The CyberWire Daily Briefing 2.8.17

Summary

By The CyberWire Staff

The Independent is reporting that a number of National Health Service sites in the UK have for the last three weeks been targeted by ISIS-adhering hackers belonging to the Tunisian Fallaga Team. The most visible aspect of the attack involved website defacements with images of violence in Syria and a demand for an end to Western aggression in that country. Patient information may have been at risk, but so far at least appears not to have been compromised. The Cabinet Office believes the coordinated attack is a serious one. The Tunisian Fallaga Team is believed to be working in concert with two other ISIS-affiliated groups: Global Islamic Caliphate and Team System DZ.

In other ISIS news, captured files suggest the Caliphate is having difficulty keeping its foreign fighters motivated and on-task.

A new bad animal joins the menagerie: Charming Kitten, a threat group thought to be connected to Iranian security companies, appears to be pushing Mac malware. Early reports indicate the malware is poorly designed, but Charming Kitten will bear watching. Reports suggest that the group is interested in US defense and aerospace companies.

An unknown state-sponsored group (possibly although not certainly Russian) used Word macros to distribute a maliciously doctored version of a Carnegie Endowment report on the implications of US President Trump's election.

The current US Administration is likely to maintain the designation of election systems as critical infrastructure.

In industry news, Sophos has acquired Invincea, Malwarebytes has bought Saferbytes, and Salient CRGT is acquiring Information Innovators, Inc.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Austria, India, Iran, Russia, Syria, Tunisia, Turkey, United Kingdom, and United States.

On the Podcast

In today's podcast we hear from our partners at Palo Alto Networks, as Rick Howard talks to us about the notion of an adversary playbook.

Our prognosticating podcast special edition is also available. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

Sponsored Events

Deep Instinct (San Francisco, CA, USA, February 13 - 17, 2017) Meet us at RSA Conference 2017. Visit booth #N4805. Book a meeting.

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

Selected Reading

Dateline

RSA 2017 Takes Shape with NCSA, Gemalto, SecuGen On Hand - FindBiometrics (FindBiometrics) The National Cyber Security Alliance has returned as a sponsor of this year's RSA Conference, one of the world's biggest security events...

Terbium Labs Prepares for Strong Presence at RSA 2017 (SAT PR News) Terbium Labs, the company behind Matchlight, the world’s first fully private, fully automated data intelligence system, is gearing up for an eventful week in San Francisco, Feb. 13-17 at the annual RSA Conference.

Cryptzone to Present on the Software-Defined Perimeter at CSA Summit at RSA Conference (Cryptzone) Cryptzone, the Software-Defined Perimeter (SDP) company, today announced that Jason Garbis, Vice President of Products, will speak at the upcoming Cloud Security Alliance (CSA) Summit, at 9:15am PT on Feb. 13, 2017, at the Marriott Marquis in San Francisco. Garbis will present ‘The Software-Defined Perimeter: A Key Ingredient in the Cloud Security Pie,’ which takes a deep dive into the progress made with the CSA’s SDP specification over the past two years.

Cyber Attacks, Threats, and Vulnerabilities

Isis carried out cyber-attack on NHS sites (The Independent) Islamist hackers linked to Isis carried out an attack on a series of NHS websites in a cyber-attack exposing serious flaws in security systems meant to protect sensitive information, The Independent has learnt. Graphic, brutal images of violence from Syria’s war were put up on the sites by a group based in North Africa which declared it was carrying out the electronic raid in retaliation for the West’s aggression in the Middle East. This is believed to be the first time that an Isis-linked group has carried out a concerted attack on the NHS.

A file on Islamic State’s ‘problem’ foreign fighters shows some are refusing to fight (Washington Post) Some militants from France, Belgium and Kosovo have doctor’s notes explaining why they need out.

Turkish Islamist Hackers’ group claim cyber-attack on Austrian parliament (Financial Buzz) Austria’s parliament announced that a Turkish Islamist hackers’ group claimed responsibility for a cyber-attack that took its website down for 20 minutes this weekend. Lion Soldiers Team or Aslan Neferler Tim (ANT), the website that defends the homeland, Islam, nation and flag, claimed the attack, an Austrian spokeswoman said.

Mac malware, possibly made in Iran, targets US defense industry (CSO Online) Just because you’re using a Mac doesn’t mean you’re safe from hackers. That’s what two security researchers are warning, after finding a Mac-based malware that may be an attempt by Iranian actors to target the U.S. defense industry.

Researchers See Links Between Iran and Mac Malware (BankInfoSecurity) A digital forensic analysis of a new type of Mac malware reveals that it has a strong connection to Iran, researchers say. The malware, which turned up on the

Polish banks on alert after mystery malware found on computers (CSO Online) Malware discovered on computers and servers of several Polish banks has put the country's financial sector in alert over potential compromises.

Indian hackers hack Facebook groups for posting teen, revenge porn images (HackRead) Only yesterday we heard about Anonymous taking on the Dark Web based child pornography websites and now a similar operation was launched against pages/grou

Unpatched Windows zero day allows DoS attacks, possibly other exploits (SC Magazine US) Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause Dos attacks.

Over 67,000 Websites Defaced via Recently Patched WordPress Bug (BleepingComputer) WordPress sites that haven't been updated to the most recent version, v4.7.2, released last week, are under attack as four hacking groups are conducting mass defacement campaigns.

Tens of thousands WordPress sites defaced, SEO spam to follow (Help Net Security) Attackers are actively exploiting the recently patched unauthenticated privilege escalation vulnerability in WordPress' REST API to deface websites.

These Hackers Cleverly Disguised Their Malware as a Document About Trump’s Victory (Motherboard) Hackers likely working for a government used an old trick to target victims with a malicious document that mentioned the new US president.

AKBuilder: A builder for exploit-laden Word documents (Help Net Security) AKBuilder is a builder for Word documents that carry exploits for several vulnerabilities and a malicious, encrypted payload.

How Hackers Could Have Pwned You With a Nasty Steam Bug (Motherboard) Hackers could’ve exploited Steam users just by tricking them into visiting a user profile.

Social Media Phishing Attacks Soar 500% (Infosecurity Magazine) Proofpoint report highlights growing menace of angler phishing

Sentry MBA works by harnessing proxies to conduct attacks (Infosecurity Magazine) Sentry MBA works by harnessing proxies to conduct attacks using a pre-configured list of directions

Cloud Storage The New Favorite Target Of Phishing Attacks (Dark Reading) 2016 data shows that phishing scams involving brands like Google and DropBox will soon overtake scams involving financial companies, PhishLabs says.

Your Smart TV Has Been Hijacked. To Continue, Please Pay Ransom (Panda Security Mediacenter) Ransomware attacks have managed to infiltrate practically every corner of the Internet of Things, including the smart TV in your living room.

Report: IRS-related phishing scams seen running rampant (CSO Online) IRS phishing scams are likely underway on a grand scale, according to a PhishLabs report.

Security products endanger customers through poor TLS interception (iTnews) Introduce Logjam, POODLE, CRIME and other vulnerabilities.

David Beckham calls in police over hacked emails (Naked Security) Stolen ‘Beckileaks’ emails dating from 2013 for which hackers demanded €1m are ‘doctored’ and ‘out of context’, say Beckham’s supporters

Cyber Trends

SecureAuth Survey: 4 In 5 IT Decision Makers To Ditch Passwords Within Five Years - Information Security Buzz (Information Security Buzz) Passwords and two-factor authentication are going to decrease as organisations adopt modern methods to authenticate users.

Report reveals lack of cyber security expertise at top firms (Global Custodian) FTSE 100 companies are failing to keep on top of cyber risk management and strategies, according to report.

UK Firms Fail the Cyber Readiness Test (Infosecurity Magazine) A third have taken no new steps since security incident

Marketplace

Sophos acquires Invincea - Help Net Security (Help Net Security) Sophos has agreed to acquire Invincea from its current shareholders for a cash consideration of $100 million with a $20 million earn-out.

Malwarebytes Acquires Saferbytes (BusinessWire) Malwarebytes acquires Italian cybersecurity firm to enhance threat detection, removal and remediation across the entire enterprise.

Salient CRGT announces agreement to buy Virginia-based IT company (GSN) Salient CRGT, Inc. (“Salient CRGT”), a leading provider of agile software development, data analytics, mobility, cyber security, and infrastructure solutions, today announced that it has signed a definitive agreement for the acquisition of Springfield, VA-based Information Innovators, Inc. (“Triple-i”), a technology and mission-focused company serving the federal government, with particular strength in the healthcare information technology (“IT”) arena

Here are 4 ways to profit from the growing need for cybersecurity (TheStreet) The battlefield of the 21st century is cyberspace. Check out these four powerful investments in this booming industry.

Exabeam Secures $30 Million in Series C Funding to Disrupt Security Intelligence Market (Marketwired) Leverages strength in UEBA to create analytics and response platform

HackerOne scores $40 million investment as bug bounty platform growth continues (TechCrunch) For the past several years, HackerOne has been helping customers build bug bounty programs to find vulnerabilities in their software, and today it hauled in..

How FireEye Inc. Burned to the Ground (Fox Business) Will the struggling cybersecurity player go down in flames?

Symantec: A Simple Explanation For The Decline Of The Consumer Security Segment (Seeking Alpha) Symantec's consumer security segment remains the biggest cause of volatility to its growth story. The rapid decline in demand for AVs needs to be hedged with su

The Uncanny Parallels Between Symantec And BlackBerry (Seeking Alpha) While they seem unrelated, Symantec and BlackBerry show uncanny similarities. This article shows the points of contact. It also shows why Symantec's organic gro

Akamai beats projections on cybersecurity strength (MarketWatch) Akamai Technologies Inc.'s quarterly results beat its projections, driven by cybersecurity offerings that helped offset falling revenue from its largest internet customers.

Demand for Strategic and Operational Threat Intelligence Drives SurfWatch Labs’ Record Growth (PRWeb) Rapid adoption of SurfWatch Cyber Advisor results in tripled bookings growth

Fortinet thrives on growth prospects from cybersecurity solutions (TheStreet) As worker mobility increases, corporate firewalls are becoming more vulnerable. That is where this company comes in.

Verizon beefs up cyber intelligence with new security facility (CRN Australia) Federal pollie opens new Canberra centre.

Anomaly Detection Innovator ThetaRay Reinforces Commitment to Financial Sector with Appointment of James Heinzman (PRNewswire) Sungard Alum Will Serve As EVP Of Financial Services Solutions...

John Becker, former Chief Executive Officer at Sourcefire, Joins ThreatConnect Board (BusinessWire) Former Sourcefire Exec brings more than 30 years of security technology experience, specifically in leading fast growth companies

Bugcrowd Appoints David Baker as Vice President of Operations (Yahoo! Finance) Bugcrowd, the leader in crowdsourced security testing, today announced the company has appointed David Baker as vice president of operations. With more than 20 years of experience in enterprise data security, ...

Products, Services, and Solutions

Morphisec Intensifies its Campaign to Disrupt the Endpoint Security Model with Release of Newest Version (PRNewswire) Morphisec, leading developer of Moving Target Defense...

BLACKOPS Cyber Launches ERINYES™, the Breakthrough Dashboard Enabling Real-time Search of the DarkNet (PRWeb) BLACKOPS Cyber, Inc. releases ERINYES™, the cutting-edge defensive cyber tool providing advanced intelligence and early warning to reduce exposure early in the risk life cycle.

Portnox Gains Full Visibility to All Devices and Users Across an Enterprise Network with Cloud-Based Network Visibility, Access and Management Solution (BusinessWire) Portnox, a market leader for network access control and management solutions, today announced the latest version of Portnox CLEAR, a Security-as-a-Service (SaaS) cloud platform that delivers continuous, on and off-premises risk monitoring of all endpoints, helping CISOs and network security administrators manage the health of corporate and personal assets including IoT, BYOD and other mobile devices at all times.

Akamai Fortifies Web Security Solutions Portfolio (PRNewswire) Akamai Technologies, Inc. (NASDAQ: AKAM) today unveiled both a new...

DigiCert Launches Digital Certificate Auto-Provisioning for IoT Devices (ReadITQuik) Automated service provisions credentials on IoT devices lacking open enrollment protocols

Avast 2017 introduces zero-day protection, 'passive' mode for running alongside other security apps (BetaNews) Avast Software has unveiled its 2017 suite of security programs with the simultaneous release of Avast Free Antivirus 2017, Avast Internet Security 2017 and Avast Premier 2017.

Fortinet extends Security Fabric protection into IoT | Networks Asia (Networks Asia) Fortinet has announced the extension of the Fortinet Security Fabric to defend enterprises against the exponentially increasing cyber threats posed by the Internet of Things (IoT).

Comodo Internet Security Complete 10 (PCMag Australia) With Comodo Internet Security Complete 8, you won't face malware alone. GeekBuddy tech support will remotely repair any security problems, guaranteed.

Kenna Security Unleashes Industry-Leading Zero-Day Capabilities through Partnership with Exodus (PRNewswire) Kenna, a vulnerability and risk intelligence platform that enables...

Palo Alto Networks aims to thwart credential theft | ZDNet (ZDNet) The technology rolls out along with a new security platform, hardware, and virtual firewalls from Palo Alto.

Palo Alto Primes PAN-OS 8.0 With New Security Features (SDxCentral) Security company Palo Alto Networks announced its next-generation security platform, PAN-OS 8.0, which includes virtual firewall appliances.

SentinelOne Makes Major Machine Learning Enhancement to Its Next-Generation Endpoint Protection Platform (Marketwired) New deep file inspection engine predicts threats before they execute, sets new benchmarks for pinpoint accuracy

KnowBe4 Introduces New “Social Engineering Indicators” Training Method (BusinessWire) KnowBe4 introduces a new training method that IT managers can use to better manage continually increasing social engineering threats

MegaPath Partners with VeloCloud to Expand its SD-WAN Portfolio (CIO Today) Company takes best-of-breed approach to simplify branch office networking and guarantee zero downtime

Illumio Expands Capabilities of Adaptive Security Platform (TechSpective) The technology and threat landscapes are evolving rapidly, but many organizations are still struggling to defend themselves with traditional security solut

O2 Calls in Defence Contractor to Boost Cyber Security - Acumin (Acumin) Mobile phone giant O2 has teamed up with a UK defence contractor to improve its capabilities in the event of a cyber attack. BAE Systems will offer customers a “device to cloud” security service, while O2’s customers will receive protection via a “stand-alone security solution” that works with all Wi-Fi, fixed line and mobile networks.

Gemalto seals digital identity card deal in Sweden (ComputerWeekly) Swedish tax agency signs single supplier contract with digital security firm to provide physical and digital ID cards.

Bugcrowd Reduces the Cost and Effort of Unifying Vulnerability Data Across Systems (Marketwired) Latest release simplifies integration of Crowdcontrol™ with enterprise security infrastructure

Trend Micro Announces Deep Security 10 for Protecting Servers across the Hybrid Cloud (BusinessWire) New XGen™ security features enhance server protection and extend to container architectures

RedSeal Extends Digital Resilience Platform Across Network Environments, Improves Security and Network Teams' Productivity with New Integrations (Yahoo! Finance) Today RedSeal announced enhancements and new integrations for its market leading network modeling and risk scoring platform. The enhancements will give RedSeal users a single, comprehensive understanding ...

NetMotion Leverages Software-Defined Trend to Secure Mobile Devices (eSecurity Planet) NetMotion Mobility combines provisioning, governance and security into a package any network admin could love.

The best consumer antivirus products of 2016 are Avira and Norton, test labs say (CSO Online) AV-Test and AV-Comparatives have published their end-of-year awards for the best antimalware products of 2016, selecting Symantec's Norton and Avira as the ones to buy.

Technologies, Techniques, and Standards

Five Business Applications To Protect in 2017 (Forbes) No company is 100% protected, nor will it ever be. So, when it comes to cybersecurity, prioritization is vital. In essence, it means that CISOs should first identify the main company assets and secure them.

7 musts for any successful BYOD program (CSO Online) Mobile devices, mobile apps and the networks they use are now essential to satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.

Monitoring scanning activities that could lead to IoT compromises (Help Net Security) IoT devices are ideal targets for attackers looking to build DDoS botnets because they have limited or non-existent security features.

Why you need a tailored application security program (Help Net Security) Setting up a tailored application security program is important, but there are many choices to be made when trying to make it as effective as possible.

Enterprise Android Vs iOS: Which is More Secure? (Dark Reading) The answer is not as simple as you think. A mobile security expert parses the pros and cons.

The flaw in applying culture to awareness programs (CSO Online) I appreciate that organizations are beginning to realize that they need to understand their corporate culture in their implementation of awareness programs. It is long overdue. Unfortunately as a concept, it is being grossly misapplied. In short, you don’t want to adhere to culture, you want to improve culture.

Design and Innovation

How adaptive security in architecture and analytics can work for you (Infosecurity Magazine) Advancements in application architecture, data instrumentation, and advanced analytics work for you

Research and Development

Can smartphone thieves be identified in seconds? (Help Net Security) Ben-Gurion University of the Negev researchers have developed a technique that identifies smartphone thieves or intruders in under 14 seconds.

Academia

Online Intel program nationally ranked (The Merciad) Mercyhurst’s Applied Intelligence Online Master’s Program received recognition from Successful Student website. The program ranked 21st for Best Homeland Security Colleges Online. The programs are ranked based on their relevance to Homeland Security careers, accreditation and academic reputation. “It was a surprise because we are an applied intelligence program and this is a Homeland Security...

Vincennes University Partners With World's Largest Cyber Security Certification Organization (WBIW) Vincennes University's Department of Information Technology has partnered with the International Council of eCommerce Consultants (EC-Council) as an official Accredited Training Center.

How Would You Change the Internet? Trend Micro Video Contest Seeks Answers from Students (BusinessWire) Annual “What’s Your Story?” contest will award $10,000 to one individual film-maker and one school

Hello Muddah, Hello Fadduh: Greetings from Cryptography & Cybersecurity D.C. Summer Camp - Crowdfund Insider (Crowdfund Insider) Cryptography and cybersecurity studies are not just for college and graduate students. iD Tech, a leading STEM camp provider for kids and teens nationwide,

Safer Internet Day Campaign Kicks Off to Protect Children from Online Dangers (SIGNAL Magazine) Today marks the 14th annual Safer Internet Day, a global campaign to make the cyber domain a littler safer, especially for children. This year’s theme, “Be the change: Unite for a better Internet,” highlights how all of society has a role to play in cybersecurity, and that working together creates a safer Internet. The campaign's Twitter hashtag this year is #SID2017.

Legislation, Policy and Regulation

Russia's Art of War (Foreign Affairs) "War is the continuation of politics by other means,” observed the Prussian military theorist Carl von Clausewitz in his classic treatise On War. Although the aphorism has become axiomatic almost to the point of cliché, it is an especially apt prism for understanding Russia’s increasingly adventurous foreign policy.

Trump and the Iranian Elections (Foreign Affairs) But despite the perceived lack of progress on the economic front, Iranian President Hassan Rouhani is still the most viable candidate in the country's upcoming presidential elections. This is mainly because none of the individuals potentially running against him have his name recognition or social and political capital. This, however, could change if U.S.-Iranian relations keep escalating. In this context, the rhetoric coming out of the Donald Trump administration in the United States is key for Rouhani’s future—and Iran’s.

Trump administration will uphold election system's designation as critical infrastructure (Reuters) U.S. Homeland Security Secretary John Kelly on Tuesday said he backed a decision in the Obama administration's final days to designate elections systems as critical infrastructure in order to boost their cyber defenses, after the government concluded Russian hackers tried to influence the 2016 presidential race.

Cybersecurity subcommittee's role outlined (InsideDefense.com) The Senate Armed Services Committee has updated its website with a section on the roles and functions of the panel's cybersecurity subcommittee.

House Passes Long-Sought Email Privacy Bill (KrebsOnSecurity) The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.

Senators Recognize Reservist Cyber Skills in New Bill (Infosecurity Magazine) Proposed legislation will force DoD to track capabilities of part-timers

Litigation, Investigation, and Enforcement

Former FireEye Intern, Author of Dendroid RAT, Gets No Prison Time (BleepingComputer) A judge has sentenced Morgan C. Culbertson, 21, of Pittsburgh to three years probation, with 300 hours of community service and computer monitoring, for his role in creating and selling the Dendroid RAT (Remote Access Trojan).

Teenage hackers beware: Don't do the cybercrime if you can't do the jail time (CSO Online) Some teenagers are learning the hard way that cybercrime doesn't pay.

Playpen moderator sentenced to 20 years in prison (Ars Technica) His job was to delete content that did not depict or discuss child pornography.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Protect Conference (Nottingham, England, UK, February 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's Police and Crime Commissioner Paddy Tipping and Nottinghamshire Police, and will include presentations from cyber security experts. The event, which takes place on Thursday, February 9, at The Atrium in Nottingham, is free of charge and open to small and medium-sized enterprises (SMEs) across the county.

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively focused on workplace violence and responding to an active shooter event. Presenters include experts from the Occupational Safety and Health Administration (OSHA), and the Maryland State Police. It's free to attend. Prominent among the topics to be discussed will be threats directed from the Internet.

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

ISIS groups attack NHS sites in coordinated hacks. A new bad animal joins the malware menagerie. US likely to maintain designation of election systems as critical infrastructure. Security industry M&A news.