The CyberWire Daily Briefing 05.10.16

Summary

By The CyberWire Staff

The Panama Papers database, released yesterday to much éclat, has attracted the scrutiny of Canadian tax enforcers and New Zealanders interested in transparency policy, but as far as the US is concerned, the results are ho-hum. But search and see for yourself.

Al Qaeda steps up its propaganda game, competing with ISIS for leadership of jihad in the Levant.

ImageMagick flaws are being exploited in the wild. Users should consult available policy-based mitigations if they’re working with an affected version.

Check Point fins a new strain of Android malware infesting the Google Play Store. “Viking Hoard,” seems mainly useful for ad fraud, but can be adapted for spamming and DDoS campaigns as well.

Kaspersky, to its credit, developed a decryption tool for the CryptXXX ransomware. But no good thing lasts forever—Proofpoint, which discovered and has continued to track CryptXXX, says that the malware has been modified to render the decryption tool ineffective.

Palo Alto warns that revenant ransomware Bucbi, not much seen since 2014, is making a comeback. Its approach to infection is different: its controllers brute-force their way into servers.

The security industry shows ambivalence about sharing—zero-day vendors are in bad odor, and start-ups don’t like their exclusion from VirusTotal. Twitter’s Dataminr poke at the US Intelligence Community is called fruit of a bad relationship between Government and industry.

The Bangladesh Bank hack investigation follows two lines: the FBI thinks it sees insiders, and Bangladesh police think SWIFT technicians rendered the bank vulnerable (which SWIFT vigorously disputes).

Notes.

Today's issue includes events affecting Afghanistan, Australia, Azerbaijan, Bangladesh, Brazil, Canada, Chile, Colombia, Dominican Republic, Germany, Greece, India, Israel, Lebanon, Malaysia, Mexico, New Zealand, Panama, Russia, Saudi Arabia, Spain, Syria, Tunisia, Ukraine, United Arab Emirates, United Kingdom, United States

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Accenture's Malek Ben Salem on big data security frameworks. Our guest is John Prisco, CEO of Triumfant, on his company's recent study of the Locky ransomware.

Sponsored Events

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec And Verizon (Forbes) The biggest players in cyber have published their annual security reports for 2016. Each one brings its unique view on cybercrime, and cyber defense strategies

EventTracker Publishes SIEM Expertise Survey Report (Marketwired) Study finds a significant percentage of companies lack resources to manage IT security challenges

Manufacturing Sector Identified as Leading Target of Infrastructure Cyber-Attacks (ENGINEERING.com) The US Department of Homeland Security (DHS) recently identified the manufacturing sector as the leading target of infrastructure cyber-attacks, accounting for one third of total attacks

What Are the Security Risks of the Cloud? (eWeek) Andy Ellis, chief security officer at Akamai, details some of the challenges and opportunities for security in the cloud

How secure are the devices connecting to enterprise assets? (Help Net Security) Most enterprises have accepted that its employees will use their own various, often mobile devices to access company assets, and have realized that the defined, more easily secured network perimeter is a thing of the past. All that remains for them is to make sure these devices are secure as they can be

Report examines general state of security on 2 million devices (CSO) Mac users typically have the most updated software installed

Managing Cyber Risk a Top Priority in Asia Pacific, Yet Vulnerability Management Strategies Lag According to New Research (Businesswire) Regional survey of information security professionals found 80 percent of companies attacked in 2015 lacked sufficient vulnerability management capabilities

Cyber Attacks in Retail Sector Highest in 2015, Reports Dimension Data (Spamfighter News) A report from an Information Technology security firm in Wellington reveals that the number of cyber-assaults on the retail market was the highest in 2015 therefore consumers and businesses must remain watchful while worldwide cyber-crime gets increasingly refined

Australian health sector an easy target for cyber criminals, says IBM (ComputerWeekly) A push to encourage greater adoption of electronic health records has raised the spectre of online record theft

Legislation, Policy and Regulation

Senator Wants Definition on Cyber Act of War (Federal News Radio) The United States is constantly attacked in the cyber realm, but when do those attacks mean war?

Presidential Advisers Recommend Countering Cyberattacks, Shootings with Big Data (Nextgov) An adversary has spent months executing a cyberattack on an unnamed part of the nation's critical infrastructure, after years of planning. Now, the disruption to daily American life is reaching its climax. First, there is a distributed denial of service, or DDoS," attack that masks a massive theft of data crucial to plotting the final coordinated strike. No one notices because security personnel are too busy trying to revive systems overwhelmed by a deluge of bogus network traffic

Influencers oppose expanding federal hacking authorities (Christian Science Monitor Passcode) Nearly two-thirds of Passcode’s Influencers said US judges should not be able to issue search warrants for computers located outside their jurisdictions

IoT security: not ripe for regulation (The Hill) Media reports regularly offer frightening stories about security vulnerabilities in the emerging “Internet of Things,” from the hack of a Jeep to the specter of bad guys accessing “smart homes” or exploiting industrial IoT to compromise utilities

Defense Business: These Are Nervous Times for Contractors (National Defense) Speaking to a room of government contractors recently, defense officials insisted that there is no witch-hunt

Products, Services, and Solutions

AKUA's Secure Gateway Solution Selected by Parkinson Seed Farm (PRNewswire) Persistent cargo monitoring and tracking will facilitate improved logistics

ESET security solutions top independent spam filtering tests (Security Bureau) ESET has come out tops as the highest security solution for anti-spam protection according to not one, but two, testing authorities

Malwarebytes Anti-Malware Explained: Usage, Video and Download (Softpedia) Learn how to use this powerful virus removal application

Swimlane Selected as a Gartner "Cool Vendor" (PRNewswire) Swimlane, a developer of cybersecurity automation solutions, today announced that it has been named to Gartner's list of "Cool Vendors 2016" in the category of Security Infrastructure Protection

Two Great Apps Arrive To Stop Hackers Spying On Your iPhone (Forbes) Apple AAPL +0.12% provides plenty of protection for iPhone users, as the FBI learned over the last few months. But it can never offer total security

Lieberman Software Partners With Aikya Security (MarketWired) Partnership extends privileged access management offerings to Canadian enterprises

Updated: Microchip’s hardware-encrypted micro for IoT (Electronics Weekly) Microchip has launched a hardware crypto-enabled 32bit microcontroller which can add security to IoT devices, offering encryption and authentication

Ixia Announces CloudLens Platform to Deliver Visibility Across Private, Public, and Hybrid Clouds (BusinessWire) Ixia (Nasdaq: XXIA), a leading provider of network testing, visibility, and security solutions, today announced CloudLens™, a platform consisting of existing Ixia solutions and planned products that will integrate network visibility across private, public, and hybrid cloud environments

Quick Heal upgrades its line-up of security products (Times of India) Quick Heal Technologies Limited has released version 17 of Quick Heal Total Security, Quick Heal Internet Security and Quick Heal Antivirus Pro

GIAC Launches New Certification for Python Coders, GPYC (PRNewswire) Provides employers ability to identify experts that have needed Python skills

Technologies, Techniques, and Standards

Let’s stop talking password flaws and instead discuss access management (Help Net Security) A good bit of attention has been given to a new report that suggests that there are organizations that don’t change their administrative passwords at all, ever

Vaizey urges businesses to adopt Cyber Essentials to combat malware threats (SC Magazine) As UK government vows to boost cyber-defences, its own research finds majority of successful attacks could have been prevented by adopting Cyber Essentials

The IT Checklist to Prevent Data Breach (Aim.ph) A big part of data security is the proactive prevention of data loss, theft, and security breach, and it is always better to prevent these from happening instead of mitigating attacks

Preventing user-based attacks (ITWeb) Today, an enormous percentage of business is conducted via the Internet on a multitude of devices and platforms. End users share more information than ever and connect to numerous outside networks, increasing the potential attack surface exponentially

Guardsman conduct large-scale cyber training (Defense Systems) The potential threat to infrastructure was one focus of the recent Cyber Shield 2016, a national cyber exercise in which National Guard units took part along with Army, Reserve and Marine Corps cyber warriors

Why cyber tools are not total solutions (Federal Times) I had the opportunity to attend this year’s RSA Conference in San Francisco and I was impressed with the hundreds of cybersecurity exhibitors on display there. If you ever have the chance to go and haven’t been already, do yourself a favor and take the trip. It’s absolutely worth the investment

Marketplace

Hackers get big paychecks from multiple sources (The Hill) The FBI isn’t the only one paying hackers huge price tags to hand over ways to hack into personal devices

Microsoft's cyber security strategy: How it is using Bing, Azure and machine learning to build a secure platform (Computer Business Review) C-level briefing: How Microsoft's broad portfolio is feeding data back into its cyber security offerings

Palantir co-founder blasts report that CIA-backed company is struggling (Silicon Valley Business Journal) Palantir Technologies co-founder Joe Lonsdale over the weekend accused Buzzfeed of taking some facts out of context and "bad journalism" in a less-than-flattering report on Friday

FireEye Inc. Announces Leadership Changes (Motley Fool) Incoming CEO Kevin Mandia says he expects the company to "dominate" the cybersecurity arena in the years ahead

Here's Why Palo Alto Networks Is Better Than FireEye (Investor Guide) Cyber security stocks have been very volatile. For instance, FireEye (FEYE), which is off considerably from its 52-week highs, fell almost 20% yesterday after reporting bleak quarterly report. Investors need to be very careful when choosing a stock in this space. Since the companies are focusing on growing market share, they spend more money than they generate, which is why stocks in the sector are very volatile

NEWS ANALYSIS: Hacking fears as Google chops ‘freeloading’ security firms (Business Day) A number of young technology security companies are losing access to the largest collection of industry analysis of computer viruses, a setback industry experts say will increase exposure to hackers

NRC to sole-source cyber simulation contract ... unless (Federal Times) The Nuclear Regulatory Commission is planning to award a sole-source contract for evaluating and training its cybersecurity staff, however the commission is giving other prospective vendors a chance to show they can meet the requirements

CSC Completes Acquisition of UK’s Xchanging (Insurance Journal) CSC, the TYSONS, Va.-based technology solutions and services provider, announced it has completed the acquisition of Xchanging plc

Raytheon Opens New Campus in Richardson (WPAB News) Raytheon has opened a campus in Richardson along Bush Turnpike, east of Highway 75. The facility will house Raytheon’s Intelligence, Information and Services

An Innovation Jason Bourne Would Love (Forbes) You know that scene in the 2002 movie The Bourne Identity, when Jason Bourne (Matt Damon) dispatches a CIA assassin sent to kill him at his French farmhouse hideout — and then uses the guy’s phone to make a zero-click encrypted phone call to CIA headquarters in Langley?

Start-up, Vera, welcomes Mark Leslie to board of directors (ARN) Company also cements Series B funding from Capital One Growth Ventures

Research and Development

DARPA calls for help to improve cyber attack attribution (Help Net Security) Reliable cyber attack attribution is currently almost impossible, and the Defense Advanced Research Projects Agency (DARPA) wants to find a solution for that problem

GO-Trust Works with the National Cybersecurity Center of Excellence (NCCoE) (Sys-Con Media) Today GOTrust Technology Inc. (GO-Trust) announced it is collaborating with the National Cybersecurity Center of Excellence (NCCoE) on its Derived Personal Identity Verification (Derived PIV) Credentials project

CYREN Awarded Second Cybersecurity Grant from Israeli Government (PRNewswire) CYREN (NASDAQ: CYRN) today announced it was awarded a grant of ILS 3.22 million (approximately USD 0.85 million) by the Office of the Chief Scientist (OCS) at Israel's Ministry of Economy and Industry. The grant is part of Israel's ongoing initiative that provides benefits to Israeli companies in order to encourage R&D activity aimed at developing technological solutions in the field of cybersecurity. CYREN received a similar grant last year as well

Security Patches, Mitigations, and Software Updates

Aruba fixes networking device flaws that could open doors for hackers (IDG via CSO) The flaws affect ArubaOS, the AirWave Management Platform (AMP) and Aruba Instant (IAP)

Cyber Attacks, Threats, and Vulnerabilities

Anonymous DDoS Attacks Spread, But What's the Impact? (InfoRisk Today) 'Operation Icarus' targets numerous banks, but interruptions apparently limited

Terror Groups Using Legit, Home Grown Tools To Communicate, Proselytize (Dark Reading) Trend Micro says its research shows that terror, cybercrime groups often use same tools to operate

Osama bin Laden’s son says jihad in Syria key to ‘liberate Palestine’ (Long War Journal) Al Qaeda’s propaganda arm, As Sahab, has released a new message from Osama bin Laden’s son, Hamzah. It is the second time Hamzah has spoken on behalf of al Qaeda since last August. Hamzah’s message has been paired with a speech by Ayman al Zawahiri on both occasions.

Taliban claims to have ‘thousands of fully armed martyrdom seekers’ (Long War Journal) The Afghan Taliban said it would give “top priority” to retaliate against government agencies involved in the execution of jihadist prisoners and claimed it has “thousands of fully armed martyrdom seekers” at its disposal who are “awaiting to take revenge.” The Taliban issued the statement yesterday on its official website, Voice of Jihad, after the Afghan government executed six jihadists, including a member of al Qaeda, for various attacks in the country

Panama Papers database of offshore companies goes public (Chicago Tribune) A group of investigative journalists made live the names of thousands of offshore companies based on a massive trove of data on the finances of the rich and powerful that has become known as the Panama Papers

Live Panama Papers database dump reveals 200,000 secret offshore account details (Telegraph) The "Panama Papers" database went live today - the largest ever release of secret offshore companies and the people behind them

You can now search the Panama Papers – the secret accounts of the global rich – yourself (Washington Post) Some of the information from the Panama Papers, a vast trove of more than 11 million leaked documents that have cast a light into the shadowy world of offshore finance, is now available to the public for the first time. The Washington Post is joining a group of global media organizations in publishing a searchable database of more than 300,000 opaque offshore entities

Panama Papers Include Dozens of Americans Tied to Fraud and Financial Misconduct (ICIJ) Mossack Fonseca's files include offshore companies linked to at least 36 Americans accused of serious financial wrongdoing, including fraud and racketeering

Viking Horde: A New Type of Android Malware on Google Play (Check Point) The Check Point research team uncovered a new Android malware campaign on Google Play it calls Viking Horde

Lost Door Remote Access Trojan Distributed via Facebook, YouTube, Blogspot (Softpedia) A Tunisian hacker known as OussamiO has been busy for the past nine years distributing his Remote Access Trojan (RAT) via ads on the Dark Web, but also on popular networks such as Facebook, YouTube and Google's Blogspot

Attackers are probing and exploiting the ImageTragick flaws (IDG via CSO) Security companies have observed attacks trying to exploit recently disclosed remote code execution flaws in the ImageMagick Web server library

Attackers keep flinging assorted ImageMagick 0day exploits (Help Net Security) It’s been a week since the existence of several flaws affecting popular image processing library ImageMagick have been made public

This unusual botnet targets scientists, engineers, and academics (ZDNet) The Jaku campaign performs a "highly targeted operation" to infect systems and carry out DDoS and phishing attacks, warn researchers from Forcepoint

CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool (Proofpoint Insight) In mid-April, Proofpoint researchers discovered CryptXXX, a new malware variant developed by the authors of the Reveton malware and closely tied to Angler and Bedep [1]. Our colleagues at Kaspersky quickly released a decryption tool with which infected users could recover encrypted files without paying the CryptXXX ransom. However, the latest version of CryptXXX, which appeared in the wild today, renders that tool ineffective, returning the focus on CryptXXX to detection and prevention

Bucbi Ransomware Makes a Comeback After Two Years (Softpedia) Crooks are brute-forcing RDP servers to spread Bucbi

Ransomware, Phishing Attacks Rise as Cyber-Crime Increases (eWeek) A Verizon report found most attacks exploit known vulnerabilities that have never been patched despite patches being available for months or even years

5 Email Campaigns Evading In-Market Security Solutions (IT Business Edge) Email is still the primary attack vector for many cybercriminals. In addition to malicious attachments and URLs, credential phishing is also on the rise and placing everyday users at the root of the attack. Why? Cybercriminals are using advanced attack methods that are consistently evading traditional detection tools. As such, organizations are beginning to realize that these advanced attacks can only be detected through multi-dimensional behavioral analytics that operate on diverse data sources and use a full spectrum of machine learning techniques

Beware: fake emails are becoming more realistic (Business IT) A security vendor reports that fake emails are getting harder to spot, as cyber criminals become more effective at spreading malware and stealing passwords. Criminals are crafting increasingly realistic emails using local brands and logos to impersonate postal companies, tax and law enforcement agencies and utility firms, according to security vendor Sophos

10 Years Of Human Hacking: How ‘The USB Way’ Evolved (Dark Reading) After a decade of clicking without consequence, users still haven't gotten the message about the dangers of rogue USB devices with malware hidden inside

WordPress Cross-Site Scripting and Security Bypass Vulnerabilities (Secunia) Multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions

FDIC reports five ‘major incidents’ of cybersecurity breaches since fall (Washington Post) The Federal Deposit Insurance Corp. (FDIC) on Monday retroactively reported to Congress that five additional “major incidents” of data breaches have occurred since Oct. 30. FDIC also is launching “a new initiative to enhance security”

IRCTC Denies Hack, But Leaked Data Could Be Genuine (InfoRisk Today) IRCTC's MD says data theft needs verification, but no intrusion took place

Academia

The search for next gen cyber security experts starts in high school (Portland Business Journal) Several Portland companies and Portland State University are teaming up for a cybersecurity camp aimed at high school students. And, as guest columnist Rob Wiltbank notes, applications are open

Litigation, Investigation, and Enforcement

Canada Revenue Agency scouring Panama Papers for possible tax cheats (CBC) 'If we can lay criminal charges, we will lay criminal charges,' minister says

Reuters: Police Say SWIFT Techs Made Bangladesh Bank More Vulnerable Before Heist (Dark Reading) SWIFT rejects 'baseless allegations' that software company's negligent security procedures had anything to do with $81 million wire transfer heist

SWIFT rejects Bangladeshi claims in cyber heist, police stand firm (Reuters) SWIFT has rejected allegations by officials in Bangladesh that technicians with the global messaging system made the nation's central bank more vulnerable to hacking before an $81 million cyber heist in February

Bangladesh central bank hack may be an insider job, says FBI (IDG via CSO) Financial network SWIFT has denied earlier allegations its technicians contributed to the hack

Twitter bars intelligence agencies from key data service (The Hill) Twitter has barred U.S. intelligence agencies from accessing a service that monitors and sorts the entire worldwide volume of tweets in real time

U.S. Reaping the Results of a Poisoned Relationship With IT Industry (eWeek) The U.S. government is learning that it badly needs the technology industry's cooperation, but it's given the industry little incentive to do its civic duty

Privacy and the New Math (Linux Journal) In the Apple vs. FBI case, the real disputes are between math and architecture, and between open and closed. Linux can play an important role in settling those disputes, because it is on the right side of both

Apple, Google, AT&T, Verizon Face FTC And FCC Scrutiny Over Slow Mobile Security Updates (Hot Hardware) When it comes to the often slow pace of security updates being pushed to the mobile devices that are at center of our daily digital lives, both the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) are looking for some answers

FTC orders Apple, Google, Microsoft, Blackberry, Samsung to divulge mobile security practices (Network World) FTC wants 8 leading mobile communication vendors to understand policies regarding mobile device security

Syrian hacker extradited to the United States from Germany (Washington Post) An alleged hacker with the Syrian Electronic Army, a group that supports the Syrian government, has been extradited to the United States from Germany on charges of conspiracy linked to a hacking-related extortion scheme, U.S. officials said Monday

State Department claims it can't find any Clinton texts or email file for IT aide (Politico) The State Department maintains that it cannot find any text messages sent to or from former Secretary of State Hillary Clinton and cannot locate any emails received or sent by a key information technology staffer during her tenure, lawyers for the Republican Party said in a court filing Monday

Recidivism Watch: Clinton’s claim on ‘material marked classified’ (Washington Post) One of Clinton’s standard lines about her email system popped up again over the weekend. We had examined this claim in detail back in August, noting that Clinton’s very careful and legalistic phrasing raises suspicions

Afognak Native Corporation Recovers $3.665M of Cyber Fraud Funds (Globe Newswire) Afognak Native Corporation announced today that it has recovered nearly all of the stolen funds that were fraudulently obtained by an international criminal ring during a sophisticated cyber crime attack against the corporation in May 2015

This Hacker was Arrested for Exposing Flaws in Lee County elections website (Hack Read) David Levin, the 31-year old political consultant from Estero, was been jailed for over six hours for hacking into the Lee County election website on December 19, 2015

Liberty Reserve Founder Gets 20 Years For Money Laundering (Dark Reading) Convicted for virtual currencies laundering operations worth $8 billion

Design and Innovation

IBM's Watson is going to cybersecurity school (CSO) Eight universities will help train it to tackle cybercrime

Why ONI May Be Our Best Hope for Cyber Security Now (Datanami) Huge volume of network data has made it all but impossible for the good guys to detect new security threats, which has created space for the bad guys to operate. But thanks to a new Apache big data project called Open Network Insight (ONI), the good guys now have a powerful way to cut through the noise and identify bad guys and their malicious schemes

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes. These events bring together 300+ exhibitors and 300+ free to attend seminars across 23 theatres, all under ONE roof. The six IP EXPO Europe events for 2016 are: Cloud Europe, Cyber Security Europe, Networks & Infrastructure Europe, Data Analytics Europe, DevOps Europe, Open Source Europe

upcoming Events

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions, prize giveaways and more. Learn the latest in techniques and trends, network with your cybersecurity peers, and discover how the Michigan Cyber Range can help you improve your cybersecurity

CISO UK (London, England, UK, May 10, 2016) We're in an historic transition — one marked by challenges, but filled with possibility. Preparing for the upturn and making the right decisions in times of change can better position your enterprise to succeed. Accordingly, the theme of this year's summit is CISOs in Transition — The Shift from Cost-Saver to Value Provider. The CISO Summit Europe is a unique opportunity for the region's greatest IT thinkers to collaborate on current industry challenges and trends. Attending CISOs and IT executives engage in peer-on-peer networking, whilst discussing the issues currently affecting CISOs from a variety of industries

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

International Conference on Business and Cyber Security (ICBCS) (London, England, UK, May 12 - 13, 2016) To date the vast majority of businesses have viewed cyber security as a peripheral issue that is the primary concern of the IT Department. Whilst this mind set is unlikely to change radically any time soon, there is a growing appreciation that businesses and individuals need to be far more aware and proactive. We invite academic researchers in the field of business and cyber security and other related areas such as foresight planning, public policy, and social and behavioural sciences, as well as companies, industry consultants, analysts and practitioners to attend ICBCS 2016

Guarding the Grid (Washington, DC, USA, May 12, 2016) Protecting the power grid from today's cyber threats has become one of the nation's top national security priorities. Nowhere was this more evident than in the aftermath of the cyberattack in Ukraine that left more than 200,000 customers in the dark. The hack – the first known cyberattack to successfully knock a power grid offline – caused many in the US to wonder: How vulnerable is the North American power grid to such an attack? Join Passcode on May 12 to explore that question.

Telegraph Cyber Security (London, England, UK, May 17, 2016) The Telegraph Cyber Security conference will provide the key components to create a cutting-edge cyber security plan, regardless of your organisation’s size or sphere of activity

DCOI 2016 (Washington, DC, USA, May 18 - 19, 2016) DCOI 2016 is a concerted effort of the state of Israel and the Institute for National Security Studies (INSS) of Tel-Aviv University, a non-profit organization that aims towards enhancing collaboration between the United-States and Israel in cybersecurity. The summit is supported by Israel state agencies alongside companies and corporation across the United-States and Israel and is free of charge for registrants. DCOI 2016 will present best technological and creative skills, industry leaders and some of the most innovative entrepreneurs in the world.

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage participation and interaction among all three vital information security constituencies: (1) business executives, senior business managers, and their trusted advisers; (2) technical IT personnel with responsibility for information systems and the data they contain; and (3) information security practitioners with responsibility for ensuring the security of sensitive information. Training and Reception on Thursday - Forums and Sessions on Friday.

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth LTE and telecomms security course by Founder of Telecomm Security Task for and for the very first time in Europe, Rift Recon's The Art of Escape — a course that teaches you how to escape an attempted kidnapping, move through a city unnoticed and much more

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems get solved. Attend Enfuse to take your work—and your career—to a whole new level. Learn more about the change from CEIC to Enfuse in our FAQ.

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. The Cybersecurity Law Institute will give you insights into the latest information and strategies. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity professionals in the country. These experts, from private practice, the government and corporate worlds, will share proven tips, valuable lessons learned and insightful prognostications about the year ahead. You owe it to your clients and yourself to attend the only law school-sponsored CLE program in the country that is devoted 100% to cybersecurity legal developments.

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.