The CyberWire Daily Briefing 2.1.17

Summary

By The CyberWire Staff

Cyber espionage hits the Czech Foreign Ministry. Foreign Minister Lubomir Zaoralek declined to name suspects, but did say it appeared to be the work of a nation-state, and added pointedly that it looked a lot like last year's incursion into the US Democratic National Committee. Consensus opinion regards the email compromise as probably the work of Russian intelligence services.

US Central Command's WebOps information campaign against ISIS draws poor reviews from observers and whistleblowers who allege it's a slipshod effort marred by indifferent linguistic skills, tendentious self-assessments, and cronyism. However well or poorly counter-ISIS information operations may be doing against the Caliphate in cyberspace, it appears to other observers that kinetic pressure is beginning to fragment the aspiring terrorist state, and that such fragmentation is beginning to appear in ISIS's own information campaigns.

Cyber security in the healthcare sector continues to prompt eye-rolling from industry observers. In the UK, half the National Health Service trusts only scan their web applications for vulnerabilities annually (if that often). Looking at the sector as a whole, IBM offers despairing lyricism: it's "a leaky vessel in a stormy sea."

The FSB officers arrested by Russia are now being accused, officially, of ties to the US CIA. Shaltai-Boltai continues to draw official ire, playing a role in Russian affairs analogous to that WikiLeaks has played in American policy and opinion.

Spanish police say they've nabbed Phineas Phisher, of Hacking Team hack fame. But Mr. Phisher has since communicated that he's safe and still at large.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Czech Republic, Egypt, Estonia, Germany, Iran, Iraq, Israel, Latvia, Lithuania, NATO/OTAN, Poland, Russia, Spain, Sweden, Syria, Tunisia, Turkey, Ukraine, United Kingdom, and United States.

On the Podcast

Today's CyberWire daily podcast features Emily Wilson from our partners at Terbium Labs. She'll describe the increased importance doxing has assumed in the threat actors' playbook. Our guest is Chris Schueler from Trustwave, who discusses their recent report outlining cyber security resource limitation.

We've also got a new special edition of the podcast out. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017.

Sponsored Events

Atlantic Council Cyber 9/12 Student Challenge (Washington, DC, USA, Mar 17 - 18, 2017) The Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to allow students from around the world and various academic disciplines to understand the policy challenges associated with a cyber crisis. Register now as a competitor, judge or observer.

Women in Cyber Security (Tucson, AZ, USA, Mar 31 - Apr 1, 2017) With support from various industry, government and academic partners, WiCyS has become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Selected Reading

Dateline

RSA Conference 2017: Endpoint security in the spotlight (Network World) Lots of visibility and hype around next-generation endpoint security, suites, EDR and services at the upcoming RSA Security Conference

Cyber Attacks, Threats, and Vulnerabilities

Foreign state seen behind hack into Czech Foreign Ministry email (Reuters) Hackers have breached dozens of email accounts at the Czech Foreign Ministry in an attack resembling one against the U.S. Democratic Party that the former Obama administration blamed on Russia, Foreign Minister Lubomir Zaoralek said on Tuesday.

Czech Ministry Suffered Cyber-Attack Possibly From Foreign State (Bloomberg.com) Hackers possibly working for a foreign state breached the e-mail accounts of dozens of employees of the Czech Foreign Ministry in a cyber-attack similar to that conducted against the U.S. Democratic Party, the country’s top diplomat said.

Czech cyber-attack: Russia suspected of hacking diplomats’ emails (the Guardian) Scale and sophistication of hack points to foreign state, says Czech foreign minister, comparing it to attack on US Democratic party

U.S. Military Botches Online Fight Against Islamic State (Bloomberg.com) On any given day at MacDill Air Force Base, web crawlers scour social media for potential recruits to the Islamic State group. Then, in a high-stakes operation to counter the extremists' propaganda, language specialists employ fictitious identities and try to sway the targets from joining IS ranks.

Is ISIS Breaking Apart? (Foreign Affairs) To gain a sense of how ISIS has splintered, the authors analyzed the group’s media output—the propaganda it releases—over time. At its height in 2015, over 40 individual propaganda “offices” were producing media. As of mid-January 2017, just 19 outlets were active. These days, the caliphate brand is associated almost entirely with Iraq and Syria, and regional affiliates appear to be becoming even more distant and disconnected from the core.

GitLab suffers major backup failure after data deletion incident (TechCrunch) Khosla Ventures- and Y Combinator-backed open source Git repository GitLab is currently offline after suffering what appears to be a major backup restoration..

Ugly Password Gaffe Plagues Cryptkeeper Encryption App (Threatpost | The first stop for security news) Debian developers are recommending that the Cryptkeeper Linux encryption app be pulled from the distribution after a universal password was found.

Routers Under Attack: Current Security Flaws and How to Fix Them - TrendLabs Security Intelligence Blog (TrendLabs Security Intelligence Blog) How is it possible for users to lose hundreds of dollars in anomalous online bank transfers when all of their gadgets have security software installed?

Can your Netgear router be hijacked? Check now! - Help Net Security (Help Net Security) Researcher Simon Kenin of Trustwave SpiderLabs released information about a flaw affecting a wide variety of Netgear routers and opening them to hijacking.

CryptoMix variant named CryptoShield 1.0 Ransomware Distributed by Exploit Kits (BleepingComputer) A new CryptoMix variant called CryptoShield 1.0 Ransomware has been discovered by ProofPoint security researcher Kafeine being distributed via EITest and the RIG exploit kit.

Cerber, Locky, Kovter top malware families in 2016: Malwarebytes (SC Magazine US) Cybersecurity concerns hit the big time in 2016.

91% of phishing attacks are display name spoofs - Help Net Security (Help Net Security) GreatHorn analyzed more than 56 million emails from 91,500 corporate mailboxes from March to November 2016. The data found that display name spoofs are the

Q&A: Rapid7's Beardsley and Brown dish on Mirai botnet, pen testing (SearchSecurity) Rapid7's Beardsley and Brown offer insight on Mirai botnet attacks, while also sharing some of their craziest penetration testing and incident response experiences.

New malware stealing login data, bitcoin from cryptocurrency wallets (HackRead) Cyren, an Internet security firm, has discovered a new malware that can steal bitcoin and passwords from cryptocurrency wallets on computers. The company w

Google Appears to Think the UK's Health Service Is a Botnet - Motherboard (Motherboard) Or at least something weird is going on, since NHS network users are being forced to verify they're human before using Google.

Half of NHS trusts only scan applications for vulnerabilities once a year - if that (Computing) Just 12 per cent of the NHS trusts surveyed scan web application perimeters daily

Shopping for W2s, Tax Data on the Dark Web (KrebsOnSecurity) The 2016 tax season is now in full swing in the United States, which means scammers are once again assembling vast dossiers of personal data and preparing to file fraudulent tax refund requests on behalf of millions of Americans.

Hacker Compromises 2.5 Million Xbox 360, PSP ISO Forum Accounts (e Security Planet) Email addresses, passwords and IP addresses were exposed.

‘I’m not a robot’ verification test beaten by … a robot (Naked Security) The Captcha test may finally be on the way out, but that didn’t stop one robot rising to the challenge of beating it

Every Scotty’s Brewhouse employee affected by data breach; scammer gets copy of all W-2 forms (Fox 59) Officials at Scotty’s Brewhouse are working to inform thousands of employees across the company about an email data breach, leaking employees’ W-2 forms to an unknown suspect.

Another Radio Station Transmission hacked with F*** Donald Trump Songs (HackRead) It looks like defacing websites with politically motivated messages has become an old trend since hackers are moving to something bigger. In this case, it'

Security Patches, Mitigations, and Software Updates

Apple Takes Down iCloud Activation Lock Page After Disclosure of Security Flaw (BleepingComputer) Following the public disclosure of a security flaw in the iCloud Activation Lock web page that allowed phone thieves to reactivate devices to other Apple user accounts, the company has decided to shut down the page for the time being.

Cyber Trends

Cisco 2017 Annual Cybersecurity Report: Classic Attack Vectors Re-Emerge; Cisco Reduces “Time to Detection” to Six Hours (Cisco EMEAR Network) On 10th anniversary of report, Chief Security Officers reveal true cost of breaches and the actions that organizations are taking

Cisco 2017 Annual Cybersecurity Report (Cisco 2017 Annual Cybersecurity Report) Learn security industry insights and key findings taken from threat intelligence and cybersecurity trends.

Crooks Raked in $16B via Identity Fraud Last Year (Infosecurity Magazine) The number of people who fell victim to identity theft in 2016 spiked 16% year-over-year, to 15.4 million victims.

SSD security challenges: Which data sanitization methods are effective? - Help Net Security (Help Net Security) Organizations face internal and external challenges with preventing sensitive personal and corporate information from being accessed or breached from SSDs.

Privacy expectations and the unfortunate reality - Help Net Security (Help Net Security) A recent survey that polled 5,710 Americans on private browsing revealed that many of those who use it don't correctly understand what it does.

New Report Finds 300 Billion Passwords Will Be at Risk By 2020 (Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, along with Cybersecurity Ventures, a leading research and market intelligence firm focused on the cybersecurity industry, have released a joint

Human memory, or the lack of it, is the biggest security bug on the 'net (Register) For pity’s sake, stop reusing passwords

IBM calls healthcare industry a 'leaky vessel in a stormy sea' | ZDNet (ZDNet) New research suggests that not enough is being done to protect medical systems and patient data.

Marketplace

Radware buys out cyber startup Seculert for data center security (Geektime) Tel Aviv-based DDoS protection firm Radware announced today their acquisition of Seculert, a Petach Tikva startup known for its data exfiltration prevention solution.

Top Cybersecurity Stocks to Buy in 2017 -- The Motley Fool (The Motley Fool) These three businesses can help meet America's growing need for effective cyber defenses.

How FireEye Inc (FEYE) Stock Can Return 35% This Year (InvestorPlace) 2016 was a down year for FireEye, but as cybersecurity threats grow, it looks like FEYE stock may be prepping for a big-time rebound.

Why FireEye Might Be a Potential Takeover Target in 2017 (Market Realist) Factors contributing to FireEye’s attractiveness as a takeover target

PhishMe Reports Explosive Growth: Annual Run Rate Approaches $50 Million (Yahoo! Finance) PhishMe Inc., the leading provider of human phishing defense solutions, today announced another year of record growth, with Annual Run Rate approaching $50 million. PhishMe’s more than 300 employees now serve 1,200 enterprise customers world-wide to defend against cybercriminals, hacktivists and state-sponsored

SonicWall CEO talks of life after Dell spinout (CSO Online) In this installment of the IDG CEO Interview Series, Bill Conner spoke with Chief Content Officer John Gallant about what the Dell spin out means for customers and where SonicWall is focusing its development efforts.

DISA Awards RedSeal $34 Million For Platform To Monitor Cyber Network Operations - Defense Daily Network (Defense Daily Network) The Pentagon's Defense Information Systems Agency (DISA) awarded RedSeal a $33.8 million multi-year contract to use its network modeling and risk scoring...

Gemalto to Supply New Digital Identity Solution for the Swedish Tax Agency (ACN Newswire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, has been awarded a multi-year contract to supply its eGov authentication platform for online services, Premium Polycarbonate eID cards and a comprehensive Enrollment and Issuance solution to Skatteverket, the Swedish Tax Agency

Blue Cedar Selected for Momentum Partners’ Prestigious Cybersecurity Watch List (BusinessWire) Q4 2016 list highlights private cybersecurity companies with industry momentum

Lexumo Names Steve Roge as Chief Revenue Officer (PRNewswire) Lexumo, the expert in Open Source Software security for Internet of...

Lexumo Names Rich Stoller as VP Operations (PRNewswire) Lexumo, the expert in Open Source Software security for Internet of...

Eileen Mercilliott Named Vice President of Product Management at OptioLabs (BusinessWire) Mobile security solution provider promotes from within

OWL Cybersecurity Adds Andrew Lewman to Board of Directors (BusinessWire) Cybersecurity veteran brings more than 30 years of business experience in technology and darknet to OWL Cybersecurity.

Cicayda Announces Security Veteran Michael Tanji as Cyber Security Strategist (PRNewswire) Cicayda, a legal discovery solution delivering 100% cloud-based...

Dome9 Strengthens Executive Team to Accelerate Business Growth (Marketwired) Charter to drive sales, marketing strategy and execution for market expansion

Products, Services, and Solutions

ThreatQuotient Introduces First Threat Intelligence Platform to Answer Industry Demand for More Fine-Tuned Controls and Streamlined Threat Operations - ThreatQuotient (ThreatQuotient) Launch of ThreatQ 3.0, new Partner Integration Program and Professional Services Surpasses Existing Solutions with Customer-Defined Prioritization, Intelligent Automation, Expanded Interoperability and Robust Threat Operation Services

New Release of FinalCode 5.2 Extends Enterprise File Collaboration Security with Protected File Preview for Box and Enhanced Support for EMC Storage, Macro-enabled Office Files (FinalCode) FinalCode, Inc., today announced the immediate global availability of the newest release of its persistent, file-centric information rights management (IRM) solution that protects files wherever they go, inside and outside of the organization.

LookingGlass Launches ScoutShield a Zero-Touch Threat Intelligence Gateway (BusinessWire) Delivers malware and phishing protection with over 99.99 percent accuracy

Farsight Security and Recorded Future To Spotlight How Cybercriminals Manipulate DNS To Commit Fraud in Upcoming Cybersecurity Webinar (WebWire) Today Farsight Security, Inc., the worlds largest provider of real-time and historical DNS intelligence, announced that Farsight Security CRO Andrew Lewman and Recorded Future Vice President of Threat Intelligence & Strategy Levi Gundert will co-present an upcoming webinar

Illumio extends its segmentation to the network and cloud (Network World) By extending its Adaptive Security Platform to the network and cloud, Illumio brings together a number of historically discrete segmentation solutions.

Comodo Extends Advanced Endpoint Protection to Mac OS X and Linux Systems (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions and...

Fortinet Extends Security Fabric Protection into the Internet of Things (GlobeNewswire News Room) Fortinet Announces Security Fabric Capabilities to Arm Enterprises with Visibility and Control to Defend Against Rising Threats from IoT

NSFOCUS Launches Global Threat Intelligence Platform to Defend Against Sophisticated Cyber Attacks (BusinessWire) As new threat actors and vulnerabilities emerge, NSFOCUS provides the most complete insight into evolving yhreats with real-time, actionable intelligence

Vanguard Integrity Professionals Announce Vanguard InCompliance™ Performing Millions of Critical Compliance Checks (Yahoo! Finance) Vanguard Integrity Professionals is pleased to announce the immediate availability of its Vanguard InCompliance solution available across its enterprise-wide cybersecurity...

ProtectWise and Phantom Announce Integration Partnership (BusinessWire) Strategic alliance will deliver unparalleled visibility, threat detection and incident response

Cato Networks Launches First Cloud-based, Secure SD-WAN Service - Cato Networks (Cato Networks) Cato Cloud Drives WAN Transformation by Converging Networking and Security into the Cloud

Exabeam Launches Next-Generation Security Intelligence Platform (Yahoo! Finance) Exabeam, the market leader in User and Entity Behavior Analytics, today announced its new Security Intelligence Platform, designed to decrease the risk of cyber threats for organizations of any size.

Akamai addresses limitations of traditional remote access | Networks Asia (Networks Asia) Akamai Technologies, Inc. has introduced Enterprise Application Access, a solution designed to provide enterprises with a new way to simplify remote and third-party application access while at the same time increasing their organization’s security posture.

Zimperium launches exploit purchase program for your Android and iOS devices | ZDNet (ZDNet) Zero-days are of no interest, however.

Pulse Secure certified for U.S. Department of Defense Unified Capabilities Approved Products List (Yahoo! Finance) Pulse Secure, the leader in secure access solutions has announced that Pulse Connect Secure 8.2 and Pulse Policy Secure 5.3 have been certified for inclusion on The U.S...

Windows 10 helps stop spread of ransomware, Microsoft security researcher says - TechRepublic (TechRepublic) A recent Microsoft security blog claims that Windows Defender ATP can help better detect ransomware infections and keep them from becoming 'epidemics.'

Varonis Keeps Client Data at Utah’s Largest Law Firm Secure from Cyberattacks and Ransomware (Yahoo! Finance) Varonis Systems, Inc., a leading provider of software solutions that protect data from insider threats and cyberattacks, today detailed how Kirton McConkie, Utah’ s largest law ...

Seceon Announces Partner Agreement with Symtrex, Inc., Canadian-based Cyber Security Solutions Provider (IT Business Net) Seceon, the only threat detection and management company to visualize, detect, and eliminate cyber threats in real-time, today announced a partner agreement with Symtrex, Inc., a North American cyber security solutions provider and consultant.

IAI Debuts GPS Anti-Jamming System (Defense News) The laptop computer-sized system is based on the firm’s multichannel Controlled Reception Pattern Antenna technology designed to render avionics systems immune to direct electronic attack from GPS jammers or other methods of interference.

Technologies, Techniques, and Standards

Level of Assurance changes for digital Identity get real in new NIST 800-63 draft - SecureIDNews (SecureIDNews) Until the end of March, public comment will be accepted on NIST's new version of its influential digital identity related, SP 800-63 spec. The document has defined the four levels of identity assurance and helped shape government e-authentication projects.

PCI Security Standards Council Issues Guidance For E-Commerce Security (Dark Reading) Update educates merchants on payment security challenges and significance of encryption.

Why Cybersecurity Should Be The CFO's Job (Forbes) Cybersecurity is typically in the top 5 risks of a corporation and a key aspect of a CFOs role is to help manage that.

System agent bloat: too many slices (CSO Online) Many years ago, in simpler times, I was responsible for the security program that included the controls which protected (in theory) against malicious files and programs that were hell bent on causing mischief.

Design and Innovation

How to make PC security alerts better? Make them twirl, jiggle (CSO Online) The warnings are designed to save us from malware infections and hacking risks, but often times we’ll neglect them, because we’re too busy. Or we’ve seen them too many times, and become conditioned to dismiss them, according to Anthony Vance, a professor at Brigham Young University.

A New Mantra For Cybersecurity: 'Simulate, Simulate, Simulate!' (Dark Reading) What security teams can learn from the Apollo 13 space program, a global pandemic, and major infrastructure disruptions to identify their best responses to attacks.

Research and Development

Boston startup awarded patent for encryption to fend off quantum computers (Boston Business Journal) Computers based on quantum mechanics have been in the realm of science fiction for years, but recently companies like Google (Nasdaq: GOOGL), and even the National Security Agency, have started to think practically about what their existence would mean.

In not-too-distant future, brain hackers could steal your deepest secrets (Ars Technica) Religious beliefs, political leanings, and medical conditions are up for grabs.

Git Blame Who?: Stylistic Authorship Attribution of Small, Incomplete Source Code Fragments (Cornell University Library) Program authorship attribution has implications for the privacy of programmers who wish to contribute code anonymously.

Academia

County College of Morris Named as National Center of Excellence for Cyber Security Education (TAP into Morristown) First Community College in New Jersey to Gain This Distinction

Microsoft's Council for Digital Good Program will assess security threats teenagers face (The Windows Club) Microsoft is very serious with its security infrastructure and thus introduced the Council for Digital Good Program. The program invites youth to the Microsoft campus for 2 days which would involve talking, discussing and other activities.

Legislation, Policy and Regulation

Netanyahu touts Israel's cyber edge at CyberTech conference (i24 News) Netanyahu also took the opportunity to defend a tweet commending Trump's plan to build a Mexico border wall.

What Russia Expects from the Trump Administration (The National Interest) A new Congress of Vienna could strengthen U.S. leadership by sharing responsibility for global order.

Trump Cyber Executive Order Calls for 60-Day Review (Threatpost | The first stop for security news) President Donald Trump postponed the release and signing of an Executive Order around cybersecurity that calls for a 60-day review systems and critical infrastructure.

Donald Trump cites DNC hack in launch of cybersecurity efforts (The Washington Times) President Trump said Tuesday the hacking of the Democratic National Committee stands out as a “good example” of the need for effective cyber security measures throughout private industry and the federal government.

Trump doesn’t mention Russia in his executive order draft on cyber security (Recode) Yet the CIA concluded Russia hacked servers in the run-up to the election in order to help Trump win.

Trump pledges beefed up cybersecurity but doesn't sign order (Fox News) President Donald Trump pledged Tuesday to strengthen the government's ability to protect its computer networks, but then canceled plans to sign an executive order on cybersecurity without explanation.

Agency senior leaders to be held more accountable for cybersecurity (FederalNewsRadio.com) President Trump decided not to sign a new cybersecurity executive order on Jan. 31, but more specifics of the plan to secure federal networks emerge.

Big changes in Trump's cybersecurity executive order (NBC-2.com) An executive order awaiting President Trump's signature is aimed at improving nation's hacker defenses -- including a plan to have the U.S. military review what kids are learning about...

Trump Administration Should Read and Heed Obama Cyber Report (SIGNAL Magazine) As the nation deals with intelligence reports of Russian hacks of the U.S. presidential election, some of us in industry are pondering how President Donald Trump will tackle cybersecurity issues.

Does The National Security Advisor Run The NSA? Here's What Bannon's New Position Means (Romper) President Donald Trump's move to grant one of his top political strategists, former Breitbart executive chairman Steve Bannon, a seat on the National Security Council has more than a few people worried about what his new role will mean for the country.

Administration should continue to seek changes to international cyber export controls (TheHill) OPINION | We urge the incoming administration to continue to take this as a U.S. leadership opportunity in shaping international cyber norms by supporting the ongoing renegotiations on the Wassenaar Arrangement.

Will Industry Specific Privacy Legislation Continue to Proliferate? (Winston & Strawn LLP) It seems like every federal regulator wants to get in on the privacy action these days. We are watching to see if this trend continues in 2017. The requirements being imposed on organizations by this ever-increasing alphabet soup of regulators is not always consistent.

Security, Modularity Drive Navy Cyber (SIGNAL Magazine) Cleaner, more modular software that can be updated with less fuss tops the U.S. Navy’s wish list as it girds its fleet for warfighting in cyberspace.

Litigation, Investigation, and Enforcement

«Интерфакс» сообщил о связях арестованных офицеров ФСБ с ЦРУ (РБК) Двое фигурантов дела о госизмене в ФСБ сотрудничали с ЦРУ, узнал «Интерфакс». По данным агентства, обвинения предъявлены четырем фигурантам дела

Russia accuses cybersecurity experts of treasonous links to CIA (the Guardian) Rumours swirl of connection to revelations about US election hacking, as state media says Sergei Mikhailov and Dmitry Dokuchayev ‘betrayed their oath’

Reported treason arrests fuel Russian hacking intrigue (Fox News) In the days since it emerged that four men had been arrested on treason charges linked to cyber intelligence and Russia's domestic security agency, conspiracy theories and speculation about the case have swept through Moscow.

Three Russian cyber arrests, one suspicious death, and a new twist in the US election hack (Quartz) Russia experts see the developments as a possible purge tied to the US election hack.

The Power Vertical: Tinker Tailor Hacker Spook (RadioFreeEurope/RadioLiberty) Reports about the arrest of cybersecurity officials offer up a classic Russian tale replete with multiple layers of subterfuge, deception, diversion, and embedded meaning.

German police arrest ‘ISIS recruiter’ and probe 16 others over ‘planned attack’ (The Sun) GERMAN cops have smashed an ISIS terror cell and arrested a Tunisian man suspected of carrying out the deadly 2015 attack on the Bardo Museum in Tunis where 22 died – including a British woma…

Spanish Police Claim to Have Arrested Phineas Fisher - Hacking Team Hacker (BleepingComputer) Spain's National Police Corps have detained a man in the city of Salamanca, who they suspect of being Phineas Fisher, a famous hacker who has breached Gamma Group and Hacking Team, two companies that sold cyber-surveillance software to oppressive regimes.

Secret Rules Make it Pretty Easy for the FBI to Spy on Journalists (Intercept) Rules governing the use of national security letters allow the FBI to obtain information about journalists’ calls without going to a judge or informing the targeted news organization.

Notorious Hacker Phineas Fisher: I'm Alive and Well - Motherboard (Motherboard) The famed career of political hacker Phineas Fisher might have come to an end.

Do I have to hand over bank and social media details at the US border? (Naked Security) Your right to decline to share privacy-busting details with border agents depend on your visa, and with checks stepping up, it makes sense to find out before you travel

Europol and GCA will fight cybercrime through the exchange of information - Help Net Security (Help Net Security) Europol and the GCA will cooperate on decreasing systemic cyber risk and improving internet security throughout Europe and beyond.

Insider Trading on the Dark Web Is on the Rise (Fortune) Unscrupulous workers who sell their employers' secrets are nothing new. But a rise in websites dedicated to white collar crime is making the practice easier than ever—and leading more insiders to peddle confidential information.

Google wins ‘right to be forgotten’ battle in Japan (TechCrunch) Google has won a long-standing battle in Japan that drew parallels with Europe's "right to be forgotten" ruling. The Japanese Supreme Court today dismissed..

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, Feb 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

upcoming Events

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, Feb 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks often get in the way. Join us for lunch and an action-oriented discussion about ways you can improve your security incident response program in 2017. The conversation will be led by certified SANS instructor Alissa Torres, and Rsam CISO Bryan Timmerman. Attend and earn CPE credits towards your ISACA and (ISC)2 certifications.

Insider Threat Program Development Training For NISPOM CC 2 (Toms River, NJ, USA, Feb 6 - 7, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 6-7, 2017, in Toms River, NJ. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, Feb 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, Feb 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response, threat hunting, ethical hacking, IT management and ICS/SCADA security. Some of our courses are in alignment with DoD Directive 8570 requirements for Baseline IA Certifications, and most courses have GIAC Certification attempts available. Take advantage of this opportunity to sharpen your skills and advance your career.

Cyber Protect Conference (Nottingham, England, UK, Feb 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's Police and Crime Commissioner Paddy Tipping and Nottinghamshire Police, and will include presentations from cyber security experts. The event, which takes place on Thursday, February 9, at The Atrium in Nottingham, is free of charge and open to small and medium-sized enterprises (SMEs) across the county.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, Feb 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, Feb 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, Feb 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, Feb 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Risky Business (London, England, UK, Feb 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, Feb 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

SANS Dallas 2017 (Dallas, Texas, USA, Feb 27 - Mar 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Bear tracks in Czech Foreign Ministry emails. CENTCOM's WebOps draws poor reviews. Arrested Russian FSB officers' alleged CIA ties. Phineas Phisher—arrested or still at large?