The CyberWire Daily Briefing 03.10.16

Summary

By The CyberWire Staff

A branch of al Qaeda—the Caucasus Emirate—takes the field in Syria and seeks to rival ISIS with online videos. The US continues to work toward fulfilling its promise to take the fight to ISIS in cyberspace, and quiet conversations with tech companies on potential contributions to information operations continue.

360 SkyEye Labs says that a threat actor they're calling "OnionDog" has been stealing information from the "energy, transportation and other infrastructure industries of Korean-language countries." There's no attribution, but some of the command-and-control appears to be located in the Republic of Korea itself.

Defense One looks at December's Ukraine grid hack and sees it as connected with Russian incursions into Crimea: if the territory seized got its power from Russia as opposed to Ukraine, that would help Russia consolidate its hold.

The Mac ransomware KeRanger has been assessed, by Bitdefender and others, as a variant of Linux Encoder, malware identified by Dr. Web last November.

Children's toys and games continue to be vulnerable points-of-entry into home networks and families' lives. The Wi-Fi enabled toy LeapFrog appears susceptible to attacks that leverage Adobe Flash weaknesses. And parents are advised not to let children download mods or add-ons for Minecraft, especially when offered by third-parties.

Cothority, a project working toward preventing backdoored software updates, has offered to help Apple ensure, by decentralizing the signing process, that backdoors installed in response to secret court orders would become public.

Apple warns that opening the jihadist's phone would cause it to fall behind in the "arms race" with hackers.

Notes.

Today's issue includes events affecting Australia, Canada, China, India, Iraq, Japan, Malta, Malaysia, Netherlands, Russia, Saudi Arabia, Syria, Ukraine, United Kingdom, United States.

Sponsored Events

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016)

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016)

Selected Reading

Cyber Trends

Exploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate (TrendLabs Security Intelligence Blog) Threats never stand still, and exploits kits were no exception. 2015 saw multiple changes to this part of the threat landscape: freshly-discovered exploits were added, and compromised websites and malvertising were used to deploy and spread threats using exploit kits

The next big threat in hacking — data sabotage (CNBC) As we speed into the future, an increasing number of components linked to our nation's and corporations' critical infrastructure are reliant on a connection to the Internet

Study names countries most vulnerable to cyberattacks (FCW) The United States is ranked 10th in a pool of 44 countries most vulnerable to a cyberattack, according to a study by University of Maryland and Virginia Tech

Threat geography: Why certain kinds of cyberattacks come from certain places (CSO) A security expert looking at different kinds of Internet attacks coming from different countries begins to see patterns emerging

Cyber Security Trends To Watch: 2016 (Forbes) One year ago, Control Risks highlighted two prominent cyber trends and made four predictions for 2015

Sophisticated threats dictate future response strategies (Help Net Security) Trend Micro released its annual security roundup report which dissects the most significant security incidents from 2015. The research confirms attackers are now bolder, smarter and more daring in attack vectors, cyberespionage efforts and cyber underground activity on a global basis

Ponemon: Health orgs hit with cyberattacks every month (GovernmentHealthIT) Healthcare organizations "are in the crosshairs" of cyber attackers, suffering one hack per month over the last year, with about half experiencing an incident involving the loss or exposure of patient information and another third unsure whether or not data was exposed, according to a new report

CYREN 2016 Cyberthreat Report Shows 55% Annual Increase in Phishing, Steady Upswing in Malware (PRNewswire) CYREN (NASDAQ: CYRN) today announced in its 2016 CYREN Cyberthreat Report that it tracked 3.96 million active phishing URLs in 2015 – a 55% increase over 2014

Legislation, Policy and Regulation

Cyber campaign against Islamic State marks beginning of a new secret war (Baltimore Sun) Days after the United States acknowledged conducting warfare over computer networks for the first time, Defense Secretary Ashton B. Carter took the stage at a major information security conference in San Francisco

The US Government Is Secretly Huddling With Tech Firms to Fight Extremism (Defense One) A coalition of civil rights groups wants to be included in the closed-door meetings to keep the feds in check

Opinion: Deeper India, US ties should include cybersecurity, too (Christian Science Monitor Passcode) In the last year of the Obama administration, it's time for India and the US to formulate a cybersecurity partnership so both sides protect their mutual interests in the digital realm

Dutch Data Protection Authority says companies can't collect health data from employee wearables (FierceMobileIT) Say goodbye to employee wellness programs involving wearables, people who live in the Netherlands

Department of Commerce Discusses Privacy Shield Timeline, Certification Scheme (Legaltech News) In a briefing, the Department highlighted important new regulations and certification procedures to help companies begin to transition into the new regulatory data transfer framework

NSA overhaul includes acquisition (FCW) The overhaul of the National Security Agency unveiled last month has been accompanied by a change in thinking about how the agency approaches acquisition

Stovepipes at DHS stymie cybersecurity efforts, says Johnson (FierceGovernmentIT) Stovepipes of programs and offices at the Homeland Security Department present a barrier to cybersecurity work that should be a cross-department effort, DHS Secretary Jeh Johnson told a congressional panel Tuesday

DHS names McAfee to lead Silicon Valley outreach effort (Federal News Radio) A second federal office in Silicon Valley is officially open for business

DoD Releases Cybersecurity Discipline Implementation Plan (Legaltech News) The plan centers around four “Lines of Effort” prioritizing existing DoD cybersecurity requirements

DoD-Wide Windows 10 Rapid Deployment to Boost Cybersecurity (US Department of Defense) The Defense Department will deploy Windows 10 departmentwide by January to strengthen cybersecurity and streamline the information technology operating environment, according to a Feb. 26 memo by Deputy Defense Secretary Bob Work

Navy Admiral: Cybersecurity Requires Diversity in Workforce (National Defense) The Pentagon is drawing up new battle plans to combat malicious hackers and is spending billions of dollars hardening military information systems

CCPs face pressure to deal with cyber security threats (Risk.Net) Regulators and clearing members urge central counterparties to do more to guard against attacks

Dateline

Innovation Sandbox and the modern threat landscape (Help Net Security) In this podcast, recorded at RSA Conference 2016, Ajay Arora, CEO at Vera, and Amir Ben-Efraim, CEO at Menlo Security, discuss their participation in the Innovation Sandbox Contest and offer insight into the current information security issues shaping our industry

RSAC 2016: Bro, Do You Even Cybercrime? Key 2016 Trends (Duo Blog) I attended the talks at the 2016 RSA Conference, and one that stood out to me was Bro, Do You Even Cybercrime? Key 2016 Trends. Given by James Lyne, Global Head of Security Research at Sophos and SANS, it was a snappy review of his research on phishing emails, successful vulnerabilities, malicious mobile apps and more

Network hacking methods and prevention tips (IDG.TV) At the 2016 RSA Conference, CSO's Steve Ragan chats with Fengmin Gong, co-founder and Chief Strategy Officer of Cyphort, about the latest ways that cybercriminals are attacking networks. In addition, he presents some ways on how IT can prevent (or slow down) the attacks

Cloud Takes Center Stage at RSA Conference, Yet Still a Long Way to Go (Techspective) I spent last week in San Francisco at the RSA Conference. The annual event is the biggest event for the security industry and takes over the Moscone Center and surrounding area

VC Ted Schlein Sees More Cybersecurity Firms Embrace Machine Learning (Wall Street Journal) Machine learning tools will underpin many new cybersecurity startups as companies look for scalable ways to sift through massive piles of data, quickly detect strange activity and act accordingly

RSA security conference: 25 years of discontent and pranks (Engadget) Attendees of America's largest computer security conference entertain themselves with harmless shenanigans

“May the best of your past, be the worst of your future.” (Deep Run Security Blog) I recently attended the RSA security conference in San Francisco. Several things struck me as appropriately “St. Paddy’s worthy.” All of the right characters were there: rainbows, leprechauns, imagination and of course promises of pots of gold

Products, Services, and Solutions

MariaDB Enterprise: Security at every level in the database (Help Net Security) MariaDB announced MariaDB Enterprise Spring 2016. New capabilities defend data against application and network-level attacks, support faster development of high-performance applications, and deliver higher service levels at lower cost

Kaspersky Lab Protection Goes Wearable: New Kaspersky Internet Security for Android Managed via Smartwatch (PRNewswire) Kaspersky Lab unveils a new version of Kaspersky Internet Security for Android that, in addition to offering improved performance speed and protection quality, includes an option for managing protection via Android Wear devices

Technologies, Techniques, and Standards

China to use 'Minority Report' big data surveillance to predict terrorism (SC Magazine) The Chinese government has contracted China Electronics Technology Group to develop technology, similar to that used in the sci-fi thriller "Minority Report," that can predict acts of terrorism before they occur based on large amounts of surveillance data

Experts say 'chip off' procedure to access terrorist's iPhone is risky (IDG via CSO) An error in removing the iPhone's flash memory could make the data unreadable forever

Cloud best practices CIOs should follow (Gizmodo) These include following one's business needs, Zeroing down on SLA, addressing security concerns

Opinion: Why constantly changing your passwords may not improve security (Christian Science Monitor Passcode) Requiring frequent password changes in the name of security might not be as effective as previously thought, especially if people are just adding another character onto an old password

Are You Making 'Reasonable Efforts' to Safeguard Your Client’s Information? (Legaltech News) Despite ample warning and rules, many law firms and lawyers are still not doing enough

Marketplace

Big Investors Aware of Cyber Threats but Often Unprepared: Survey (ThinkAdvisor) Cybersecurity budgets increased this year at less than half of firms surveyed

Views on Cybersecurity Threat Information Sharing Between CISOs and the Board From Bay Dynamics Chief Executive Officer Feris Rifai (Bloomberg BNA) Bay Dynamics recently released a report that surveyed information technology and security officers about the types of cybersecurity activity they report to their board of directors. The report concluded that chief information security officers (CISO) and the board of directors don't adequately share cybersecurity threat information

What you should know about cyber insurance (FirstPost) Decades ago, a group of merchants created a concept of general average—which is when all parties in a maritime venture share in losses resulting from a sacrifice of cargo in an emergency

Trend Micro Finalizes Acquisition of TippingPoint, Includes Next-Gen IPS and Award-Winning Zero Day Initiative (BusinessWire) Establishes foundation in network security and enhances advance threat protection enterprise-wide

FireEye: A Victim Of Market Myopia (Seeking Alpha) FireEye's stock has experienced a massive fall from the market's good graces. Despite this drop, revenue and billings continue to grow. From a valuation standpoint, FEYE has enormous potential

Raytheon's Strength Lies In Its Diversity (Seeking Alpha) Raytheon is not reliant on a single platform for their success. Their products cover many different areas of defense and they've been stretching into the civilian sector recently. Their incredibly diverse product portfolio make Raytheon one of the more appealing defense companies

Palantir Connects the Dots With Big Data (Fortune) With a growing book of corporate clients and a high-profile Syrian relief project, the data-analysis startup is branching out beyond its roots in the war on terror

7 Tech Jobs Hardest Hit By Layoffs In 2015 (InformationWeek) Despite a relatively low unemployment rate for the tech industry, some of its jobs were hit harder with layoffs than others in 2015. Take a look at the US Department of Labor's Bureau of Labor Statistics data to see how your job and those of your peers fared

Research and Development

Code Dx CEO Anita D’Amico on commercializing government-funded research in cyber (FedScoop) Industry validation is important because "industry acceptance of and use of government-funded research really validates that the government's investment in R&D is filling a real need," she said

Security Patches, Mitigations, and Software Updates

About the security content of Apple Software Update 2.2 (Apple Support) This document describes the security content of Apple Software Update 2.2

OTR Protocol Patched Against Remote Code Execution Flaw (Threatpost) Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication

Cisco Releases Security Updates (US-CERT) Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected device

ISC Releases Security Updates for BIND (US-CERT) The Internet Systems Consortium (ISC) has released updates that address three vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition

Caution Urged Over Patched Windows USB Driver Flaw (Threatpost) USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals

Cyber Attacks, Threats, and Vulnerabilities

Caucasus Emirate in Syria highlights role in Aleppo fighting (Long War Journal) The Caucasus Emirate in Syria, the official Syrian branch of the al Qaeda-linked Caucasus Emirate, has released two videos highlighting its role in the current fighting in the Aleppo province

OnionDog APT targets the infrastructure industry (Help Net Security) The Helios Team at 360 SkyEye Labs revealed that a group named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet

The Ukrainian Blackout and the Future of War (Defense One) The world’s first cyber-caused electricity blackout shook security experts around the globe. Here’s what it means for keeping the lights on

Massive Volume of Ransomware Downloaders being Spammed (Trustwave SpiderLab Blog) We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware

Locky ransomware activity ticks up (IDG via CSO) Locky is now one of the most commonly seen types of ransomware

Two Biggest Reasons Ransomware Keeps Winning (Dark Reading) New report also makes predictions on what hijinks ransomware might get up to next

Multiple third-party Snapchat apps are leaking your account data (NextWeb) If you’re using a third-party Snapchat app, it’s time to delete it. Change the password to your Snapchat account while you’re at it

600,000 TFTP Servers Can Be Abused for Reflection DDoS Attacks (Softpedia) Attacks have an amplification factor of 60

First OS X ransomware actually a scrambled Linux file scrambler (Register) Gatekeeper nutmegged using dodgy cert

KeRanger Mac ransomware is a rewrite of Linux Encoder (Help Net Security) KeRanger, the recently discovered first functional Mac ransomware, is a copy of Linux Encoder, the crypto-ransomware first unearthed and analyzed in November 2015 by Dr. Web researchers

Sentry MBA Uses Credential Stuffing to Hack Sites (eWeek) Shape Security warns of the growing threat of the hacking tool, which is able to bypass many modern IT defenses

DROWN Vulnerability Remains 'High' Risk, Firms Say (Threatpost) Despite the rush to patch systems at risk to the massive transport layer security (TLS) vulnerability, known as DROWN, hundreds of cloud services are still at risk of attack. According to two independent research firms, Netskope and Skyhigh Networks, a week after the vulnerability was identified DROWN still presents a high risk to companies

PoSeidon Completionist (Trustwave SpiderLabs Blog) Most gamers have explored every nook and cranny of their favorite game, completing achievements for hours after they finished the main story line

LeapFrog child's toy found susceptible to attacks leveraging Adobe Flash (Graham Cluley) Researcher found it child's play to identify potential weakness in Wi-Fi enabled toy

How Minecraft undermined my digital defences (BBC) Could your children be your weak link when it comes to home security? One of mine almost was thanks to Minecraft

Powershell Malware - No Hard drive, Just hard times (Internet Storm Center) ISC Reader Eric Volking submitted a very nice sample of some Powershell based malware

Cox Investigates Possible Employee-Data Breach (Multichannel News) 'Dark Web' site advertises access to details about 40,000 Cox staffers

Ezaki Glico hit by possible data breach (Japan News) Japanese confectionery maker Ezaki Glico Co. said Monday that personal data of users of its online shopping site may have been compromised following unauthorized accesses

Cyber attack against MaltaToday.com.mt continues (Malta Today) MaltaToday.com.mt and Illum.com.mt still under cyber attack but technical staff are working tirelessly to ensure that the sites are accessible

Malware hijacks big four Australian banks' apps, steals two-factor SMS codes (Sydney Morning Herald) Millions of customers of Australia's largest banks are the target of a sophisticated Android attack which steals banking details and thwarts two-factor authentication security

Truckers: how anyone could track you on the IoT (Naked Security) Thinking of “IoT”? Forget about the Internet of Things, this one’s a gaping hole in the Internet of Trucks

Hacking Internet-connected trucks and buses (Help Net Security) Among the things one can find with Shodan, the search engine for the Internet of Things, are trucks, buses and delivery vans that have been equipped with the Telematics Gateway Unit (TGU) device and a modem to connect to the Internet

Plugins - yes, they're handy but they also increase the surface of attack (Graham Cluley) Any plugin could potentially put your computer - and your data - at risk

These Are the Data Centers Where Cybercriminals Hide (Motherboard) Given the seemingly ethereal nature of the internet, it can be easy to forget that behind every hack or cyberheist there’s a real wires-circuits-and-boards infrastructure

DDoS Malware Became Very Popular This Past January (Softpedia) There's a need for DDoS tools and services on the market

Bulletin (SB16-067) Vulnerability Summary for the Week of February 29, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Hackers in training (Christian Science Monitor Passcode) Students from two of the world’s top universities raced to conquer the toughest cybersecurity challenges

The Key to Cybersecurity (UC Santa Barbara Current) UC Santa Barbara cryptographer Stefano Tessaro receives a National Science Foundation CAREER Award

Litigation, Investigation, and Enforcement

Encryption wars in spotlight after FBI battle with Apple (Irish Times) An unprecedented array of political, security and military officials attend RSA conference

Apple Exec Says FBI's iPhone Demand Would Create Security Arms Race Setback (Newsfactor) Apple's top software developer said acceding to the FBI's request in the San Bernardino terrorism case would cause the iPhone's defenses "to fall behind" in a digital arms race against hackers

Apple vs FBI: Encryption, iPhones & Terrorism (Know Your Mobile) Apple’s refusal to unlock a terrorists phone has major implications for everyone in the world

Americans Divided Over Apple’s Phone Privacy Fight, WSJ/NBC Poll Shows (Wall Street Journal) Democrats, independents favor company; Republicans worry government won’t go far enough to protect national security

FTC orders nine PCI auditors to share assessment details (CSO) The FTC is on a data breach enforcement roll

Clinton on email server indictment: 'That is not going to happen' (Washington Post) At a debate hosted by The Washington Post and Univision in Miami, former Secretary of State Hillary Clinton answered a question about her private email server and a potential indictment by saying, "That's not going to happen"

Feds win first conviction after trial of someone trying to join Islamic State (Washington Post) A U.S. Air Force veteran was found guilty of attempting to provide material support to the Islamic State Wednesday in what authorities hailed as a first-of-its-kind conviction after a trial

TalkTalk cyber attack: Antrim schoolboy ends Google legal action (Belfast Telegraph) A Co Antrim schoolboy arrested over the cyber attack on TalkTalk has ended his claim for damages against Google

Facebook friend request from victim prompts thief to turn himself in (Naked Security) Let’s say you’re a young man. One day, you get high, or stoned, or drunk, and you wind up breaking a store window and stealing a bunch of watches

Design and Innovation

Cothority to Apple: Let’s make secret backdoors impossible (Ars Techica) Decentralized cosigning could make it tough for government to gain access

What Sony Learned From the 2011 PlayStation Hack (HPE Matter) The importance of developing video games with cybersecurity in mind

Why Security & DevOps Can’t Be Friends (Dark Reading) Legacy applications are a brush fire waiting to happen. But retrofitting custom code built in the early 2000's is just a small part of the application security problem

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

2016 Cybersecurity Summit (Scottsdale, Arizona, USA, May 5, 2016) The Arizona Technology Council (AZTC), Arizona Commerce Authority (ACA) and Arizona Cyber threat Response Alliance (ACTRA)/Arizona InfraGard present the third annual Cybersecurity Summit on Thursday, May 5th. The Cybersecurity Summit is an opportunity for government and business executives to learn about the threats, vulnerabilities, and consequences related to data security and privacy matters

upcoming Events

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are welcome to make presentations and/or to only attend sessions. The Clute Institute also seeks manuscripts for possible publication in our recently launched Journal of Cybersecurity Research

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 with cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. We invite you to take this amazing opportunity to meet with other cyber security professionals at one of the largest SANS events and learn actionable steps that will make an impact on security. Our event campus and lodging will once again be the magnificent Walt Disney World Dolphin Resort.

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM), and Operation/Exercise lessons learned during Joint/Allied operations. The event will support all levels of organizations that manage deployed forces, or the local community. ISKMI will address rapidly changing security strategies, technologies and methodologies that make accounting of safeguarding and securing equipment more complex than ever before.

Pwn2Own 2016 (Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents to businesses. The Insider Threat Symposium & Expo is a MUST ATTEND event for individuals working for the U.S. Government, State Governments, Department of Defense, Intelligence Community Agencies, Critical Infrastructure Providers, Defense Industrial Base Contractors, Airport / Aviation Security, large and small businesses

ICCWS 2016 (Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.