber attack. The methods change, and the suspects range from individual actors to governments like Russia, China, North Korea and Iran

Alleged White House hack highlights typical security failings, say experts (ComputerWeekly) The alleged penetration of sensitive White House computer networks highlights typical security failings, say information security experts

New Evasion Techniques Help AlienSpy RAT Spread Citadel Malware (Threatpost) Hackers have co-opted AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations

Large malvertising campaign linked to potentially compromised Google ad reseller (Help Net Security) Dutch infosec firm Fox IT has spotted a lage scale malvertising campaign that seems to originate from Bulgarian Google ad reseller EngageLab

Security Alert: Webpage Screenshot Leaks Private Data For 1.2 Million Users (Heimdal Security Blog) Our malware labs have detected a popular extension in Google Chrome — Webpage Screenshot — that systematically collects your browsing details in order to sell them to a third party

Chrome extension collects browsing data, uses it for marketing (Ars Technica) Downloaded 1.2M times, "Webpage Screenshot" no longer available in Chrome Store

Waski downloader spreads banker Trojan targeting users worldwide (We Live Security) If you have recently received an unexpected email with a ZIP file attached, it could be a threat attempting to steal your banking login credentials. Its name is Waski and is detected by ESET as Win32/TrojanDownloader.Waski

A flawed ransomware encryptor (SecureList) In the middle of last year, my colleagues published a blogpost about a new generation of ransomware programs based on encryptor Trojans, and used the example of the Onion family (also known as CTB-Locker) to analyze how these programs work

Alert (TA15-098A) AAEH (US-CERT) AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware. The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd) (US-CERT) The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition

The 10 Most Common Application Attacks in Action (IBM Security Intelligence) Nowadays, application development is moving more and more onto the Web. The Web hosts entire productivity suites such as Google Docs, calculators, email, storage, maps, weather and news — everything we need in our daily lives. Our mobile phones are useless without the Internet since nearly all mobile applications connect to the cloud, storing our pictures, usernames and passwords and private information. Even our home devices are now connecting to the Web, with Internet of Things platforms such as Wink that allow users to dim their house lights right from their mobile phone

Drug Pump's Security Flaw Lets Hackers Raise Dose Limits (Wired) When Billy Rios needed emergency surgery last summer after cerebral spinal fluid began leaking through his nose, he was only partly focused on his life-threatening condition. That's because Rios was distracted by the computerized drug-infusion pumps Stanford Medical Center used to administer medication to him and other patients. As a security researcher, Rios realized he'd purchased the same models of pumps months earlier on eBay in order to examine them for security flaws. As he watched the pump dose him with meds, all he could think about were the holes he'd found in one of the brands that made it susceptible to hacking

A Hacker's-Eye View of the Internet of Things (Re/code) Ever wonder what hackers think about the Internet of Things? Consider for a moment what someone with criminal intent might do with secret access to your Internet-connected garage door opener and it doesn't take long to imagine something bad

Linux Australia gets pwned, rooted, RATted and botted (Naked Security) Linux Australia had a bit of a nightmare Easter Weekend

An example of the malicious emails sometimes sent to the ISC handler addresses (Internet Storm Center) Part of being an ISC handler is reviewing the emails sent to our various email distros. Because these email addresses are publicly-known, we receive a lot of spam. Occasionally, we get more malicious messages. This malicious spam often provides malware samples to examine

At least 750 ambulance patients at risk after Philadelphia FD breach (SC Magazine) Billing information from at least 750 ambulance patients may be at risk after a breach, the Philadelphia Fire Department said

Kendall Jenner has her Twitter hacked, and rude things are said about Justin Bieber (We Live Security) When a celebrity starts to post crazy things on Twitter there are a small number of possibilities

Academia

Top Performers of Cyber Quests to be Invited to Summer Cyber Camps Hosted by U.S. Cyber Challenge (US Cyber Challenge) The U.S. Cyber Challenge (USCC), a program of the Center for Internet Security (CIS), announces the opening day of the qualifying Cyber Quests competition — an annual online contest for cybersecurity enthusiasts who will compete against their peers across the country for an invitation to one of several Cyber Camps being offered this summer

Litigation, Investigation, and Enforcement

U.S. secretly tracked billions of calls for decades (USA TODAY) A USA TODAY investigation revealed that a secret program collecting phone call data for international calls started in 1992. The U.S. government started keeping secret records of Americans' international telephone calls nearly a decade before the Sept. 11 terrorist attacks, harvesting billions of calls in a program that provided a blueprint for the far broader National Security Agency surveillance that followed

Snowden's Leaks Forced the DEA To End Its Own Mass Surveillance Program (Defense One) By exposing the NSA's spying programs, fugitive leaker Edward Snowden forced the Justice Department to shut down a separate phone-surveillance operation

Facebook faces privacy class action suit in Austria (ComputerWeekly) Austrian law graduate and privacy campaigner Max Schrems is leading a 25,000-strong class action lawsuit in Vienna against Facebook for allegedly breaching European privacy laws

Cyber pedophile operation nets 4 arrests (WTVR CBS 6) Authorities said four suspected pedophiles have been arrested after an undercover cyber operation in Spotsylvania County

Design and Innovation

Chip Fingerprinting Scheme Could Secure IoT Devices Against Malware (IEEE Spectrum) With the coming Internet of Things (IoT) in mind, Mitsubishi Electric, Ritsumeikan University, and the Japan Science and Technology Agency have developed a security scheme that can be used to identify individual logic chips by their "fingerprints." The scheme provides a means of preventing device spoofing, as well as a way to authenticate embedded software running on networked devices and so prevent malicious programs from being introduced

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

upcoming Events

10th Annual Cyber and Information Security Research Conference (Oak Ridge, Tennessee, USA, April 7 - 9, 2015) Cyberspace is fundamental to our national prosperity, as it has become critical to commerce, research, education, and government. Realizing the benefits of this shared environment requires that we are able to properly balance the risks and rewards, understand and communicate threats to security and privacy, and rapidly adapt any resulting approach to a changing adversarial environment. The 10th Annual Cyber and Information Security Research Conference at Oak Ridge National Laboratory in Oak Ridge, Tennessee will bring together cyber security researchers, program managers, decision makers, security vendors, and practitioners to discuss many challenging tasks and novel solutions pertaining to cyber security

Cyber Threats Masterclass (Turin, Italy, April 9 - 11, 2015) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing two new courses on emerging threats towards states and citizens with the aim of promoting an in-depth knowledge of specific issues such as cyber crimes and crimes against the environment. The courses are tailored to journalists and chief information officers, as well as those who want to specialize in this area, offering a unique opportunity to network with renowned international experts

InfoSec Southwest 2015 (Austin, Texas, USA, April 10 - 12, 2015) InfoSec Southwest is an annual information security and hacking conference held in Austin, Texas, one of the most interesting and beautiful cities in the United States. By addressing a broad scope of subject-matter, InfoSec Southwest is intended to both provide a comprehensive and valuable forum to all participants as well as fill a gap for our local attendees left by the other few conferences held here in Texas which are all focused on a narrower scope of subject matter or a narrower slice of audience demographic

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

Cybergamut Tech Tuesday: Tor and the Deep Dark Web (Elkridge, Maryland, USA, April 14, 2015) This talk will explore the use of Tor and how it relates to garnering useful intelligence. Distinguishing attribution or valuable intelligence from limited event data is difficult. Leveraging external threat data can be helpful in evaluating intelligence but how do you identify relevance? Created as a means of protecting the privacy and anonymity of its users, Tor — the managed network of private computers leveraged by criminal elements to minimize the risk of surveillance and capture — is being exploited by the most technically proficient, aggressive, and organized of criminal syndicates

Cyber Security Summit: Industrial Sector & Governments (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Industrial Sector & Governments brings together cyber security experts who will share their skills and know-how needed to address highly topical issues such as state-sponsored cyber-attacks and SCADA Security Assessment

Cyber Security Summit: Fnancial Services (Prague, Czech Republic, April 14 - 15, 2015) Cyber Security Summit Europe — Financial Services brings together cyber security experts across the financial sector to discuss topical security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

Mid-Atlantic ISSA Security Conference 2015 (Gaithersburg, Maryland, USA, April 15, 2015) Meeting at the NIST campus, this all-day event, jointly hosted by the ISSA Baltimore, DC, and Northern Virginia chapters, will have 3 concurrent tracks of security professionals discussing the current state of various information security topics. The cost is $150 per person, including breakfast and lunch; pre-registration is required in order to get onto the NIST campus

Symantec Government Symposium: Secure Government: Manage, Mitigate, Mobilize (Washington, DC, USA, April 15, 2015) The annual Symantec Government Symposium is a one-day event attracting 1,500 government IT security and management professionals. The event is designed to facilitate peer-to-peer dialogue on the challenges facing today's government leaders. This year, former FBI Director Robert Mueller will deliver the keynote address, and the program will also feature sessions on CDM, risk management, security intelligence, secure app management, cyber legislative priorities, and much more. The theme of the 2015 Symposium is "Secure Government: Manage, Mitigate, Mobilize"

Proposer's Day Conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program (Washington, DC, area, April 16, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day conference for the Scientific advances to Continuous Insider Threat Evaluation (SCITE) program, in anticipation of the release of a new solicitation in support of the program. The purpose of the conference will be to provide introductory information on SCITE and the research problems that the program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

IIT Cyber Forensics and Security Conference and Expo (Wheaton, Illinois, USA, April 17, 2015) All are invited to participate in this multi-track, technical conference that attracts more than 200 professionals, 50 speakers, 20 sponsors, for an intensive one and a half day schedule that includes discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more

RSA Conference 2015 (San Francisco, California, USA, April 20 - 24, 2015) Don't miss this opportunity to join thousands of industry professionals at the premier information security event of 2015

Australian Cyber Security Centre Conference (Canberra, Australia, April 22 - 23, 2015) The Australian Cyber Security Centre (ACSC) will be hosting its first cyber security conference in 2015. We are bringing leading cyber security experts from Australia and abroad to share their expertise. This will be your first chance to experience the unique collaboration of the ACSC. Over 700 attendees from the national and international ICT community are expected to attend

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection of cyber security and the internet of things'

Defensive Cyberspace Operations & Intelligence Conference & Exhibition (Washington, DC, USA, April 27 - 28, 2015) The 5th Annual Defensive Cyberspace Operations & Intelligence (DCOI) conference & exhibition is an Israeli-American partnership promoting the extraordinary developments in the technological, intelligence and policy-making domains of cyberspace. It will be held on April 27-28; the first day will consist of panels and exhibition at the Ronald Reagan Building and International Trade Center, and the second will hold workshops, exhibition and seminars at the George Washington University

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization's IT action plan

2015 Synergy Forum (Tysons Corner, Virginia, USA, April 30, 2015) The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures. This event is multi-disciplinary, examining the emerging fusion of physical and digital worlds. The event topics include: Big Data, Cyber Security, Internet of Things, Mobility, Strategy and Technology. Attending this event would be beneficial to: Policy-makers, architects, program managers, influencers in the federal government and the most forward thinking engineers, architects and innovators in the DC ecosystem

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.