The CyberWire Daily Briefing 2.14.17

Summary

By The CyberWire Staff

A wave of attacks on financial institutions appears linked, acording to researchers at Symantec and BAE. The malware discovered in a range of watering hole attacks, which is being called "Ratankba," is thought to bear signifcant similarities to that used by the Lazarus Group, a criminal organization believed by many to be linked to North Korea and the 2014 Sony hack. Polish media had initially suspected the campaign to originate with Russian security services; this is now being called into doubt.

"Fileless" malware continues to concern telecoms, banks, and government agencies as this particular mode of attack continues its spread.

Researchers demonstrate proof-of-concept exploits against industrial control systems, including those used in water and electrical utilities.

The SANS Internet Storm Center reports that Microsoft has delayed patches scheduled for release today. Adobe has patched thirteen Flash vulnerabilities.

In industry news, Convergence Technology has acquired Deep Run, WiseKey has agreed to buy Quo Vadis, and HALOCK buys Eclipsecurity. InSights secures a $13 million Series B funding round.

Threatpost reports that governments are "distancing" themselves from advanced persistent threats, but such distancing is merely an enhancement of plausible deniability: they appear to be making more sophisticated use of third-parties, outsourcing attacks to cut-outs.

Microsoft has called for a "Geneva Convention" in cyberspace. This goes beyond the protection of noncombatants the original Geneva Conventions sought to provide. Microsoft is interested in promoting general international norms of cyber conflict.

US National Security Advisor Michael Flynn, criticized for ties to Russia, has resigned his post.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting European Union, India, Democratic Peoples Republic of Korea, Mexico, Poland, Russia, Turkey, United Kingdom, and United States.

On the Podcast

In today's podcast, we hear from Emily Wilson, representing our partners at Terbium Labs. She discusses nationalism on the dark web. We'll also hear from our guest, Trevor Hawthorn of Wombat Security, who takes us through Wombat's State of the Phish report.

Interested in some big-picture informed speculation about 2017? Give the special prognostication edition of our podcast a listen. In this one we speak with industry experts and editors covering the cyber beat to get their take on the outlook for 2017 in cyber security.

Sponsored Events

E8 Security (Chronicle Books Metreon, San Francisco, CA, USA, Feb 15, 2017) E8 Security Invites You To An Exclusive Book Signing and Cocktail Party at RSA with Author Gary Hayslip

Hacking The Home (Fulton, MD, USA, Feb 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

Selected Reading

Dateline

Authentication and Homomorphic Encryption Innovators Emerge from the Sandbox (The CyberWire) A talented field yielded some creative solutions to vexing security challenges. RSA's 2017 Innovation Sandbox held its competition and selected a winner yesterday afternoon: UnifyID. The ten finalists all offered interesting and compelling presentations (especially the runner-up, EN|VEIL), and we'll review their presentations below.

It's 'Code Red' as cyber-security pros gather (USA TODAY) The RSA computer security conference starts as cyber threats have become a household worry.

RSA 2017: Security is No Joke (eSecurity Planet) The world's largest security conference gets underway today and even though a comedian is the closing session, it's all very serious business.

Hot products at RSA 2017 (CSO Online) RSA, the world’s largest security conference, is underway this week in San Francisco with attendees from around the world gathering to hear the latest strategies for fighting cyberattacks.

RSA aims to balance business needs, risk, cybersecurity (ZDNet) RSA Security is pitching an approach to cybersecurity that blends in business analytics and prioritization of responses based on risk. Will returns on investments follow?

Connected Devices Expose Major Enterprise Cyber Risk in 2017 (PRNewswire) More than 90 percent of IT security professionals said that connected devices...

RSA 2017: SophosLabs sees spike in Linux-IoT malware (Naked Security) Security holes in Linux-based devices are no longer just theoretical – they’re being used to threaten the web’s infrastructure

Contrast Labs Reveals 25 Percent of Web Apps Still Vulnerable to Eight of the OWASP Top Ten (Yahoo! Finance) Contrast Security, the first company to enable self-protecting software, today announced the findings from a security research project on web application vulnerabilities. The data, collected by Contrast Labs from the Contrast Security platform across

CrowdStrike Introduces Enhanced Endpoint Machine Learning Capabilities and Advanced Endpoint Protection Modules (CrowdStrike) CrowdStrike announced new capabilities and features that provide customers with unmatched prevention against malware and malware-free attacks.

Code Dx Releases Version 2.4 Offering Interactive Application Security Testing Support through Contrast Security's Assess IAST (Marketwired) Code Dx, Inc., a provider of an award-winning suite of time-saving and easy-to-use tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced the availability of Code Dx 2.4.

CyKick Labs Comes Out of Stealth & Reveals New Approach to Web Security (Cykick Labs) Telepath stops cybercrime and fraud with behavioral analytics and machine learning

Tenable Expands Partner Ecosystem and Delivers Better Visibility to Customers with Open and Integrated SaaS Platform (Yahoo! Finance) Tenable Network Security®, Inc., a global leader in cybersecurity, announced today at RSA Conference 2017 it is giving customers access to rich vulnerability data for better visibility into their risk posture through the Tenable.io partner ecosystem.

Thales Leads the Industry with Data Security Controls for Cloud Services (Vormetric) Thales, a leader in critical information systems, cybersecurity and data security, announces its high-assurance data security technology is integrated with the leading cloud service provider platforms from Amazon Web Services (AWS), Google, Microsoft and Salesforce, allowing users to establish strong safeguards around their sensitive data and applications in the cloud, and giving them greater control and flexibility.

Thales Unveils Cloud-Ready HSM to Deliver Crypto Services for Modern Applications (Vormetric) Thales, leader in critical information systems, cybersecurity and data security, announces a crypto-as-a-service solution that enables organizations to deliver cryptographic services with more ease and flexibility in public, private and hybrid cloud environments.

Spirent Extends Security and Performance Testing Leadership with CyberFlood Update (Benzinga) Spirent Communications plc (LSE:SPT) today extended its lead in security and performance testing by introducing the industry's first server-response fuzzing capability within CyberFlood, its premier security test product.

Corero Network Security Expands Real-Time DDoS Mitigation Capabilities to Include 100Gbps Ethernet (Yahoo! Finance) Corero Network Security today announced the expansion of its award-winning, real-time, DDoS mitigation solutions, with the SmartWall® Network Threat Defense 1100 .

GuardiCore Expands Breach Detection And Response Capabilities To Cover More Attack Types Aimed At Data Centers And Clouds (null) GuardiCore, a leader in data center and cloud...

Seagate Helps Strengthen Federal Cybersecurity With New Data Encryption Capabilities (Seagates) Seagate Technology plc (NASDAQ: STX) announced that its portfolio hard drives and solid-state drives designed to meet stringent federal security standards now integrate with advanced encryption key management software and services from Fornetix, LLC.

ZENEDGE Announces Next Generation Bot Management Platform (PRNewswire) ZENEDGE, a leading provider of cloud-based, artificial intelligence (AI) driven Web Application Firewall (WAF), malicious bot detection and DDoS cybersecurity solutions, announced today ZENEDGE Bot Manager

ThreatConnect Launches Four New Products for Security Operations, Analysis and Threat Intelligence (ThreatConnect) Organizations of all sizes and maturity levels will have an intelligence-driven defense with ThreatConnect

Recorded Future expands platform to scan every source on the web for digital threats (ZDNet) The threat intelligence platform can now track data across everything from the clear web to closed, underground forums.

Forcepoint™ Launches New Businesses to Drive Customer-Centric Innovation (PRNewswire) Global cybersecurity leader Forcepoint™ today announced that it has...

Ivanti Unveils Expanded Data Center and Hybrid Cloud Security Product Portfolio (yahoo! Finance) Today at RSA Conference 2017, Ivanti, a leader in integrating and automating critical IT tasks, announced its expanded suite of solutions for data center and hybrid cloud security. This release marks the first in a series of Ivanti announcements to articulate

Qualys and Bugcrowd Bring the Power of Automation and Crowdsourcing to Web Application Security (Yahoo! Finance) RSA Conference USA 2017, Booth #N3817 -- Qualys, Inc. , a pioneer and leading provider of cloud-based security and compliance solutions and Bugcrowd, the leader in crowdsourced security testing, today ...

Nerdio Partners with CensorNet to Offer Enhanced Cloud-Based User Authentication (Yahoo! Finance) Adar, Inc., creator of industry-leading IT-as-a-Service platform Nerdio, today announced its partnership with CensorNet, the complete cloud security company, to put ITaaS users at ease with enhanced user authentication. Nerdio will be upgrading its

Digital Guardian honored as Best Product winner for Data Leakage Prevention Solutions in the 5th Annual 2017 Cyber Defense Magazine InfoSec Awards (Digital Guardian) Recognizing Innovation During the RSA® Conference 2017

Ixia Vision ONE™ Now Interoperable with RSA® NetWitness Suite to Deliver Advanced Threat Detection for Hybrid Enterprise Networks (BusinessWIre) Ixia highlights technology advancements and interoperability at the RSA Conference 2017

TopSpin Security Wins 2017 Cybersecurity Excellence Award as Best Threat Detection, Intelligence and Response Cybersecurity Product (CIO Today) TopSpin DECOYnet™ Intelligent Deception and Detection Platform Voted as a Winner by Members of Information Security Community

Intertrust Announces whiteCryption Swift Support for Application Security Solutions (BusinesWire) Intertrust Technologies Corporation, the world’s leading provider of secure and trusted distributed computing products and services, today announced the company’s whiteCryption product line will support Swift programming language as part of its suite of enhanced application security solutions.

Qualys Introduces Two New Disruptive Services at RSA Conference USA 2017 (Marketwired) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced a major expansion of its Qualys Cloud Platform which helps organizations continue to reduce the complexity and cost of security and compliance.

Haystax Technology Wins Two Prestigious Cybersecurity Awards Ahead of RSA Conference (Benzinga) Constellation Analytics Platform™ Honored with Cyber Defense Magazine INFOSEC Award and Cybersecurity Excellence Award

PhishMe Announces New Premium Features for Flagship Product PhishMe Simulator (SAT PR News) PhishMe®, the leading provider of human-phishing defense solutions, announced today at RSA Conference 2017 that it has added advanced enhancements to its behavioral conditioning program PhishMe Simulator™ to meet the ever-changing needs of organizations of all sizes.

Exabeam honored as Editor's Choice winner in the 5th Annual 2017 Cyber Defense Magazine InfoSec Awards in User Behavior Analytics (Marketwired) Recognizing Innovation During the RSA® Conference 2017

Hexadite Unveils Custom Playbooks Following One Millionth Automated Cybersecurity Investigation (BusinessWire) Hexadite, provider of the first agentless intelligent security automation platform, today unveiled custom playbook capabilities that allow organizations to strike the right balance between security automation and customization.

Bitglass Honored with Second "Hot Company" Award by Cyber Defense Magazine for the Cloud Security Solutions Category (Yahoo! Finance) Bitglass, the total data protection company, today announced that Cyber Defense Magazine, the industry's leading electronic information security magazine and media partner of the RSA® Conference 2017, ...

Dome9 Scores a Double Win with Cybersecurity Excellence and Cyber Defense Magazine Awards (Yahoo! Fincance) Dome9 Security, the leader in cloud infrastructure security, today announced that Dome9 Arc, the company's acclaimed cloud security platform, was named Best Cloud Security Product in the 2017 Cybersecurity ...

Cyber Attacks, Threats, and Vulnerabilities

Lazarus: North Korea-linked Sony hackers suspected to be behind cyberattacks against global banks (International Business Times UK) Financial institutions across 31 countries are believed to have been targeted by the cybercriminals.

Banks around the world targeted in watering hole attacks (Help Net Security) The recent attacks against Polish banks through the booby-trapped site of the Polish Financial Supervision Authority are just one piece of a larger puzzle.

Attackers target dozens of global banks with new malware (Symantec Security Response) Watering hole attacks attempt to infect more than 100 organizations in 31 different countries.

The Rise of Fileless Malware: Over 100 Telecoms, Banks, Gov't Orgs Under Attack (HackRead) Researchers have issued a warning that hackers are resorting to the use of file-less malware programs to gain stealth access to the systems of organization

Researcher develops ransomware attack that targets water supply (CSO Online) A security researcher is showing that it’s not hard to hold industrial control systems for ransom. He's experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked.

Researchers demonstrate ransomware for industrial control systems (Help Net Security) A group of researchers showed that it's possible to craft ransomware aimed at compromising and fiddling with industrial control systems.

A New Type of Malware Can Lock Power Plant Computers For Ransom (Motherboard) For now, it’s just a lab experiment, but the researchers behind the first industrial control system ransomware believe it’s just a matter of time before criminals take note.

Sage 2.0 ransomware wants to be just like Cerber when it grows up (Graham Cluley) Same parents or pure mimicry?

Open Databases a Juicy Extortion Target (Threatpost) A sudden wave of attacks against insecure databases resulting in ransom demands points to wave of data hijacking attacks.

Tracking the Decline of Top Exploit Kits - TrendLabs Security Intelligence Blog (TrendLabs Security Intelligence Blog) The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. Angler, which has dominated the market since 2015, suddenly went silent. We tracked 3.4 million separate Angler attacks on our clients in the first quarter of 2016, and the rate...

PIP Printing Breach Exposes 400 GB of Highly Sensitive Data (eSecurity Planet) The exposed data ranges from former NFL players' Social Security numbers and medical information to confidential files from Hustler Hollywood stores.

Columbia Sportswear is investigating a cyber attack (Internet Retailer) Columbia Sportswear Co. is investigating an attack on one of its e-commerce sites.

Security Patches, Mitigations, and Software Updates

Microsoft Patch Tuesday Delayed (SANS Internet Storm Center) Microsoft delayed the release of all bulletins scheduled for today. Today was supposed to be the first month of Microsoft using its new update process, which meant that we would no longer see a bulletin summary, and patches would be released as monolithic updates vs. individually. It is possible that this change in process caused the delay.

Adobe Patches 13 Code Execution Vulnerabilities in Flash (Threatpost) Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle.

Updated Firmware Due for Serious TP-Link Router Vulnerabilities (Threatpost) A researcher disclosed vulnerabilities in TP-Link C2 and C20i routers that allow for remote code execution and denial-of-service attacks with authentication.

Cyber Trends

Verizon Data Breach Digest Triangulates Humanity Inside Security (Dark Reading) The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.

Study Reveals Americans Remain at Risk from “Cyber Confusion” Both at Home and in the Workplace (BusinessWire) Survey reveals that only 36 percent of Americans would be a customer of their own employer knowing what they know about their company’s cybersecurity practices

State of Cyber Security 2017 (ISACA) For the third year in a row, ISACA has surveyed security leaders worldwide to determine their insights and experiences with key cyber security issues, ranging from workforce challenges and opportunities to the emerging threat landscape.

The Sociology of Things: What will truly self-aware devices mean for us, and our data? (Computing) The Internet of Things: Business opportunity or dystopian menace? Peter Cochrane weighs in

Change In Corporate Mindset Needed To Combat Cyber Attacks (Forbes) Yahoo!’s announcement late last year that it had been victimized by not one but two separate data breaches was the Gettysburg of corporate cyber attacks – the biggest battle yet waged.

Marketplace

Convergence Technology Consulting acquires Baltimore cyber firm (Baltimore Business Journal) Columbia's Convergence Technology Consulting has acquired a Baltimore cybersecurity firm.

Marlin & Associates' client, QuoVadis agrees to be acquired by WISeKey (Bobsguide) We are pleased to announce another successful cybersecurity transaction on which Marlin & Associates has advised.

HALOCK Acquires Eclipsecurity (Yahoo! Finance) HALOCK ® Security Labs announced today they have acquired Eclipsecurity, an Information Security Consulting Services firm based ...

HPE Beefs Up Network Security With Niara Acquisition (Forbes) Hewlett Packard Enterprise (HPE) has been very busy since the separation of HP Inc. and HPE, doing spin-mergers, spin-outs and resetting for a much leaner and faster future.

Israeli cyber startup IntSights uncovers $15 million Series B (Geektime) Herzliya-based cyber security startup IntSights announced today the close of their Series B funding round, bringing in $15 million in new capital.

Skybox Security Continues Fast Growth as Enterprises Look to Platform Solutions for Cybersecurity Challenges (NewsMaker) Increased need for security operations, analytics and reporting (SOAR) solutions drove a 50 percent increase in billing and $10M+ sale

How FireEye Measures Up Against Competition (Investopedia) Disappointment sent the stock plummeting, but that could represent a bargain against rivals.

Ann Arbor's Duo Security 'creating a ton of jobs' in tech security (MLive.com) Dug Song is co-founder and chief executive officer of Duo Security and said 2016 was one of "exceptionally strong growth" for the company.

Are contractors worrying too much over GSA’s data rule? (Federal News Radio) Many government contractors are worried, fearful and in disbelief about the General Services Administration’s implementation of its Transactional Data Rule

Veering Off Topic With Rapid7 CEO Corey Thomas | Xconomy (Xconomy) It’s time to revive my ongoing series of executive interviews that take a bit of a left turn. Next up is Corey Thomas, president and CEO of Rapid7.

Netskope Named a 2017 Cybersecurity Excellence Award Winner (Yahoo! Finance) Netskope, the leader in cloud security, today announced that Netskope Cloud DLP has been named the overall winner in the Cybersecurity Product, Data Leakage Prevention category of the 2017 Cybersecurity Excellence Awards.

Cohen joins BitSight as CFO (PE Hub) BitSight said Feb. 13 that Brian Cohen joined the company as CFO, while Elizabeth Fischer was appointed General Counsel and Dave Fachetti was named Senior Vice President of Partnerships

NSFOCUS Names Jens Andreassen New Chief Operating Officer (Yahoo! Fnance) NSFOCUS, a global provider of intelligent hybrid DDoS defenses, today announced that Jens Andreassen has been named Chief Operating Officer, effective immediately. In his role at NSFOCUS, Andreassen will be responsible for launching new products and growing the company’s business outside of China – focusing

Products, Services, and Solutions

Security for your ears: recommended infosec podcasts (Virus Bulletin) "Don't waste your commute listening to pop music. Listen to infosec lectures and podcasts." Industry veteran Mikko Hyppönen recently shared some useful advice for those wanting to start a career in cybersecurity.

IBM built a voice assistant for cybersecurity (CNET) The tech giant has taken its Watson artificial intelligence software and created a voice assistant for it. The first use: cybersecurity.

Cisco launches “Umbrella”; a new cloud-based secure internet gatewayCisco launches "Umbrella"; a new cloud-based secure internet gateway (Tech2) Global networking giant Cisco on Monday launched “Umbrella”, a Cloud-based secure internet gateway that provides visibility and protection against threats wherever users work.

Money Guard Technologies and Keypasco Creates Cyber Security in GCC Region (Fintech Finance) Keypasco has now teamed up with the Dubai based company Money Guard Technology to cover the GCC region.

CrowdStrike Revamps Falcon Security Platform to Replace Legacy AV (eWeek) CrowdStrike separates legacy antivirus replacement technology from endpoint detection and response in a platform update.

Hillstone Network Announces Server Breach Detection System (Yahoo! Finance) Hillstone Networks, a leading provider of network security solutions, today launched Server Breach Detection System to complement its portfolio of network security solutions.

Telstra Partners with vArmour to Develop Security Foundation for Next-Generation Cloud Services (Yahoo! Finance) vArmour, the leading data center and cloud security company, today announced that it will undertake a technical and go-to-market collaboration with Telstra, Australia's largest telecommunications and media ...

Bitdefender Wins ‘Outstanding Product’ Award from AV-Comparatives (Newswire) Bitdefender Internet Security takes Gold in Real-World Protection

Anomali Adds Intelligence Capabilities to Help Organizations Defend Against Multibillion-Dollar Cyber Threats (Broadway World) Anomali Adds Intelligence Capabilities to Help Organizations Defend Against Multibillion-Dollar Cyber Threats

Gemalto launches new encryption solutions to protect data - The Economic Times (The Economic Times) The 100-Gbps "SafeNet High Speed Encryptor" provides unmatched performance and security to protect data and sensitive communications.

‘Paranoid’ Republicans flock to app that wipes conversations (Naked Security) But why has one particular app – Confide – become the messaging platform of choice for security-conscious politicians?

Cylance Outperforms Five Legacy AV Vendors in AV-TEST Study Featuring Side-by-Side Testing Against Unknown and Known Malware (BusinessWire) AV-TEST compares Cylance against five signature-based antivirus software suites; Results show Cylance with more than 97 percent efficacy against unknown threats versus a 42 percent average by legacy AV vendors

Making encrypted data visible - Enterprise Times (Enterprise Times) Gigamon adds new functionality to its GigaSECURE SSL/TLS Decryption solution to speed up traffic inspection and identify suspicious content.

Why Open Whisper Systems Is One Of The Most Innovative Companies Of 2017 (Fast Company) With its celebrated Signal protocol, the open-source encryption company is bringing secure communication to the masses.

Technologies, Techniques, and Standards

Breaking the cyber kill chain (ComputerWeekly) Traditional antivirus is no longer good enough for fileless malware attacks that don’t leave a trace.

Army takes strategic cyber capabilities to the tactical edge (C4ISRNET) The Army is continuing to integrate cyber and electronic warfare maneuver forces at the tactical edge.

Maryland Range Cybersecurity Training Facility to Open April 10 - American Security Today (American Security Today) Electronic Technology Associates (ETA) and Cyberbit have announced that the Maryland Range cybersecurity training and simulation center in Baltimore Maryland will open its doors on April 10, 2017.

Academia

Northrop Grumman Challenges Students to Fight Drones with Cyber Takedown (News Wise) Other than shooting it down, how can you stop an enemy drone from entering a protected zone?

Legislation, Policy and Regulation

Nation States Distancing Themselves from APTs (Threatpost) Increasingly, governments are outsourcing state-sponsored attacks to mitigate risk and maximize intelligence.

Microsoft calls for establishment of a digital Geneva Convention (TechCrunch) As the public grows more concerned with state-sponsored hacking, Microsoft is calling on tech companies to form a so-called "Digital Geneva Convention" by..

‘I feel like I have been buried alive’: families live in fear and isolation as Erdoğan leads a witch-hunt (Guardian) More than 125,000 people have been sacked on suspicion of links to a dissident cleric. Two teachers and a law student describe how this has affected them

Cybersecurity: Queen opens centre to protect against attacks (BBC News) The Queen is shown how hackers could target power supplies as she opens a centre to see off cyber attacks.

Flynn resigns amid controversy over Russia contacts (CNN) Embattled White House national security adviser Michael Flynn resigned Monday night, an abrupt end to a brief tenure.

White House declines to publicly defend embattled Flynn (Military Times) A top White House aide sidestepped repeated chances Sunday to publicly defend embattled national security adviser Michael Flynn following reports that he engaged in conversations with a Russian diplomat about U.S. sanctions before Trump's inauguration.

NSA so concerned over Donald Trump's ties to Russia they've 'withheld information from presidential briefings' (The Independent) A website that until very recently was published by Donald Trump's son-in-law has claimed that US spies are withholding their most sensitive intelligence from the White House.

Donald Trump's national security adviser is in trouble (The Independent) Donald Trump’s national security adviser has been reported to the National Security Agency over claims he violated the Foreign Agents Registration Act.

CIA freezes out top Flynn aide (POLITICO) The agency denied a security clearance for a key aide to the National Security Adviser — ratcheting up tensions between Flynn and the intel community.

Former NSA chief: Trump is "the president our nation needs" on cybersecurity (ZDNet) Retired Gen. Keith Alexander, who oversaw NSA during the Snowden leak, said he left the recent White House cybersecurity meeting impressed.

Synack CEO Says Pentagon Knows Cyber Security Importance (Bloomberg.com) Synack CEO Jay Kaplan discusses the importance of cyber security in the government and private sector with Caroline Hyde on "Bloomberg Technology." (Source: Bloomberg)

Gov. Terry McAuliffe: Governors must be first line of cyber-defense (East Bay Times) Virginia Gov. Terry McAuliffe argues that America’s governors, regardless of party, must join together to defeat cyber-attacks.

On cybersecurity, governors and legislators are overmatched and overconfident, panel says (StateScoop) In the neverending battle against cyberattacks, leaders must convene, communicate and forge long-term plans, a panel of experts agreed.

U.S. Army Introduces Cyber Fast Track for Civilians (SIGNAL Magazine) The U.S. Army is responding to the high demand for cyber experts with a new program that could let qualified civilians be commissioned directly into the service with a rank up to colonel.

Litigation, Investigation, and Enforcement

Top House Republican wants FBI 'assessment' on Trump-related leaks (Fox News) The Republican leadership of the House Intelligence Committee wants the FBI to do an assessment of recent media leaks that have revealed details of sensitive discussions involving key Trump administration officials.

SaaS-y security outfit CrowdStrike falls out of love with test lab (Register) Tries - and fails - to have court suppress review of its Falcon product

Hacker Who Blackmailed Dozens of Female Victims Gets 8 Years in Prison (BleepingComputer) A New Hampshire hacker will spend the next eight years of his life in prison after he hacked into the email and social media accounts of dozens of females, including ten minors, and harassed and extorted victims into sending sexually explicit photos.

JPMorgan Breach: New Witness Delays Trial Of Bitcoin Exchange Suspects - Dark Reading (Dark Reading) Trial proceedings of pastor Trevon Gross and Yuri Lebedev has been delayed; jury selection will take place Feb. 14.

Cyber Attacks: SEBI Questions NSDL’s Speed of Reporting 10th October Attack (Money Life) Cyber attacks and security issues are something that all technology-intensive companies have to be at war with, all the time.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, Feb 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid foundation for standardizing threat information. This large group of public and private sector organizations and companies are working together to advance the STIX/TAXII specifications in the OASIS Cyber Threat Intelligence Technical Committee. These specs have already dramatically streamlined the analysis of threat data. We invite cybersecurity experts and decision makers to be part of the conversation.

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, Feb 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training is being offered at a discounted rate of $795 (Normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop, implement and manage a robust Insider Threat Program / Working Group. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for Insider Threat Program Development Training.

Maritime & Port Security ISAO: Operationalizing Cyber Resilience (Cape Canaveral, Florida, USA, Feb 22 - 24, 2017) The Maritime & Port Security Information Sharing & Analysis Organization (MPS-ISAO) convenes its inaugural conference “Maritime & Port Cyber Resilience - Adding a New Layer of Cybersecurity” February 22-24, 2017 at the Global Situational Awareness Center at NASA/Kennedy Space Center, Florida.

Risky Business (London, England, UK, Feb 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can take to protect the best interests of your firm and your client.

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, Feb 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, Feb 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, Feb 27 - Mar 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

#RSAC2017 updates (and UnifyID is the winner in the Sandbox). Financial watering hole attacks recall Lazarus Group. ICS proof-of-concept hacks. Microsoft delays expected patches. M&A news. Norms of cyber conflict? Governments pursue deniability. Flynn out at US NSC.