The CyberWire Daily Briefing 2.24.17

Summary

By The CyberWire Staff

Every cryptographer who's been telling people to abandon SHA-1 can feel vindicated this week: Google announced the first successful collision attack against the algorithm.

TruSTAR looks at additional information on Grizzly Steppe the US Department of Homeland Security has released. They've found that its operators (by consensus Russian intelligence services) have much in common with the Carbanak gang, including not only code, but also command-and-control infrastructure. This isn't to say that the Russian government wasn't behind the Grizzly Steppe operations (see NSA Director Rogers's recent comments on this attribution) but it does suggest again the complexity of attribution. The Russian organs have long made effective use of criminal organizations, and this week Moscow revealed that its investment in cyber warfare and information operations has been larger than many defense intellectuals suspected.

Iran continues to probe Saudi targets in what is both a regional and an intra-Islamic competition. Cylance has an account of Disttrack, the destructive malware generally believed to be an Iranian product. Disttrack is more commonly known by its older name, Shamoon.

Bitfinex, a major Bitcoin exchange, was hit earlier this week by a significant denial-of-service attack. The disruption occured as Bitcoin's value was reaching new highs.

Yesterday, according to Reuters, parties familiar with the negotiations confirmed that about six months ago Symantec had been in preliminary talks to acquire FireEye. Those negotiations came to nothing; this particular acquisition is now said to be off the table.

A British subject has been arrested for last year's Deutsche Telekom hack.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Cambodia, Germany, Indonesia, Iran, Japan, Laos, Myanmar, Philippines, Russia, Saudi Arabia, United Kingdom, United States, and and Vietnam.

On the Podcast

In today's podcast we hear from our partners at Virginia Tech's Hume Center, as Charles Clancy discusses the implications of designating election systems as critical infrastructure. We'll also speak with our guest, AT&T's Jason Porter, on the IoT Alliance. And, of course, you can also listen to the special prognostication edition of our podcast, on which industry experts and editors covering the cyber beat give their take on security in 2017.

Sponsored Events

Hacking The Home (Fulton, MD, USA, February 26, 2017) DataTribe, a startup crucible for entrepreneurs, is sponsoring a February 2017 Hacking the Home contest. Teams will be competing to develop new product functionality, integrations, skills, and/or exploits around the growing ecosystem of home automation devices.

How to Invest Your 2017 Cyber Security Training Budget for Maximum ROI (Webinar, March 2, 2017) When it comes to securing an organization’s network, most stakeholders understand that cyber security education and training are not a luxury – they're a necessity. In this webinar we will discuss how best to spend those precious training dollars to get a solid return on investment.

2nd Annual Billington International CyberSecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building.

Selected Reading

Dateline

Security Products that Stole the Show at RSA 2017 (ReadITQuik) New products included machine-learning-based security, endpoint security, and data security

RSA Conference 2017: From Cryptography to Mysteries of the Universe (eWeek) This year’s RSA Conference drew over 43,000 people interested in the latest in security trends, products and services. Here are some highlights.

Cryptography experts cast doubt on AI's role in cybersecurity (SC Magazine US) An panel of esteemed cryptographers at RSA 2017 expressed doubt over artificial intelligence's applicability in the cybersecurity space, tossing cold water on what otherwise appeared to be a hot technology at the conference.

Researchers discover security problems under the hood of automobile apps (Ars Technica) Kaspersky researchers find Android apps for connected cars soft targets for hackers.

Millions of Smart Cars Vulnerable Due to Insecure Android Apps (BleepingComputer) After testing seven Android apps from seven popular car makers, security experts from Kaspersky Lab concluded that many of these mobile applications contain basic security flaws that could facilitate the theft of modern, connected cars.

Insecure car-controlling Android apps are a boon for car thieves (Help Net Security) It's only a matter of time until car thieves take advantage of insecure car-controlling Android apps, Kaspersky Lab researchers warn.

Connected Car: Start Thinking Security (ISS Source) A connected car, or a car equipped with Internet access, has been gaining popularity for the last several years.

Sure, you might have bought the car, but does someone else control it? (Naked Security) A researcher who was able to control his so-called ‘smart’ car three years after he sold it raises concerns about secondhand IoT devices

IBM Reveals Security Risks to Owners of Previously Owned IoT Devices (eWeek) VIDEO: Charles Henderson, global head of X-Force Red at IBM Security, details previously undisclosed threats from IoT device management flaws.

Observations from the 2017 RSA Security Conference (Control Global) The 2017 RSA Security Conference had more discussions of ICS cyber security which is important as RSA is the mainstream of cyber security.

RSA and the expanding hole in cybersecurity (ZDNet) The recent RSA conference drew more than 43,000 people — a record number as the cybersecurity hole continues to widen with new exploits.

Results of the rogue Access Point experiment at RSA Conference 2017 (Help Net Security) Researchers managed to trick 4,499 Wi-Fi clients into connecting to their rogue AP at RSA Conference 2017 in San Francisco.

Securing Data Beyond 'The Walled Garden' (GovInfoSecurity) Emerging insider threats have quickly proven that the proverbial "walled garden" is not so walled after all, and without true end-to-end encryption,

Global geopolitical changes driving encryption adoption (Help Net Security) Recent geopolitical changes have made people and organizations worry about the privacy of their data, and consider increasing their use of encryption.

Why the private sector shouldn't rely on feds for cybersecurity -- FCW (FCW) Despite cybersecurity policy advances, former DHS officials say the private sector should not expect much help from the government with hacks and breaches.

Law Enforcement At RSAC: Collaboration Is Key To Online Crime Fighting (Dark Reading) Agencies and investigators are reaching out across jurisdictions and international borders to vanquish spammers, botnet operators, and worse.

Naked Security named most educational blog at RSA 2017 Blogger Awards (Naked Security) Thank you to those of you who voted for us – we’re thrilled with the award

Cyber Attacks, Threats, and Vulnerabilities

Google Announces First-Ever SHA1 Collision Attack (BleepingComputer) The SHA1 (Secure Hash Algorithm 1) cryptographic hash function is now officially dead and useless, after Google announced today the first ever successful collision attack.

Bang! SHA-1 collides at 38762cf7f55934b34d179ae6a4c80cadccbb7f0a (Naked Security) Remember how experts have been saying, “Drop SHA-1” for years and years? Now they’re saying, “Told you so.”

Grizzly Steppe and Carbanak: the Potential Danger of Miscalculation in Cyberspace (LinkedIn) Hats off to the Department of Homeland Security (DHS) for releasing additional information on Grizzly Steppe - detailing Russian intelligence services’ efforts to influence last fall's U.S. election. DHS added significant technical detail to a December 2016 Joint Analysis Report that security experts criticized for lacking actionable information.

Threat Spotlight: Disttrack Malware (Cylance Blog) Disttrack is a destructive worm that targets a system’s master boot record (MBR). It has been targeting Saudi Arabia’s critical infrastructure. Threat Guidance delves into the inner workings of this malware to learn how it carries out its destructive goals.

Iran Renews Destructive Cyber Attacks on Saudi Arabia (Washington Free Beacon) After a four-year hiatus, Iran recently resumed destructive cyber attacks against Saudi Arabia in what U.S. officials say is part of a long-term strategy by Tehran to take over the oil-rich kingdom a

Cyber crooks' latest tricks for targeting Chrome users (Help Net Security) Chrome users have lately been targeted with a few unusual tricks aimed at delivering malware, malicious extensions, and pushing scam attempts.

Get Ready For Your Computer To Be Taken Hostage (Fast Company) Ransomware attacks have more than doubled in the past year, and small businesses are especially at risk.

Bitcoin Trader Hit By "Severe DDoS Attack" as Bitcoin Price Nears All-Time High (BleepingComputer) Top Bitcoin trading platform Bitfinex was hit yesterday late night by what its experts categorized as a "severe DDoS attack."

Latest Huawei Security Advisory Highlights a Privilege Elevation Vulnerability (xda-developers) Huawei has just announced a new vulnerability that is currently possible on both the Huawei Honor 7 and the Huawei Mate S. This is said to be a privilege elevation vulnerability that is possible thanks to an arbitrary file upload in Huawei Themes. The vulnerability already has an update ready to fix it and devices

Google Shines Light On Corporate Gmail Threats (Dark Reading) New data highlights the diversity of security threats putting corporate Gmail inboxes at risk.

Sunny with a chance of stolen credentials: Malicious weather app found on Google Play (WeLiveSecurity) ESET has spotted a new banking malware on Google Play. Disguised as a weather forecast app, it steals banking credentials and locks screens.

Ebay messages, account info, and user activity not secured with HTTPS (Comparitech) Ebay lacks encryption on several less critical, but still sensitive pages. This could run afowl of laws protecting customer privacy.

80% Of Web Applications Contain At Least One Security Bug (Dark Reading) Study by Contrast Security finds an average of 45 vulnerabilities per Web application.

Charging Smartphone in Public Ports Leads to Data Hack --- So Let's Stop (HackRead) A smartphone with a low battery is a real problem, especially when you are on the go. In such scenario, finding a USB port installed somewhere or charging

Blundering Boeing bod blabbed spreadsheet of 36,000 coworkers' personal details in email (Register) Its own security software could have stopped data exposure

Hackers spam Counter-Strike: Global Offensive to spotlight security flaws (Naked Security) Spamming CS:GO game lobbies might be good at getting attention, but is it the right tactic?

Gun Retailer Airsoft GI's Forum Hacked; 65,000 User Accounts Leaked (HackRead) A hacker is claiming to have hacked the official web forum of a gun retailer Airsoft GI and uploaded its data on Dropbox earlier today. The hacker who want

Bingham County Recovering From Cyber Attack (KPVI) Bingham County’s website is back up after last week's cyber-attack.

Exploit Kit-Based Attacks Decline Dramatically (Dark Reading) But it's too soon to call this downward trend a permanent shift, experts say.

A guided tour of the cybercrime underground (Terrorism Watch) The Petya ransomware makes a computer unusable until a ransom is paid One of the strange features of cybercrime is how much of it is ...

How Every Cyber Attack Works - A Full List (Heimdal Security Blog) Here's an full list with explanations about (almost) every type of cyber attack out there.

#TEISS: The Jigsaw Effect - How Hackers Groom Your Staff (Infosecurity Magazine) Our actions on the internet, mainly our social networking activity, can put both us as individuals and our organization at risk

Security Patches, Mitigations, and Software Updates

Linux Project Patches 11-Year-Old Security Flaw That Gives Attackers Root Access (BleepingComputer) The Linux team has patched a security flaw in the Linux kernel that can be exploited to gain root-level code execution rights from a low-privileged process.

Impact of New Linux Kernel DCCP Vulnerability Limited (Threatpost) Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks.

Malwarebytes 3.0.6 update fixes issues (gHacks Technology News) Malwarebytes released a preview version of an update for the current release version Malwarebytes 3.0.6 that may fix issues users are experiencing.

Adobe unveils cloud-based digital signature built on an open standard - Help Net Security (Help Net Security) Building on the work of the Cloud Signature Consortium, Adobe unveiled the first cloud-based digital signature built on an open standard.

Preparing Security For Windows 7 End-Of-Life Support (Dark Reading) Moving to Microsoft's latest OS may give you flashbacks to when XP support ended.

Removing admin rights mitigates most critical Microsoft vulnerabilities (Help Net Security) An overwhelming majority of all critical Microsoft vulnerabilities reported in 2016 can be mitigated by simply removing admin rights across an organization.

Cyber Trends

Symantec Bares Risks To Firms in the Cloud (CIO Today) Symaantec Corp. said risks remain high as enterprises embrace cloud applications and infrastructure at an unparalleled rate.

How people-based actions put critical data at risk (Help Net Security) While 80% believe it's important to understand the behaviors of people as they interact with critical business data, only 32% are able to do so effectively.

Healthcare data breaches ‘mostly caused by insiders’ (Naked Security) With an average of one data breach a day and patchy security practises, healthcare organizations are sitting targets for hackers

Biggest limiting factors to universal adoption of connected devices (Help Net Security) 60% of respondents consider standardization and interoperability when it comes to purchasing connected devices, cybersecurity concerns, and innovation.

Balancing The Risk & Promise Of The Internet Of Things (Dark Reading) You can't defend against something you don't understand. So make sure you consider IoT's risks before embracing its functionality.

Marketplace

Are Cyber Lawyers Poised to Play Bigger Role in M&A? (Bloomberg Law) While speaking at a conference in Texas last month, Vinson & Elkins partner Devika Kornbacher asked two in-house lawyers who specialize in privacy law whether they sit at the table when their companies participate in M&A deals. They said no.

Cyber insurance ‘held back’ by lack of data (Financial Times) Fast-growing sector still fails to fulfil potential, Deloitte report says

Organizations Spending Big on Cybersecurity (Infosecurity Magazine) Digitization of healthcare records contributing to data security risks.

Symantec sought to buy FireEye, talks end with no deal: sources (Reuters) Security software provider Symantec Corp held talks to acquire FireEye Inc about six months ago, but is not currently pursuing a deal with the cyber security company, people familiar with the matter said on Thursday.

Verizon deal: Breaches discount Yahoo 350 million below original price (SC Magazine UK) After nearly a year of negotiations and the disclosure of two of the largest breaches ever reported, Verizon and Yahoo have finally come to a deal with Yahoo being discounted by a hefty sum.

Company says it could protect missiles from cyber attacks (Great Falls Tribune) Northrop Grumman Corp. hopes to win contract to modernize missile defense system

Domo Joins Cloud Security Alliance to Promote the Use of Best Practices for Security in the Cloud (Marketwired) Domo, provider of The Business Cloud -- the world's first business optimization platform -- today announced that it has joined the Cloud Security Alliance (CSA).

Products, Services, and Solutions

New infosec products of the week: February 24, 2017 (Help Net Security) New infosec products for this week of February include products from Cisco, Avnet, ManageEngine, RES and Rohde & Schwarz Cybersecurity.

Passages: Secure virtual browser for malware isolation (Help Net Security) Passages is a secure virtual browser that provides complete protection from web-based attacks. Mac or Windows, everything the user does is protected.

Vanguard Integrity Professionals Announce Vanguard Administrator™ Helping To Reduce The Chance Of Security Breach (Yahoo! Finance) Vanguard Integrity Professionals is pleased to announce the immediate availability of its Vanguard Administrator solution available across its enterprise-wide ...

Akamai Fortifies Web Security Solutions Portfolio - PCQuest (PCQuest) Akamai Technologies, Inc. unveils a new product, Web Application Protector, as well as added new capabilities to its existing Kona Site Defender solution.

Publisher unveils four security and anti-virus titles. (FileHippo) Security and anti-virus publisher Avast, has revealed its latest programs in the on-going war against the internet’s bad guys. Its line-up for 2017 includes: Avast Free Antivirus; Avast Pro Antivirus; Avast Internet Security; and Avast Premier.

IBM, Visa partner to enable secure payments via IoT devices (Networks Asia) IBM and Visa Inc. have collaborated to bring the point of sale everywhere Visa is accepted, by allowing businesses to quickly introduce secure payment experiences for any device connected to the Internet of Things (IoT).

Hillstone launches server breach detection system | Networks Asia (Networks Asia) Hillstone Networks has launched Server Breach Detection System (sBDS) to complement its portfolio of network security solutions.

8 Valuable Security Certifications For 2017 (Dark Reading) A security credential could be the step towards your next job title. But which one to get?

Microsoft’s Security Tools Disappoint in Latest Antivirus Tests (Softpedia) MSE and Microsoft MSRT at the bottom of the pack

Cellebrite Announces that their Advanced Investigative Team can now bypass Apple's Security & Encryption for iPhone 6 Plus (Patently Apple) The news broke yesterday from Cellebrite's Israeli team that they can now lawfully unlock and perform evidence extraction from Apple's iPhone iPhone 6 Plus ....

Procera Networks and Brocade announce joint QoE offering - VanillaPlus - The global voice of Telecoms IT (VanillaPlus - The global voice of Telecoms IT) Procera Networks and Brocade have announced a system that combines Brocade’s Envision Fabric visibility product line with Procera’s eVolution Virtual Exper

Technologies, Techniques, and Standards

Military still working out 'effectiveness' of cyber tools (C4ISRNET) While the effects of a missile are well-known, the employment of a cyber tool is still not fully understood.

Cloud-based databases need new approaches to ensure data security (Help Net Security) Interest and adoption of cloud-based databases is ramping up as more companies see the value of moving from traditional on-premise IT infrastructures.

Reaching the cybersecurity tipping point (Network World) Are you creating conditions that lead employees toward their cybersecurity tipping point—to committing to solid security and privacy practices?

#TEISS: How to Make Cybersec Awareness Training Stick (Infosecurity Magazine) Professor Angela Sasse on how companies can make cybersecurity awareness training resonate better with their employees

Key obstacles to digital transformation and data privacy compliance (Help Net Security) To stay relevant, companies are starting to transform their digital environment to improve collaboration and information sharing.

Which countermeasures improve security and which are a waste of money? (Help Net Security) If you want to know about effective security countermeasures, ask a hacker. And that's just what Nuix researchers did during DEF CON.

Serenity Now! A better way to malware analysis. (Cisco Blogs) Over the last half decade the term sandboxing has become so pervasive, many customers I speak to have forgotten what it’s for!

How to scrub your private data from 'people finder' sites (InfoWorld) The internet has your number—among many other deets. Prevent identity theft and doxxing by erasing yourself from aggregator sites like Spokeo and PeekYou

A Look Into Cyber Security (G Treasury) For organizations today, cyber security stands as a top priority to keep their information and systems safe from theft, damages, or disruptions. Within the fin…

4 simple steps to stop a cyber thief (St. Charles Herald-Guide) First National Bank USA is urging consumers to take an active role in protecting their data as its first priority to protect its customers money and their financial data.

Design and Innovation

Here's why self-driving cars may never really be self-driving (Computerworld) Even as self-driving car technology quickly evolves, technologists and lawmakers are still grappling with a big problem: In the event of an accident, who's to blame?

Don’t trust Facebook’s shifting line on controversy (TechCrunch) Would you tell Facebook you're happy to see all the bared flesh it can show you? And that the more gratuitous violence it pumps into your News Feed the..

The ‘Rules of the Internet’ Reflect an Online Wild West That’s Fading Away - Motherboard (Motherboard) "If it exists, there is porn of it. No exceptions."

Academia

Cyber-program students set for ‘capture the flag’ coding contest (The Times of Israel) Rashi Foundation’s Magshimim program aims to nurture the next generation of tech leaders from Israel’s periphery

ZeroChaos Cybersecurity Lab to Open at Bethany College (Yahoo! Finance) ZeroChaos, a global provider of workforce management solutions, today announced the opening of the ZeroChaos Cybersecurity Lab in Fall 2017 on the campus of Bethany College in Bethany, West Virginia.

Legislation, Policy and Regulation

Japan-ASEAN Cyber Cooperation in the Spotlight (The Diplomat) News of a new training program highlights Tokyo’s important and growing role as an ASEAN partner in the cyber realm.

Russian military admits significant cyber-war effort (BBC News) Country's defence minister admits the presence of a powerful military team focused on controlling information.

Russia mobilises an elite band of cyber warriors (Financial Times) Since the 2015 hack of France’s TV5Monde, the Kremlin-backed APT 28 has become bolder in its choice of targets

Cyber Proxies: A Central Tenet of Russia’s Hybrid Warfare (Cipher Brief) Cyber operations remain at the forefront of confrontations between the West and Moscow as relations between them continue to deteriorate.

Pentagon mulling split of NSA, Cyber Command (TheHill) Right now, the two organizations share a leader — but the bew era of cyber warfare might change that.

Cyber Command Chief Aims To Delegate Offensive Warfare (Defense Daily Network) The head of U.S. Cyber Command is trying to push offensive cyber warfare down to the “operational tactical level” in the next five to 10 years.“Offensive c

Navy opens new 'digital warfare' office, aiming to exploit advances in data science (FederalNewsRadio.com) The Navy has just stood up a new “digital warfare” office, prompted by the notion that the service is awash in valuable, but largely untapped data.

Cybersecurity Must Take Front and Center National Attention, Experts Say (SIGNAL Magazine) Cybersecurity can no longer be viewed as a technology-only problem and segmented into stovepipes where the U.S. Defense Department carries out one set of tasks; the civilian government another; and industry does its own thing, said Adm. Michael Rogers, USN, director of the NSA and commander of U.S. Cyber Command.

Experts: Trump to follow Obama’s lead on cyber policy (Fedscoop) This article first appeared on CyberScoop. In cybersecurity policy, if in nothing else, there is likely to be a great deal of continuity between the Trump presidency and its predecessor, scholars and executives said Wednesday…

Trump gets mixed reviews on cybersecurity, one month in (SC Magazine US) The administration has hinted at cybersecurity policy, but no definitive strategy has emerged.

Lawmakers set to overturn broadband privacy rules, as ISPs requested (Naked Security) Congress is preparing to overturn rules that require ISPs to get customers to opt in before selling data

Meet the Perfect Privacy Regulator (Bloomberg BNA) The traits of the most effective data privacy regulators share are a commitment to promoting education and awareness, consistent regulation and exercising discretion and good judgment, according to a report issued by the U.S. Chamber of Commerce and Hunton & Williams LLP.

Litigation, Investigation, and Enforcement

NSA Head: Russian Interference in U.S. Election, ‘Hey, This Happened’ (USNI News) The head of the National Security Agency reiterated that Russia engaged in cyber actions to influence the result of the U.S. presidential election and the Moscow-directed interference is changing the way the NSA thinks about U.S. infrastructure.

White House advisor Priebus asked FBI to dispute Russia reports (CNBC) Reince Priebus asked the FBI to dispute reports that President Donald Trump's advisers were in touch with Russian intelligence during the election.

Border agents could be forced to get a warrant before searching devices (Naked Security) Senator warns that border agents’ ‘digital dragnets’ are distracting them from actual threats

Suspected Deutsche Telekom router hacker arrested (Help Net Security) A 29-year-old British national, believed to be the hacker behind last November's hijacking attempt of Deutsche Telekom users' routers, was arrested.

Convicted TalkTalk Blackmailer Warns Young Hackers About Falling Into Crime (Motherboard) Daniel Kelley had an interest in computers, but says there were not many opportunities for him to develop it.

Hillary Clinton Listed as ‘Insider Threat’ in DOD Security PowerPoint (IJR - Independent Journal Review) "No wonder it took a lawsuit..."

He left the Army in 2013. Three years later, feds say, he was plotting to help ISIS. (Washington Post) After his discharge, Robert Hester of Missouri was ready to strike a military base or a civilian target in support of ISIS, court documents say.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers, Automotive insurance companies, and automotive cyber security experts to address government regulations developing trends, Automotive cyber security standards, updated vulnerabilities, “Black Hat” behaviour motivations, State-of-the-Art technology solutions, critical cyber security challenges and collaboration initiatives; Help you to understand tailored smart car cyber security products and solutions, build up a set of effective cyber security management system and improve the capability of protecting smart cars. This second to non Automotive cyber security industry event will assure you to understand China Automotive cyber security industry business opportunities, network with China local customers and consolidate your worldwide leadership.

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

#RSAC2017: moderation beneath the enthusiasm? Connected cars. SHA-1 successfully attacked. Grizzly Steppe looks a bit like Carbanak. Shamoon/Disttrack notes. Bitfinex suffers DDoS attack. No acquisition, yet, of FireEye.