The CyberWire Daily Briefing 03.22.16

Summary

By The CyberWire Staff

The terror attacks in Brussels this morning remain under investigation. Authorities are looking for the apparently as yet undetected command-and-control networks they assume must have been used for coordination.

Anonymous tells US Senator Cruz to exit the Presidential race. If he won't, Anonymous says it will release discreditable personal information and allegations of voter fraud.

Apple has issued multiple patches and updates. The one drawing the most attention is iOS 9.3, which is said to close a serious encryption flaw discovered by researchers at the Johns Hopkins University.

That encryption flaw seems unlikely to be related to whatever method the FBI says it's discovered that might give it access to the San Bernardino jihadist's county-issued iPhone. Yesterday the Bureau asked the presiding Magistrate to vacate today's hearings, saying that it had found unspecified ways of getting into the phone and may no longer need Apple's help. The Magistrate has withdrawn her order requiring that help, cancelled the hearings, and told the Bureau to report back to her on April 5.

Recorded Future notes that applying four recent patches—three to Adobe Flash Player and one to Microsoft Silverlight—offers useful protection against drive-by ransomware attacks. Bleeping Computer discussions have suggested that TeamViewer has been compromised to serve ransomware, but TeamViewer (as reported by Tripwire) says it isn't so: the company's looked into the matter and says it's found no issues, but reminds users to download from authorized stores and use two-factor authentication.

Goldman Sachs is moderately bullish on cyber stocks.

Notes.

Today's issue includes events affecting Argentina, Australia, Bangladesh, Brazil, Chile, China, Colombia, Estonia, Iraq, Iran, Israel, Republic of Korea, Mexico, New Zealand, Philippines, Singapore, Sweden, Syria, Trinidad and Tobago, United States and Uruguay

Sponsored Events

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016)

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016)

Selected Reading

Cyber Trends

Cyber Report: 2015 Was the Year of Collateral Damage (National Defense) With the Office of Personnel Management hack and other intrusions affecting tens of millions of people last year, a recent cybersecurity report dubbed 2015 the “year of collateral damage"

Lessons on security and privacy from SXSW (Christian Science Montior Passcode) Everything we talked about, debated, and discovered at the 2016 South by Southwest Interactive festival in Austin

Breach Response: Data Security Breaches Inside and Out (Legaltech News) The ABA Tech Show panel said data breaches have moved from the server room to the board room to living room

27% of US office workers would sell their passwords (CSO) U.S. office workers at large companies would sell their work password to an outsider

Rise in Shadow IT, Password Sales Disconnect with Employee Breach Concerns: Survey (Legaltech News) Employees’ increasingly risky behavior at the office has led some to ask if data breaches are becoming a self-fulfilling prophecy

Fiscal 2015 federal cyber incidents increased 10% over previous year (FierceGovernmentIT) Federal agencies reported 77,183 total cybersecurity incidents in fiscal 2015, a 10 percent increase over the 69,851 incidents in fiscal 2014, according to the Office of Management and Budget's Annual Federal Information Security Modernization Act report

Deloitte Predicts Rise in Blockchain-Based Payments (Bitcoin Magazine) Deloitte’s Center for Financial Services has released a report forecasting transformation of the banking industry over the coming decade due to disruptive technology

Australia and NZ among 'most vulnerable' to security attacks (Security Brief) Australia and New Zealand are among the most vulnerable economies in the world at risk of falling to a cyber attack, according to the Asia-Pacific Defence Outlook 2016 from Deloitte

Latin America Is Vulnerable to Devastating Cyber Attacks (Nearshore Americas) Uruguay, Brazil, Mexico, Argentina, Chile, Colombia, and Trinidad and Tobago all have an intermediate level of preparedness, but lag behind more the likes of the United States, Israel, Estonia, and South Korea

Legislation, Policy and Regulation

U.S. Proceeding with New Strategy to Counter ISIL (National Defense) The State Department is pursuing an alternative approach to counter the Islamic State’s online propaganda and in turn stymie the group’s recruitment of foreign terrorist fighters, according to a senior government official

FBI seeks to nip terror threat in schools (Albuquerque Journal) Recruited on social media by the terrorist group ISIS, three Denver-area girls – ages 15, 16 and 17 – boarded a plane for Turkey in October 2014, planning to make their way to Syria

Senate proposal on encryption gives judges broad powers (Reuters) A bipartisan group of U.S. senators has begun circulating long-awaited draft legislation that would give federal judges clear authority to order technology companies like Apple to help law enforcement officials access encrypted data, according to sources familiar with the discussions

Employee Surveillance: Business Efficiency Vs. Worker Privacy (InformationWeek) Legal scholars argue that new laws are needed to define the parameters of acceptable workplace monitoring and to ensure respect for personal privacy

Navy, Marines Bolster Cybersecurity Defenses (National Defense) Gen. Robert Neller, commandant of the Marine Corps, said cyber is now an established part of warfare

Intelligence System Moving to the Cloud (National Defense) As more engineers transfer defense networks to cloud computing, developers of a decades-old intelligence system are embracing the move

Products, Services, and Solutions

Emerson Helps Users Reduce Cyber Threats Through Control System Recertification (Automation World) Emerson Process Management’s DeltaV™ version 12.3 distributed control system (DCS) and its security project and engineering support services, is the first to pass the Achilles Practices Certification (APC) annual recertification of security best practices

Thycotic Announces Plans To Give Away $100M Worth Of Privileged Account Management Security Software (Business Solutions) Introduction of Secret Server Free makes it easier and more affordable for organizations to prevent cyber-attacks

Lynis 2.2.0: New features, tests, and enhancements (Help Net Security) Lynis is a popular open source security auditing tool, used to evaluate the security defenses of their Linux/Unix-based systems

Oil Company Taps IBM's Watson To Fend Off Anti-Fracking Attacks On Twitter (Forbes) Leave it to IBM to use artificial intelligence to reverse-engineer authenticity

Technologies, Techniques, and Standards

Google, Microsoft, Yahoo and others publish new email security standard (Computerworld) The goal of the new SMTP Strict Transport Security mechanism is to ensure that encrypted email traffic is not vulnerable to man-in-the-middle attacks

Do not touch this one Android setting and most malware will leave you alone, mostly (ZDNet) Android is a security mess, with malware lurking behind every corner, but simple common sense can avoid many of the hyped threats

Encryption vs Tokenization – Key Differences, Advantages, & Use Cases Explained (Virtual Strategy Magazine) Unless you’re a cryptographer, you wouldn’t be blamed for conflating tokenization with encryption

Getting past the fear of encryption (CSO) Lysa Myers, researcher, ESET talks about the value of encryption and how she realized that it's not so scary

HIT Think In light of pervasive security threats, why not encrypt everything? (Health Data Management) In healthcare, we all know what a breach is. Generally, it’s an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of protected health information

A Blue Team's reference guide to dealing with Ransomware (CSO) Ransomware is a known threat IT/InfoSec, but sometimes it's good to be reminded of the defenses that can be marshaled against it

Forensic Mobile Collections: The Past and Present of Taking Phone Data (Legaltech News) The ABA Tech Show 2016 panel saw civil and criminal law experts tackle current trends in forensic mobile collection

Malware Increasingly Making its Way into Organizations through Social Media (Legaltech News) The Osterman Research survey also found just over half of organizations feature a written policy governing the use of social networks

Complacency in the Face of Evolving Cybersecurity Norms is Hazardous (Part 1) (Legaltech News) The threat demands action and policies consistent with the corporation’s profile and its sector's norms

Cyber effects felt at tactical level in US Army training (IHS Jane's 360) The US Army is continuing to toll out the integration of cyber attacks in large-scale rotations as the service looks to improve the cyber element of its training and ultimately help inform doctrine in this area

National Cyber Security Centre to be UK authority on information security (ComputerWeekly) The UK’s National Cyber Security Centre (NCSC) is to be the UK's one-stop authority on infosec, based in London and led by GCHQ's Ciaran Martin

Homeland Security Department Launches Cyber Threat Sharing Platform (Wall Street Journal) The U.S. Department of Homeland Security on Thursday launched a platform that allows the government and private sector to exchange cybersecurity threat information with one another, part of a larger federal push to bolster cybersecurity

Combating Simultaneous Cyber Attacks (LinkedIn) In 2012 US financial institutions worked together to battle waves of denial of service attacks on their websites

Seven points to understand about cloud security (SC Magazine) By recognising and addressing the specific risks associated with use of cloud solutions, companies can overcome their fears and shift from a strategy built around minimising change to one optimised for change says Gordon Haff

Marketplace

Loading up on cyber risk could be a negative for insurers' ratings (Business Insurance) Uncertainties surrounding insurers’ coverage of cyber risks now outweigh the benefits of their potential earnings growth from a ratings perspective, Fitch Ratings Inc. said in a report Monday

Money managers starting to buy cyber insurance (Business Insurance) Money managers increasingly are buying cyber security insurance to supplement their technology security strategies to both combat data breaches and deal with repercussions if hackers do break in

Goldman launches coverage on cybersecurity stocks; expects solid growth (Seeking Alpha) Goldman Sachs analyst Gabriela Borges launched coverage on cybersecurity stocks with a generally bullish tone, arguing that spending growth is likely to stabilize or re-accelerate in 2017

Intel, Fortinet, launch cybersecurity initiatives (San Jose Mercury News) Two Silicon Valley cybersecurity companies are independently calling for more personnel and more collaboration to battle cybercrime in an era when launching a ransomware attack requires little more than a credit card

Defense Department agency aims to tap into Boston's cybersecurity industry (Boston Business Journal) The head of U.S. Cyber Command said he'd like to see the military cybersecurity agency establish a unit in Boston

Blue Coat Systems dominates network security forensics market (Security Brief) Frost & Sullivan has recognised Blue Coat Systems for its dominance in the global network security forensics market with the 2016 Global Frost & Sullivan Market Leadership Award

Corero Network Security PLC lands US$700,000 order (Proactive Investors) Corero said the American customer for its SmartWall Threat Defense System is one of the world’s largest hosting firms

Security Patches, Mitigations, and Software Updates

Apple Releases Multiple Security Updates (US-CERT) Apple has released security updates for iOS, watchOS, tvOS, Xcode, OS X El Capitan, OS X Server 5.1, and Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

iOS 9.3 to fix serious iMessages encryption flaw (HEAT Security Blog) For some time, Apple has forcefully pushed a message to consumers that it takes privacy seriously

Tor Project says it can quickly catch spying code (IDG via CSO) The organization has worked for three years to improve its ability to catch fraudulent software

Cyber Attacks, Threats, and Vulnerabilities

Abu Sayyaf Group battalion defects to Islamic State (Threat Matrix) Another battalion from the Philippines-based Abu Sayyaf Group (ASG) has reportedly defected to the Islamic State in recent days. Their pledge of allegiance was recorded and released by the Islamic State’s Furat Media, a largely Russian-language propaganda media outlet

Media #Offline: Investigating the March 19 Attacks on Swedish Media (Recorded Future) On the evening of March 19, several large Swedish media houses were brought down by a time coordinated distributed denial-of-service (DDoS) attack

Anonymous Warns US Sen. Ted Cruz to Leave Presidential Race, or Else (Softpedia) Barely a week has passed since Anonymous threatened to ruin Donald Trump's presidential campaign, and now, the hacker collective has taken aim at Texas Senator Ted Cruz, another candidate for the Republican nomination for President of the United States in the 2016 election

iOS zero-day breaks Apple’s iMessage encryption (Help Net Security) A team of Johns Hopkins University researchers headed by computer science professor Matthew Green have discovered a zero-day flaw in Apple’s iOS encryption, which could allow attackers to decrypt intercepted iMessages

Opening a PDF on your iPhone could infect it with malware (Graham Cluley) ... unless you've updated to iOS 9.3

Everything you need to know about the iMessage security flaw patched by iOS 9.3 (Macworld via CSO) Security researchers discovered a number of weaknesses in iMessage's encryption system. Apple's patches are already slated to appear

Encryption securing money transfers on mobile phones can be broken (Help Net Security) A group of researchers has proved that it is possible to break the encryption used by many mobile payment apps by simply measuring and analysing the electromagnetic radiation emanating from smartphones

Carbanak cyber-thieves’ newest attacks exposed (Help Net Security) The infamous Carbanak group is again doing what it does best: attacks and compromises financial institutions, and tries to steal as much money as possible from them by taking advantage of their victim payment processing networks, ATM networks and transaction systems

Carders Park Piles of Cash at Joker’s Stash (KrebsOnSecurity) A steady stream of card breaches at retailers, restaurants and hotels has flooded underground markets with a historic glut of stolen debit and credit card data

The POS Malware Epidemic: The Most Dangerous Vulnerabilities and Malware (IBM Security Intelligence) Point-of-sale (POS) malware is an information security ailment that, within less than seven years, reached colossal proportions and became more damaging to organizations than almost any other threat

Scammers Impersonate ISPs in New Tech Support Campaign (Malwarebytes Lab) Tech support scammers are investing a lot of efforts to attract new victims each day, and despite many takedowns, this is a highly profitable industry

Patch or Pay: 4 Recent Vulnerabilities Tied to Ransomware (Recorded Future) Hollywood Presbyterian Medical Center’s February ransomware attack was a wake-up call as a likely random attack significantly impacted a 434-bed acute-care facility

Ransomware Propagation Tied to TeamViewer Account (UPDATED) (Tripwire: the State of Security) Researchers have tied the propagation of a new type of ransomware to a TeamViewer user

These hackers can hold a town hostage. And they want ransom — paid in bitcoin. (Washington Post) The best that officials in Plainfield, N.J., can tell, the hackers got in when someone was on the Internet researching grants, and soon employees in the mayor’s office were locked out of their own files

Bulletin (SB16-081) Vulnerability Summary for the Week of March 14, 2016 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Norwich University computer security program part of major security event, Super Bowl 50 (GlobeNewswire) Norwich formed partnerships with leading software developers to support their work

‘Cyber Defense Competition’ will hack off at Highline College April 1-3 (Waterland) College students from around the Pacific Northwest will have the chance to practice thwarting hackers during the annual Pacific Rim Collegiate Cyber Defense Competition, scheduled for April 1–3, 2016, at Highline College

Litigation, Investigation, and Enforcement

FBI might have way to unlock attacker's iPhone without Apple (News Observer) A much-anticipated court hearing on the federal government's effort to force Apple Inc. to unlock the iPhone used by one of the shooters in the San Bernardino terror attack was abruptly vacated Monday after the FBI revealed it may have a way to access data without the company's help

5 things to remember during Tuesday's hearing pitting Apple against the FBI (IDG via CSO) The hearing is likely the first of many in the FBI's efforts to force Apple to help it unlock a shooting suspect's iPhone

How FBI vs. Apple could cripple corporate and government security (Macworld via CSO) The implications go way beyond whether law enforcement can unlock an alleged criminal's phone

EFF Executive Director Tackles NSA Surveillance, FBI/Apple at ABA Tech Show Keynote (Legaltech News) The Electronic Frontier Foundation’s Cindy Cohn focused on the FBI’s collection of the ‘Internet’s backbone’

Tracking Apple’s recent cases with the US government (Christian Science Monitor Passcode) Apple is fighting the US government on two separate requests to help federal investigators access the content on iPhones protected by strong, built-in security measures

Encryption Pioneer Phil Zimmermann Backs Apple in Fight With FBI (re/code) It wasn’t always so popular to stand up for the rights of regular people to keep their communications private from the prying eyes of governments

ZTE Sanctions Crumble (Wall Street Journal) The U.S. flip-flops on punishing the telecom for rogue-state ties

FTC Raps Android Developers For Using SilverPush Software (InformationWeek) The FTC has issued a warning to several Android developers for using SilverPush. This software, found on 12 Android apps, could violate consumer privacy rights by picking up background noise to feed to advertisers

NZ banks warned to check security after cyber attack on Bangladesh bank (Radio New Zealand) New Zealand banks and financial institutions are being urged to double-check their security practices following an unprecedented cyber attack on Bangladesh's central bank

Mystery Of New York Fed Robbery Has Central Banks Asking Who's Next (ZeroHedge) Bangladesh has learned a valuable lesson over the past two months: Do. Not. Trust. The. New. York. Fed

Oversight chair threatens subpoena over Defense chief's emails (The Hill) The Republican chairman of the House Oversight Committee is threatening to issue a subpoena if the Pentagon doesn’t provide more information about Defense Secretary Ash Carter's use of a personal email account for work

Probe launched into Pentagon handling of NSA whistleblower evidence (McClatchy DC) A federal watchdog has concluded that the Pentagon inspector general’s office may have improperly destroyed evidence during the high-profile leak prosecution of former National Security Agency official Thomas Drake

U.S. Ends Spying Case Against Former Envoy (New York Times) The Justice Department has closed its espionage investigation into the former American diplomat Robin L. Raphel and will file no charges, her lawyer said on Monday, ending a case that had put her under a cloud of suspicion over her ties to Pakistan for more than a year

Police charge 2 people in Sydney with funding Islamic State (AP) Police on Tuesday charged a 20-year-old man and a 16-year-old school girl in Sydney with raising money for the Islamic State group

Jury heaps another $25M in damages on Gawker for publishing Hogan sex tape (Ars Technica) Gawker took outside investment to appeal the mammoth $140 million verdict

Design and Innovation

Could this encrypted cloud service make apps take your privacy seriously again? (ZDNet) Computer scientists at MIT and Harvard University say their Sieve app enables web users to decide which applications access which aspects of their data

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming years. But even with enterprises tacking notice of new technologies capable of driving revenue and lowering costs, IT departments aren't yet in the clear. The role of the CISO is more important than ever as financial turmoil continues to alter the world's economy, making it difficult to put your organisation in a position to achieve success. The business goals have changed and CISOs are now tasked with trying to find emerging opportunities to drive value throughout the enterprise

cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, March 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information for attackers. It is commonly accepted that protection of data center workloads is important, but in many cases security takes a back seat to data center performance. What is needed is a security solution that does not increase latency and is operationally feasible.

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the largest US and global companies. Now in it its seventh year, provides attendees with focused insights into key risk management concerns via expert panels and strategic, thought-provoking discussions with peers and industry leaders

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that have only limited functionality — have become viable. While this potentially will provide great opportunities, the development of AI is likely to impact upon the very functioning of society. In this context, the specialized training on AI and autonomous robotics aims to provide media and public relations professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce. Despite the increasing demand for cybersecurity professionals globally it remains an area where there is a significant shortage of skilled security professionals. The conference will facilitate a national dialogue toward enhancing opportunities in cybersecurity education and increase employment opportunities for minorities

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together cybersecurity stakeholders from across the Commonwealth; from policy makers, regulators and implementing agencies to private sector and civil society. The Forum is a place to showcase expertise, build capacity, present new technologies and develop relationships. Importantly it will map out the future cooperation among Commonwealth countries in Cybersecurity

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: to better understand security challenges in order to better defend against insider threats

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem. The conference unites players from research labs, automakers, tier 1's, security researchers, and the complete supply chain to plan for the imminent future

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional Development), WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in supporting recruiting and retention efforts for women in cybersecurity is encouraged to participate

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading US and global corporate and government executives

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based Security is the must attend symposium of its kind in 2016 on this critical new reality.

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

CISO Dallas (Dallas, Texas, USA, April 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share their experiences and insights not only in preventing and detecting breaches but in selling and funding their programs to senior management and demonstrating business value.

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB on Tuesday, April 19, 2016. This is an excellent opportunity for technology, cyber and tactical technology companies to meet with remote personnel at Creech AFB.

Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams

Security & Counter Terror Expo 2016 (London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees from across the globe together to see the latest technology, hear about the latest developments, share best practice and ensure that their threat mitigation strategies are effective

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service components. The goal is to improve security, but a successful strategy depends on a matrix of participating organizations adapting technical solutions and adopting enterprise management to improve efficiency, security and reliability

2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, April 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join leading government cyber, IT, and web professionals at the 2016 Akamai Government Forum, an engaging one–day discussion, where we will dialogue on the critical aspects — and tools — for safeguarding a dynamic government in our hyperconnected world. Hear real time intelligence on the latest internet vulnerabilities and emerging attack vectors while sharing best practices on how to stop the largest Distributed Denial of Services and web application attacks. Find out how to enable safer, faster, resilient delivery of mission critical and public facing services. Learn the latest layered security tactics and other tools for securely optimizing your agencies digital presence — along with much more.

Army SIGINT (Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees will be Army personnel from outside of the Ft. Meade area. FBC will be working with the Army to invite all local Ft. Meade personnel and contractors to the expo as well. The industry expo will be held for one day only during the "Emerging Technologies" portion of the conference

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more

CISO Houston (Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.