The CyberWire Daily Briefing 2.6.17

Summary

By The CyberWire Staff

Investigation into Fancy Bear's prowling (in the form of emails) into a Norwegian security service continues.

Radware discovers a new ransomware-as-a-service portal on the dark web. Called "Ranion," it cloaks its shame behind a figleaf saying "for educational purposes only," but the portal looks more like a money-making operation. You can subscribe for 0.95 Bitcoin annually (about $960) or if you're not quite as all-in as that, you can get six months for 0.6 Bitcoin (about $605).

Microsoft is expected to patch a Windows SMB zero-day tomorrow. In the meanwhile an exploit is circulating in the wild.

Those who've been in the industry for awhile will recall the Slammer worm, which enjoyed its heyday fourteen years ago. According to Check Point, someone made a concerted attempt to revive Slammer at the end of 2016.

The Missouri Gaming Commission concludes that a Russian national, a fugitive from the law of averages (and unnaturally lucky at slots), finagled gambling machines. How he did so isn't fully understood, but he seems to have required no more physical contact than proximity to his cell phone.

US-CERT warns that flaws in some Honeywell SCADA controllers can be exploited to expose passwords.

Ransomware disables the government of Licking County, Ohio.

The famously outspoken Ian Levy, technical director of the UK's National Cyber Security Centre, has told the security industry to knock off the FUD, accusing them of peddling "witchcraft."

Russia says the FSB officers charged with treason were leaking to "America," and not necessarily the CIA.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bahrain, Bangladesh, Bulgaria, Canada, Estonia, France, Germany, Indonesia, Israel, Italy, Japan, NATO/OTAN, Netherlands, Russia, Turkey, United Kingdom, and United States.

On the Podcast

In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Markus Rauschecker describes proposed updates to the email privacy act.

We also have a new special edition of the podcast out. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

Sponsored Events

Deep Instinct (San Francisco, CA, USA, February 13 - 17, 2017) Meet us at RSA Conference 2017. Visit booth #N4805. Book a meeting.

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

Selected Reading

Dateline

Cyberthreat Detection Prevention (Bricata) The market has a pressing need for new cybersecurity technologies that proactively hunt for advanced persistent threats (APTs) that are already inside the firewall.

NSS Labs Will Announce Advanced Endpoint Protection (AEP) Group Test Results at RSA Conference (Yahoo! Finance) NSS Labs, Inc., the global leader in operationalizing cybersecurity, today announced that it is finalizing the results of the Advanced Endpoint Protection test to be revealed ...

Australian cyber-security solutions on show in the US (Invest in Australia) Australia’s world-class capabilities in cyber security will be on show as part of an Austrade delegation to the RSA Conference in San Francisco from 13–17 February 2017.

Cyber Attacks, Threats, and Vulnerabilities

Norway accuses group linked to Russia of carrying out cyber-attack (the Guardian) Norwegian intelligence service PST among targets of malicious emails believed to have been sent by APT 29

Hacker Leaks Cellebrite's iOS Bypassing Tools, Tells FBI 'Be Careful What You Wish For' (Mac Rumors) It's been nearly a year since a U.S. federal judge originally ordered Apple to help the FBI hack into an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. As we learned in the months after the initial court order -- which Apple continually opposed -- the FBI enlisted the help of Israeli mobile software developer Cellebrite to open up the iPhone 5c in question.

Ranion Ransomware-as-a-Service Available on the Dark Web for 'Educational Purposes' (BleepingComputer) A new Ransomware-as-a-Service (RaaS) portal that recently launched on the Dark Web is peddling access to a fully-working ransomware distribution network for extremely low prices.

When Ransomware Comes Knocking at your Door… or Locks it (Panda Security Mediacenter) Guests at a luxury hotel in Austria were left stranded outside of their rooms after a ransomware attack that overrode electronic key systems.

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch (The Hacker News) A zero-day security flaw discovered in Windows SMB server allows attackers to crash systems with denial of service attack.

Twitter botnet may be security threat, say researchers - Acumin (Acumin) More evidence has come to light of cyber criminals abusing legal and freely available tools after security researchers found hundreds of thousands of fake Twitter accounts lying idle. The discover came just days after researchers from Forcepoint reported that Google’s services were being employed by the Carbanak cyber criminal group to issue a command that enabled it to employ malware in avoiding detection.

Someone Tried to Resurrect 14-Year-Old SQL Slammer Worm (BleepingComputer) For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, according to security firm Check Point, who reported today that they've "detected a massive increase in the number of attack attempts."

33C3: Memory Deduplication, the Hacker’s Friend (Hackaday) At the 33rd annual Chaos Communications Congress, [Antonio Barresi] and [Erik Bosman] presented not one, not two, but three (3!!) great hacks that were all based on exploiting memory de-duplication in...

Password managers: attacks and defenses (the morning paper) Password managers: Attacks and defenses Silver et al. USENIX 2014 As a regular reader of The Morning Paper, I’m sure you’re technically savvy enough to know not to use the same password…

Security flaws in Pentagon systems "easily" exploited by hackers (ZDNet) Hackers are likely exploiting the easy-to-find vulnerabilities, according to the security researcher who warned the Pentagon of the flaws months ago.

Russians Engineer a Brilliant Slot Machine Cheat—And Casinos Have No Fix (WIRED) Digging through slot machine source code helped a St. Petersburg-based syndicate make off with millions.

Lurk: Retracing the Group’s Five-Year Campaign (TrendLabs Security Intelligence Blog) Fileless infections are exactly what their namesake says: they’re infections that don’t involve malicious files being downloaded or written to the system’s disk.

Honeywell SCADA Controllers Exposed Passwords in Clear Text (Threatpost) A series of remotely exploitable vulnerabilities – including clear text passwords – exist in a set of Honeywell SCADA systems.

Kaspersky: DDoS attacks growing stronger with unsecured IoT (SC Magazine UK) Kaspersky researchers spotted a record setting 292 hour-long DDoS attack in Q4 2016 significantly beating the previous quarter's maximum attack.

Turning Point: DDoS Attacks in Q4 2016 (Tempo - The Nation's Fastest Growing Newspaper) The last three months of 2016 witnessed significant advances in DDoS attacks. Methods are becoming more and more sophisticated, the array of devices being harnessed by botnets is increasingly diverse, while the attackers show off their capabilities by choosing bigger and more prominent targets. All this, and more, is covered by Kaspersky Lab’s experts in the Q4 2016 DDoS attack report.

How Google Took on Mirai, KrebsOnSecurity (KrebsOnSecurity) The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault.

“This is you?” message is the latest scam to be distributed via Facebook (HackRead) Facebook is one of the most used social media platforms in the world, and that makes it an attractive target for cyber criminals and online scammers.

Many Malware Samples Found on Pastebin (SANS Internet Storm Center) pastebin.com is a wonderful website. I'm scrapping all posted pasties (not only from pastebin.com) and pass them to a bunch of regular expressions.

29,000 taxpayers affected by W-2 scams, IRS issues new warning (CSO Online) Last week, the Internal Revenue Service issued a new warning to employers, urging them to stay alert as reports of compromised W-2 records started to climb. At least 29,000 taxpayers have been affected by W-2 scams since the tax season started last month.

InterContinental Confirms Security Breach At 12 US Hotels (Dark Reading) Investigation reveals payment cards of customers were compromised between August and December.

Scale, frequency and causes of certificate-related outages (Help Net Security) Certificate-related outages negatively impact the reliability and availability of vital systems and services, according to Venafi.

Scottish NHS staff caught in US cyber-attack (Digital Health) The personal data of at least 293 Scottish NHS staff have been compromised in a cyber-attack in the United States.

Trojan malware blamed for Barts cyber-attack (Anti-Corruption Digest) England’s biggest NHS trust says malware was behind a cyber-attack that forced the trust to shut down some IT systems for four days.

Ransomware Cripples Ohio County Government for Days (Infosecurity Magazine) The Licking County government offices, including the police force, the county auditor's office and the clerk of courts, have lost online access and landline telephones.

'Coworker' Phish Mails, Social Media Lures Fool Most Americans (Infosecurity Magazine) 68% of Americans were tricked by phishing emails that looked like they were from a coworker.

Security Patches, Mitigations, and Software Updates

Exploit for Windows DoS zero-day published, patch out on Tuesday? (Help Net Security) A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it.

Google will use Gmail to nudge you into updating your browser (Naked Security) If you’re clinging to an older version of Chrome, now is the time to update as Google is ending support for older versions

Cisco WebEx Browser Extension Remote Code Execution Vulnerability (Cisco) A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows.

Cyber Trends

Number of disclosed vulnerabilities reaches all time high in 2016 (Help Net Security) The 15,000 vulnerabilities cataloged during 2016 shows the year broke the previous all-time record for the highest number of discolsed vulnerabilities.

Only 5 per cent of FTSE 100 groups have cyber risk director (Financial Times) Deloitte study follows warning companies face increasing threat from cyber crime

Six surprising stats about FTSE 100 cyber security (City A.M.) Just a handful of FTSE 100 companies say they have a special technology or cyber security expert on their board, despite the growing risk to business a

History is repeating itself (in a good way) (The Christian Science Monitor) Much like CFOs before them, CISOs are now becoming boardroom mainstays.

Privacy zealots, hijackers among muncipal drone threats, report warns (State Scoop) As drone adoption accelerates, government must contend with a long checklist of privacy, security and safety concerns, a new report from the Cloud Security Alliance says.

Will 2017 be the year that IoT threats go mainstream? (Security Brief Asia) From a security perspective IoT devices are fundamentally flawed. And the bad guys are getting pretty good at exploiting them.

Cybersecurity firms pilloried by GCHQ technical director over “witchcraft” - Computer Business Review (Computer Business Review) GCHQ technical director slams cyber-security firms for exaggerating the threat posed by hackers in an attempt to profit on fear and lack of knowledge...

Companies react as UK cyber security boss accuses them of peddling 'witchcraft' to sell more products (VanillaPlus - The global voice for B/OSS) Computer security companies have been accused of "massively" exaggerating the abilities of malicious hackers. Dr Ian Levy, technical director of the UK's N

Security firms need to stop exaggerating hacker's abilities to hype their products (Graham Cluley) Dr Ian Levy, technical director of the UK's National Cyber Security Centre, has criticised security companies for "massively" exaggerating hackers' abilities in order to scare businesses.

Security firm agrees many others use fear to propel sales (ComputerWeekly) High-Tech Bridge agrees with the UK National Cyber Security Centre that some security firms are using fear, uncertainty and doubt to promote sales of their products.

Why Turkey, a NATO ally, is a huge target for malware - Cyberscoop (Cyberscoop) Turkey’s internet infrastructure — which is relatively modern but alarmingly insecure — is teeming with malware, according to a recent intelligence report by private cybersecurity firm FireEye. The U.S. company’s FireEye Email and Network protection services found that more “targeted malware” detections occurred in Turkey than in all of Europe combined in 2016. Intrusions in that category share characteristics with activity by …

Marketplace

Established security vendors may soon get a run for their money (CIO Dive) Technology Business Research predicts emerging vendors will take a larger share of the security market in the next few years.

Outlook on Cybersecurity Stocks (The Huffington Post) Global enterprise expenditures on cybersecurity are predicted to be over $1 trillion from 2017 to 2021, primarily because of the increase in the number o...

Forget Palo Alto Networks Inc: These 2 Stocks Are Better Buys (Fox Business) The cybersecurity upstart may be a darling among analysts, but there are better stocks in the sector.

Cybersecurity observed subsequent disparate FireEye, Fortinet reporting (Seeking Alpha) While FireEye's (NASDAQ:FEYE) Q4 2016, various executive transitions and future outlook impact shares to 16% declines, Fortinet's (FTNT +12.9%) contrastingly positive Q4 report is received as mor

ThreatConnect Subscription Revenue Grew More than 50% in 2016 (Yahoo! Finance) With a solid strategic outlook and growth plans for 2017, ThreatConnect®, provider of the industry’s only intelligence-driven defense platform, saw significant growth in 2016. The company experienced a more than 50% increase in subscriptions, as well as an increase in the total number of Platform users

Fixing the Nation's Cybersecurity Talent Shortage (Transmosis) Almost weekly, we hear of encroachments into big data systems in government, the military, finance, health, hospitality and retail – to name just some of the affected industry sectors. As awareness of our vulnerability has increased, demand for cybersecurity specialists has risen dramatically.

Products, Services, and Solutions

Reading Between the Lines of the Gartner MQ (LinkedIn) The 2017 Gartner Magic Quadrant for Endpoint Protection Platforms has just been released, along with the tsunami of vendor posts, tweets and emails telling you that they "won" and everyone else "lost". (Link at bottom)

2017 Gartner Magic Quadrant for Endpoint Protection Platforms Now Available (Cylance) The 2017 Gartner Magic Quadrant for Endpoint Protection Platforms evaluates solutions that demonstrate a collection of security capabilities. We invite you to download this complimentary copy of the 2017 report...

Cyber deception startup Cymmetria announces the introduction of ActiveSOC for incident response decision making (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

IMRI Introduces Cytellix Cybersecurity Division as First Line of Defense for Any Business (Marketwired) Leading managed security service provider of cybersecurity capabilities helps small and medium-size businesses understand, detect, identify, monitor and prevent cyber incidents

Microsoft Edge is the most secure web browser says Microsoft: True? (The Windows Club) We've been hearing for quite some time now that Microsoft Edge is more secure than Google Chrome and Mozilla Firefox, but how much of this is true?

Introducing Tanium Integrity Monitor (Compliance Week) Tanium this week announced the release of its Tanium Integrity Monitor to extend its capabilities in the area of regulatory compliance. The new offering follows the release last quarter of Tanium Comply, designed to help Tanium customers streamline the process of meeting regulatory requirements for security configuration and vulnerability scanning.

ServiceNow Integrates Security Platform With Palo Alto Networks, Tanium To Speed Up Security Incident Responses (CRN) The new partners will contribute threat detection and endpoint security information directly into the ServiceNow Security Operations platform's automated workflows.

ServiceNow tackling security workflows in new offering (Computer Dealer News) Quick question: Who is the fastest growing multi-billion-dollar enterprise IT company in the world? Answer: Amazon Web Services. O.K. You more than

ElcomSoft Adds Android Support to WhatsApp Acquisition Tool (PRNewswire) ElcomSoft Co. Ltd. updates Elcomsoft eXplorer for WhatsApp, the company's...

TaaS announces initial coin offering (Bankless Times) A tokenized, closed-end fund dedicated to blockchain assets announced its initial coin offering (ICO) will begin on Mar. 27. TaaS said the ICO will run through Apr. 27. It will use the Ethereum blo…

Technologies, Techniques, and Standards

As CISOs look for more clarity in the noise, is the cloud the answer? (SC Magazine UK) Despite its security issues, security vendors appear to be migrating security tools to the cloud to provide the answer to CISOs wanting a clearer approach to quicker threat detection and prevention.

CERT will strengthen the financial sector: Surendra Singh, Forcepoint (-Voice&Data) Surendra Singh – Country Director, Forcepoint on CERT announcement in Budget 2017

Auto-Provisioning for IoT Devices Tackles Security Gaps (Infosecurity Magazine) DigiCert Auto-Provisioning is aimed at IoT device manufacturers, for provisioning digital certificates at scale.

Fight Back Against Ransomware (Dark Reading) The No More Ransom project helps those affected by ransomware and works to prevent the problem's spread.

Healthcare Hack Offers Key Lessons in Cybersecurity, Attorneys Write (Yahoo! Finance) As businesses and consumers seek to protect themselves from hackers, they should weigh lessons from the 2015 data breach of healthcare firm Anthem, advise veteran data privacy and cybersecurity attorneys from national law firm LeClairRyan. The Russian hacking of

Design and Innovation

IBM Collaborates with FDA on Blockchain Health Data - insideHPC (insideHPC) "The healthcare industry is undergoing significant changes due to the vast amounts of disparate data being generated. Blockchain technology provides a highly secure, decentralised framework for data sharing that will accelerate innovation throughout the industry," said Shahram Ebadollahi, vice president for innovations and chief science officer, IBM Watson Health.

Don't take your hands off the wheel (Help Net Security) How much do we want cars to take over? What happens when we want the car to perform in one way, and the car decides not to?

Research and Development

Neuroscience is beginning to explain why our stuff is so hackable (MIT Technology Review) A study of how the brain reacts to security alerts led Google to test a new way to warn people that their computers may have been infected with malware.

The Infinite Promise of DNA-Based Data Encryption (SIGNAL Magazine) Scientists at Sandia National Laboratories are searching for partners to apply technology for encrypting text within synthetic DNA.

Academia

Self-described 'Hacker' and Cybersecurity Expert Joins LSU Faculty (KALB) New LSU faculty member Golden Richard developed an obsession with how computers work that has grown into a career as a leading cybersecurity expert

Data Privacy Day event emphasizes cyber safety (Marquette Wire) Marquette’s Center for Cyber Security Awareness and Cyber Defense recognized Data Privacy Day last Saturday and hosted a talk stressing the importance of data privacy Monday. The talk was hosted by Drew Williams, a graduate student in the College of Arts & Sciences, and was called “Data Privacy and You.” Williams talked about what private...

In Israel, teaching kids cyber skills is a national mission (The Times of Israel) New training programs aim to prepare children for careers in military intelligence, defense agencies, the high-tech industry and academia

Thales supports UK Government’s drive to attract more students into cyber careers (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.

Legislation, Policy and Regulation

Cyber Power - An Emerging Factor in National and International Security - CIRSD (CIRSD) Ralph Langner is a co-founder of The Langner Group, an international cyber defense consultancy. He gained global renown for cracking the Stuxnet malware. You may follow him on Twitter @langnergroup.

Bahrain criticised for restoring arrest powers to intelligence agency (Arabian Business) Human Rights Watch says decision is 'another nail in the coffin for Bahrain’s post-2011 reform process'

Cybersecurity High on Netanyahu Agenda for Trump, May Meetings (Bloomberg.com) When Israeli Prime Minister Benjamin Netanyahu meets with world leaders this month, strengthening cybersecurity ties will figure high on the agenda.

Israeli spooks step out of the shadows in battle for cyber edge (The Times of Israel) At a Tel Aviv exhibition, the Mossad and Shin Bet look for the next generation of officers to combat computer threats

UK defense secretary urges NATO to fend off Russian cyberattacks (CSO Online) The U.K.’s defense secretary is accusing Russia of using cyber attacks to “disable” democratic processes across the West, and he's demanding that NATO fight back.

NATO Cyber Vanguard to Put EU Defense Chiefs Through Paces (Bloomberg Quint) NATO Cyber Vanguard to Put EU Defense Chiefs Through Their Paces

When does a cyberattack mean war? Experts say there’s no clear line (Reveal) The United States does not have a clearly defined threshold at which digital offensives escalate into all-out war.

Security firms 'overstate hackers' abilities to boost sales' - BBC News (BBC News) Computer security companies have been accused of "witchcraft" by exaggerating abilities of malicious hackers.

Now more than ever, don't neglect America's cyber infrastructure (TheHill) OPINION | "Our nation’s cybersecurity posture will only be as strong as our weakest links..."

Opposition to Trump's Cabinet picks hurts cyber policy across agencies (Washington Examiner) Trust has been in short supply in the nation's capital in recent weeks, but it is an essential ingredient in developing cybersecurity policy and in making that policy work.

DOD can still hire cyber civilians -- FCW (FCW) The Department of Defense has determined that cybersecurity and cyberspace positions are exempt from President Trump’s freeze on the hiring of civilian workers.

GSA to join DoD in hiring ethical hackers to find cyber vulnerabilities (FederalNewsRadio.com) GSA's Technology Transformation Service released a draft solicitation asking for industry input in creating a bug bounty program.

GAO: DHS cyber communications center could communicate better (Federal Times) The Government Accountability Office’s evaluation of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center has found it performs its required cybersecurity-related information sharing role, but could improve its effectiveness and efficiency with some basic self-assessments.

OPM's cleared up some IT rough spots, but encryption still unfinished (FederalNewsRadio.com) OPM IT leaders say the agency has one major database left to encrypt, containing high-value assets and personally identifiable information

U.S. National Security Agency's deputy director is retiring (Reuters) The deputy director of the U.S. National Security Agency, the intelligence agency in charge of electronic surveillance and code-breaking, is retiring, an NSA spokesman said on Friday.

'NBR needs to protect taxpayers' information from cyber attack' (The Financial Express Online Version) The National Board of Revenue (NBR) needs to take digital security measures to protect taxpayers' information from cyber attack and

Australian PM accused of cyber compromise - Acumin (Acumin) Australian Prime Minister Malcolm Turnbull has been accused by the country’s Labor Party of prioritising his political career over national security. Turnbull revealed plans of a confidential meeting of political parties regarding Russian-like cyber attacks.

Litigation, Investigation, and Enforcement

Treason in the Kremlin? Russia denies claim cyber experts leaked secrets to CIA (International Business Times UK) Inside the murky world of Russian hacking and espionage, arrests are mounting.

Russian Arrests Spur Questions Over Links to U.S. Hacking (WSJ) A series of high-profile arrests in Russia has intelligence officials on both sides of the Atlantic trying to unravel a mystery they suspect may be connected to Russian hacking in the U.S.

EXCLUSIVE: House Intelligence, Foreign Affairs Committee Members Compromised By Rogue IT Staff (The Daily Caller) Three brothers who managed office information technology for members of the House Permanent Select Committee on Intelligence and other lawmakers were abruptly relieved of their duties on suspicion

The FBI Is Building A National Watchlist That Gives Companies Real Time Updates on Employees (The Intercept) Will the FBI’s Rap Back service notify your boss that you got arrested protesting the inauguration?

Palestinian Engineer Jailed for Hacking Israeli CCTVs & Drones (HackRead) An Israeli court has sentenced Majid Oweida, a 23-year old from Gaza City to 9 years in prison on charges of hacking into Israeli drones.

Turkish police detain over 440 people in anti-ISIS operation (Military Times) Turkey's anti-terrorism police have detained over 440 people for alleged links to the Islamic State group, the state-run news agency reported Sunday.

Police playing tough in combating cybercrimes in Indonesia (The Jakarta Post) The police have decided to deploy more personnel to investigate citizens who are suspecting of violating the controversial Electronic Information Transactions (ITE) Law, including its draconian articles on defamation and hate speech.

Two Arrested in London for Infecting Washington's CCTV Network with Ransomware (BleepingComputer) UK's National Crime Agency said today that officers arrested two suspects for hacking the Washington CCTV network and installing ransomware.

Enquiries continue into Grimsby hospital cyber attack, as MPs criticise Government protections (Grimsby Telegraph) No arrests have yet to be made following a major cyber attack at Grimsby hospital, which led to the cancellation of operations and appointments. This comes as MPs have warned that a shortage of...

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

upcoming Events

Insider Threat Program Development Training For NISPOM CC 2 (Toms River, NJ, USA, February 6 - 7, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 6-7, 2017, in Toms River, NJ. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, February 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of AI technology may affect the global community in both the physical and structural spheres and the potential impact of the future evolution of such technology, especially in terms of security. Emphasis will be given to the way in which AI and autonomous robotics can be represented and communicated in the media.

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, February 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response, threat hunting, ethical hacking, IT management and ICS/SCADA security. Some of our courses are in alignment with DoD Directive 8570 requirements for Baseline IA Certifications, and most courses have GIAC Certification attempts available. Take advantage of this opportunity to sharpen your skills and advance your career.

Cyber Protect Conference (Nottingham, England, UK, February 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's Police and Crime Commissioner Paddy Tipping and Nottinghamshire Police, and will include presentations from cyber security experts. The event, which takes place on Thursday, February 9, at The Atrium in Nottingham, is free of charge and open to small and medium-sized enterprises (SMEs) across the county.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Norway investigates bear tracks. Ransomware-as-a-service. Windows SMB zero-day patch expected tomorrow. Slot machine hack. SCADA controllers could expose passwords. Russian authorities draw a distinction without an apparent difference. GCHQ denounces witchcraft.