The CyberWire Daily Briefing 2.13.17

Summary

By The CyberWire Staff

TASS reports a brief weekend DDoS attack on Russia's health ministry.

Palo Alto Networks sees new activity from the Hamas-associated Gaza Cyber Gang: phishing campaigns to install spyware. Targets are in Israel and various Arab countries. Palo Alto characterizes the campaigns' technical sophistication as relatively high. As so often happens, the attackers inadvertently aroused suspicions with poor proofreading.

ISIS sympathizers are being targeted by Android malware delivered over one of the Caliphate's preferred social media, Telegram. The first stage of infection aims at privilege escalation; subsequent stages vary with the attackers' intentions. There's no attribution, but it's also no secret that ISIS's opponents are actively targeting the group. The US Air Force, for one, reported to Congress last week that it conducted more than 4000 cyber operations in conjunction with combat operations against terrorist targets.

Some observers perceive an increase in the Egyptian government's online surveillance and traffic interception efforts.

Sources "close to" the Italian government tell the Guardian and Reuters that Italy's Foreign Ministry sustained a four-months-long cyber attack in 2016. Non-classified systems were successfully penetrated; classified systems are said to have resisted compromise. The Russian government is suspected of responsibility.

Members of the US Congress urge the Administration to revisit Wassenaar cyber arms control regime.

NBC says a "senior US official" tells them he believes Russia may send Edward Snowden back to the US in a good-will gesture to President Trump. (Snowden tweeted this proves he's not a Russian spy. His ACLU lawyer knows nothing about the matter.)

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, Egypt, Iraq, Israel, Italy, Jordan, Mexico, Palestinian Territories, Russia, Serbia, Syria, Turkey, United Arab Emirates, United Kingdom, and United States.

A note to our readers: to find links to articles related to the news summarized here, just scroll down.

On the Podcast

In today's podcast we talk to Malek Ben Salem from our partners at Accenture Labs. She discusses privacy and data mining.

Of course, the special prognostication edition of our podcast is also available. We talk with industry experts and editors covering the cyber beat, getting their take on the outlook for 2017 in cyber security.

Sponsored Events

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, February 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

Selected Reading

Dateline

The RSA Innovation Sandbox: Part Startup Olympics, Part Unicorn Hunt (The CyberWire) RSA opens today with the annual Innovation Sandbox, a competition that began with a very large number of nominations, now winnowed to ten finalists. The Sandbox aims at selecting what the RSA Conference characterizes as the year's most innovative information security companies.

RSA Conference Adapts to Address Emerging Threats, Technologies (eWeek) Over its 26-years history, the RSA Conference has evolved to cover the constantly changing cyber-security threats and the latest technologies.

IoT security threat to become real post-Mirai at RSA Conference 2017 (SearchSecurity) An RSA Conference 2017 preview shows the IoT security threat once again atop the submission pile. But this year, experts finally think the dangers are real.

Cloud, IoT, Arby's Hack Center Stage At RSA Security Conference (Investor's Business Daily) The RSA Security Conference, where companies discuss cybersecurity trends, kicks off Monday amid reports hackers stole consumer data at Arby's.

RSA Conference 2017: your chance to get to grips with ransomware (Naked Security) Ransomware is one of the hottest topics in infosec right now, and the RSA conference in San Francisco is devoting a whole day to it

Palo Alto Networks CEO Predicts Disruptive Convergence of Security Industry in Keynote Address at RSA Conference 2017 (Yahoo! Finance) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced that its chairman and CEO, Mark McLaughlin, will deliver a keynote ...

Qualys at RSA Conference: Implementing innovation (Help Net Security) There will be no lack of interesting content from Qualys at this year's RSA Conference.

Zscaler Arrives at RSA Conference 2017 with an Exciting Lineup and a Smashing Display (Yahoo! Finance) Zscaler, Inc., the leading cloud security company, today announced its presence at the upcoming RSA Conference 2017 in San Francisco at the Moscone Center, South Hall booth #1207. Through a series of in-booth ...

Cybersecurity--2017 Reality Check (LinkedIn) The cyber security community descends on San Francisco next week for the RSA Security Conference to review the latest products to address our cyber security woes. Guests will have the opportunity to review over 500 vendors from around the world and seek to differentiate between products and determine whether they will really help security. Good luck to all of us.

The Ultimate Guide to RSA 2017 Parties (RSAParties.io) The ultimate list of parties at RSA Conference 2017. Locations, times, and maps to help you maximize your social efficiency.

Ex-FBI man spills on why hackers are winning the security game (Register) Government and business don't get on, AI is bunk and politics rules

Cyber Attacks, Threats, and Vulnerabilities

Cyberattacks on International Banks Show Links to Hackers Who Hit Sony (Wall Street Journal) Cybersecurity specialists have found evidence suggesting that recent attacks on institutions in Poland are part of an international hacking effort targeting financial institutions in the U.S., Mexico and the United Kingdom—an attack that shares traits with the 2014 attack on Sony Corp.

Italy's foreign ministry came under cyber attack in 2016: source (Reuters) Italy's foreign ministry was hacked last year, a source close to the department said on Friday, confirming a report in the Guardian newspaper which also said Russia was suspected of perpetrating the attack.

Russian Healthcare Ministry hit by large cyber attack (TASS) The ministry’s site was not functioning for 14 minutes during the DDoS attack

Ministry Of Home Affairs Website Comes Under Cyber Attack (TimesNow) The website of India’s Ministry Of Home Affairs was reportedly hacked by miscreants on Sunday, following which the Delhi police and cyber cell have said the matter is being looked into, but there has been no official confirmation yet.

Home ministry blocks official website after cyber attack (Daily News & Analysis) Home ministry blocks official website after cyber attack

UK Hit by 188 Major Cyber Attacks in Three Months (Infosecurity Magazine) UK Hit by 188 Major Cyber Attacks in Three Months. NCSC boss warns of ‘step change’ in Russian aggression

Hamas upgrades cyber espionage capability — report (The Times of Israel) Internal Security Minister and sports broadcaster feature in fake news items designed to persuade email users to open rogue spyware file

Islamic State supporters hit by Android malware on Telegram (CyberScoop) ISIS forum members alerted users to plus_gram.apk, a trojanized RAT that allows an attacker to spy on and take full control of the target's Android device.

Infinite eyes in the network: Government escalates attack on secure communication (مدى مصر) There is a history of the state breaching private security, but something new may be coming

Spyware’s Odd Targets: Backers of Mexico’s Soda Tax (New York Times) The first hints that the phones of nutrition policy makers were infected were strange messages from unknown contacts.

Ultranationalist Developer Behind SerbRansom Ransomware (BleepingComputer) An ultranationalist developer from Serbia is behind a series of malware strains, including a new ransomware family named SerbRansom, discovered yesterday by security researcher MalwareHunter.

Scammers slip fake Amazon ad under Google’s nose (Naked Security) The spoofed ad sent Windows users into fake Microsoft-sponsored blue screens of death and Mac users into fake cryptoware warnings

New Ticketbleed Vulnerability Bleeds Like Old Heartbleed.. Literally (HackRead) Filippo Valsorda, a researcher from Cloudflare, recently discovered a bug in F5’s BIG-IP Networks. The flaw has been dubbed as Ticketbleed, keeping in mind

Number of RDP Brute-Force Attacks Spreading Crysis Ransomware Doubles in 6 Months (BleepingComputer) Since September 2016, a criminal group has been using different versions of the Crysis ransomware to infect enterprise networks where they previously gained access to by brute-forcing workstations with open RDP ports.

UK Supreme Court Issues Alert Regarding Scam Subpoena Emails (Cyware) The UK’s Supreme Court has been forced to warn netizens of a phishing campaign using the institution’s seal and logo to trick unsuspecting recipients. The final court of appeal in the UK for civil cases told individuals to ignore the fraudulent message.

Hacking of driverless cars a concern for mining industry: Deloitte (Canadian Underwriter) The exploration plans of Canadian mining firms are among the “prime” targets for hackers, while autonomous vehicles used by miners could be influenced by computer viruses, Deloitte Touche Tohmatsu Ltd. warned in a recent report. “Malicious viruses, like Stuxnet, explicitly…

Macro Malware Hits Mac Users (BleepingComputer) After hounding Windows users for well over two decades, macro malware has taken its first steps towards affecting the other operating system on which the Microsoft Office suite is available, and that's Apple's macOS.

Digital Shadows on why it's sometimes best to avoid "Cupid's" arrow (null) Different times of the year and major news events can trigger a surge in attacks aimed at particular industries and geographies.

Web of vulnerabilities (Christian Science Monitor Passcode) Explore the ecosystem of spies, criminals, and companies who compete to find and exploit software defects:

Security Patches, Mitigations, and Software Updates

Google set to purge Play store of apps lacking a privacy policy (Naked Security) Android developers, you’ve got until March 15 to rig up a decent privacy policy or have your app thrown out of the store

Whatsapp rolls out two-step verification for additional security: Will it halt rise in false impersonation? (The TeCake) Ever since the dawn of the age of Android, as some would like to call the present times, the sphere of influence of instant text messenger Whatsapp has bee

Cyber Trends

New Intel Security Cloud Report Reveals IT Departments Find It Hard to Keep the Cloud Safe (BusinessWire) Close to 40 percent of cloud services are commissioned without the involvement of IT, leading to more security risk for companies

New research reveals disconnect in countering cyber attacks (Advance) New research published by BAE Systems reveals a surprising disconnect between C-suite executives and IT Decision Makers in defending against cyber threats.

Cyber Attacks Split Executives And IT Specialists (Forbes) What with all the talk of cyber espionage during the U.S. Presidential election and since, you might think that business leaders would be strongly focused on combatting it. However, research published recently by cyber security experts BAE Systems reveals a surprising disconnect between executives at the top of companies and decision makers in information technology over how to go about the task.

The anti social network (Help Net Security) Let’s be honest. Our online world is judged on how others view us, or as the psychologist Caldini would put it social validation. Want to buy a product? We

Are CISOs Prepared For Emerging Tech Risks (BW Businessworld) Emerging technology risks and the inability to effectively assess them will prove to be the biggest challenges for CISOs, , CISOs, Emerging technology, cybersecurity, internet of things

Marketplace

The secret world of vulnerability hunters (The Christian Science Monitor Passcode) Spies, hackers, and cybersecurity firms compete to find and exploit software flaws, often to infiltrate criminal networks or track terrorists. A look into this complex ecosystem.

Security skills gap? What security skills gap? (Help Net Security) Network security specialists are highly sought after no matter where you look: it’s the most wanted skill set in Israel, Ireland, the UK, US and Germany.

Microsoft to Rate Corporate Cybersecurity (Wall Street Journal) Microsoft on Friday will begin grading its commercial customers’ Office 365 security settings in an effort to fortify its software and services that are frequent targets of hackers.

3 Big Bets Cisco Systems, Inc. Is Making -- Will They Be Enough? -- The Motley Fool (The Motley Fool) The company's core business is slowing down, but these three areas could be the future of the company's growth. Still, it won't be easy.

Sophos to Apply Advanced Algorithms to Endpoint Security (IT Business Edge) Later this year, Sophos plans to deliver an ensemble of endpoint security technologies that will be infused with machine learning algorithms the company has gained access to in the wake of its acquisition of Invincea this week.

The new Sophos is goldmine for channels: Hemal Patel (ChannelWorld India) 'We have ensured maximum channels growth with minimal partner conflict across Sophos’ portfolio, says Hemal Patel, SVP India Operations, Sophos.

Data centres, cloud and SaaS: Is Palo Alto Networks the next cyber security provider to beat? - Data Economy (Data Economy) Provider opens data centres in Germany and Singapore as the software-driven cloud economy is predicted to generate a global IT spending of $1tr.

The fraud fighter: How White Ops helped put ad waste (and itself) on the map - Digiday (Digiday) White Ops has gotten big press attention for ad fraud, but drawn criticism in the process.

United For Universal Security: Dashlane Joins The FIDO Alliance (Yahoo! Finance) Dashlane, the leader in online identity and password management, proudly announces that it has joined FIDO (Fast IDentity Online) Alliance, a crossindustry coalition developing open, interoperable authentication standards that reduce reliance on passwords with

Pentagon's supplier & Tomahawk missiles manufacturer to protect US power utilities from cyberattacks (RT International) One of the world’s top military contractors, Raytheon, has teamed up with another American company that monitors power supply in real time to fight against potential cyber threats to the US power grid in the wake of recent hacking hysteria.

Zscaler Appoints Remo Canessa Chief Financial Officer (Yahoo! Finance) Zscaler, the leading cloud security company, today announced the appointment of Remo Canessa to the position of Chief Financial Officer. The Zscaler™ cloud security platform transforms enterprise network ...

Products, Services, and Solutions

Why cyber security is a big concern for M&A activity in the UAE - Gulf Business (Gulf Business) Here's how cyber-attack threats on mergers and acquisitions deals can be mitigated

Baffle Encryption as a Service Now Supports SQL Databases (Database Trends and Applications) Baffle, Inc. has announced that its encryption as a service (EaaS) solution now supports SQL databases, to ensure that sensitive data remains encrypted end-to-end-from production through processing; while being stored on-premise, in the cloud, and while being processed by databases and applications.

Milton Security Opens a Security Operations Center and offers Network Access Control As A Service. (Milton Security) Milton Security Group Inc., a global leader and innovator in network and endpoint security, today launched the Milton Security Operations Center (SOC). Included with this new SOC, Milton is bringing Network Access Control (NAC) As A Service, which reduces the burden on staff. As many professionals in the cyber industry gather next week in San Francisco for RSA to look at all the new blinky light boxes, we are here standing watch over our customer's networks.

Microsoft teams up with Skycure to fight mobile threats (BetaNews) Cyber threats to enterprises aren't confined to the desktop, mobile systems are at risk too and businesses are looking for solutions that can combine security with ease of management.

Someone wants to make VPN obsolete (TechRadar) At least if you do remote access

Zimperium Fuels Advanced Mobile Threat Defense with Next Generation zIPS™ (Yahoo! Finance) Zimperium , the industry leader in enterprise mobile threat defense (MTD) and the only provider of real-time on-device protection against known and unknown ...

Accenture Integrates Blockchain Technology with Thales Hardware Security Module | Payment Week (Payment Week) Accenture unveils a patent-pending solution that simplifies the ability of blockchain technology to integrate with security systems

Spirion Strengthens Enterprise Data Security with Spirion 10.0, Introduces “Spirion Spyglass” Executive Dashboard, Expanded Cloud Support, Splunk Integration and GDPR Assessments (BusinessWire) Spirion, the leading provider of sensitive data risk-reduction solutions, today announced the Spirion 10.0 data platform with enhanced enterprise capabilities.

Bank of England works with Anomali to improve threat intelligence capabilities (Bank of England) The Bank of England FinTech Accelerator recently ran a proof of concept looking at innovative technologies that collect, integrate, hunt and investigate cyber security intelligence data. Following the successful completion of this proof of concept, the Bank has decided to continue to work with Anomali to monitor and mitigate efforts against cyber threats.

Microsoft makes NSA approved list with Surface devices (iTnews) Surface Book and Pros can be used for classified work.

SS8 BreachDetect Uses 'Time Machine' to Unravel Cyber Kill Chains (eSecurity Planet) No forensics experience? No problem. BreachDetect uses new timeline views and plain-language explanations to unmask breach attempts.

Technologies, Techniques, and Standards

Cyber capabilities support U.S. kill/capture missions (C4ISRNET) The Air Force has conducted a multitude of cyber missions over the last year that have contributed to captured or killed terrorists.

How to wake the enterprise from IoT security nightmares (Networks Asia) IoT security costs to climb

ESET Shares 5 Basic Cyber Security Lessons for Businesses (Yahoo! Finance) ESET, Europe-based leader in IT security, shares five basic cyber security lessons from its experts. Dave Maasland, CEO Eset Netherlands in cooperation with Fred Streefland, IT Security Manager at LeaseWeb, explore a new way of looking at cybersecurity that stops

Five ways to prevent data leaks (Help Net Security) Any business running multiple cloud-based apps runs a risk of exposure through data leakage. Here are five ways to keep data protected and secure.

Security experts share 3 key insights on ransomware (Networks Asia) Before people entangle themselves in everything digital that this year has to offer, it's important to heed expert advice.

Six critical customer support differentiators in cybersecurity (Help Net Security) Regardless of size or sector, excellent customer support is a major differentiator within any organization. In the cybersecurity industry, however, tech su

Design and Innovation

Apple CEO calls for 'massive campaign' to battle fake news (The Hill) Tim Cook says fake news is "killing people’s minds."

Open source is just as secure as commercial code (Infosecurity Magazine) Open source is just as secure as commercial code, but what is used in your apps?

Can you trust crypto-token crowdfunding? (TechCrunch) In 2016, blockchain startups raised some $200 million in Initial Coin Offerings, a new form of crowdfunding based on cryptocurrency tokens. Some of the..

Research and Development

Wikipedia Comments Destroyed by a Few Highly Toxic Users (BleepingComputer) A joint study carried out by researchers from Alphabet's Jigsaw and the Wikimedia Foundation has analyzed all user comments left on Wikipedia in 2015 in order to identify how and why users launch in personal attacks, one of the many faces of online abuse.

The security impact of HTTPS interception in the wild (Help Net Security) HTTPS deployment is on an upward trajectory, and this growth is accompanied by the increasing HTTPS interception and SSL inspection.

Artificial intuition will supersede artificial intelligence, experts say (Network World) Human cognition and instinct will become significantly more widespread in machines. It promises to rapidly surpass simple artificial intelligence.

Academia

Regis cybersecurity exercise shows trainees what a “malicious attack” can do (The Denver Post) Those attending a two-day cybersecurity exercise at Regis University learned “what a malicious actor may be doing to your network,” said Laura Cobert, chief warrant officer in the Guard…

Huawei Canada selects Polytechnique Montréal for Industrial Research Chair in Future Wireless Technologies, a first for both Montréal and Huawei (CNW Telbec) Huawei Technologies Co. Ltd., one of the world's largest manufacturers of ICT...

Students explore cyber security skills at camp (Khaleej Times) The camp saw the participation of 21 students aged 14 to 18

Legislation, Policy and Regulation

SECURITY: Latest draft of Trump cyber order emphasizes 'risk' (E&E News) The White House plans to direct federal agencies to build a U.S. cybersecurity policy around computer systems "at greatest risk of attacks," according to the latest draft of an executive order.

Reps urge Trump administration to fix cyber trade agreement (TheHill) Seven key members of the House are asking Trump official Michael Flynn to energize renegotiations of the Wassenaar Arrangement.

No replacement yet named for White House chief infosec officer (Naked Security) Departure of Cory Louie comes as observers wonder when Trump will sign his delayed EO on cybersecurity

Commercial sector has concerns with cyber status quo (C4ISRNET) Given that the cyberspace infrastructure used by the public is operated and maintained by the private sector, it has a stake in crafting international cyber norms.

American Spies: how we got to mass surveillance without even trying (Ars Technica) Review: law prof explains how the road to bad law is paved with good intentions.

Litigation, Investigation, and Enforcement

Russia considering giving Snowden to US as ‘gift’ to Trump: report (The Hill) Russia believes returning Snowden to the U.S. is a way to "curry favor" with Trump.

14-Year-Old Admits to Attempting to Hack Brussels Airport a Day After ISIS Attack (BleepingComputer) A 14-year-old US teen has admitted to attempting to hack the Brussels Zaventem Airport on the day after brutal ISIS bombings had killed 32 people, on the morning of March 22, 2016.

Harold Thomas Martin III Indicted on Charges of Willful Retention of National Defense Information (Lawfare) On Wednesday, a federal grand jury indicted Harold ("Hal") Thomas Martin III, a former private contractor for Booz Allen Hamilton, of willful retention of national security information. The 20-count indictment describes his unauthorized retention of documents belonging to the National Security Agency, as well as the Central Intelligence Agency, U.S. Cyber Command, and the National Reconnaissance Office; the theft took place over a period as early as 1996 until August 27, 2016.

Oracle refuses to accept pro-Google “fair use” verdict in API battle (Ars Technica) Oracle insinuates Google was “a plagiarist” that committed “classic unfair use.”

Hacker sentenced by US judge over $55 million cyber-attack case (http://www.deccanchronicle.com/) Ercan Findikoglu, a Turkish national, had gone to great lengths to avoid capture by the US Secret Service.

If you’re a revenge porn victim, consider this free, helpful legal guide (Ars Technica) Lawyer wants victims to stand up: “We’ll have a slew of high quality filings.”

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace new and unique perspectives from a broadly diverse base of people and sources. RSA Conference 2017 provides the opportunity for all attendees at all levels to grow their knowledge, exchange ideas with peers and further their careers. With opportunity comes great responsibility for the future. Our actions today will have a lasting impact on the strength of the industry—and the safety of the world—tomorrow. At RSA Conference 2017, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, February 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Gaza Cyber Gang newly active. ISIS hit via Telegram-distributed malware. Italian Foreign Ministry hit by cyber espionage campaign. DDoS in Russia, cyber vandalism in India. RSA opens.