#RSAC2017: threat intelligence, the IoT, and what to do with them. Cloudflare fixes Cloudbleed, but mop-up remains to be done. Spora ransomware is "ruthless," and TrumpLocker is just VenusLocker in disguise. Updates on the Moscow treason trials. How did the FBI get into the San Bernardino killer's iPhone?
RSA 2017
We conclude our coverage of RSA with links to articles offering some reflections on the trends in evidence at the security industry's leading annual conference. The CyberWire has two articles today from the conference. In one, we gather some perspectives on the value of threat intelligence and how it can be made useful to an enterprise's defenses. In the other, we talk with companies involved with the risks and opportunities presented by the Internet-of-things.
Late last Thursday Google's Project Zero disclosed that Cloudflare (a major provider of a content delivery network, Internet security services, and distributed domain name server services) was leaking sensitive information online. The company has patched the memory leak bug responsible (the flaw is being called "Cloudbleed") and stresses that the problem with its caching infrastructure affected a relatively small set of the websites that use their DNS service.
Bitsight explains on its blog that Cloudflare's problems arose from an error in parsing logic that could lead to a buffer overrun that would output uninitialized memory content onto affected web pages. The websites potentially affected by Cloudbleed were those that had either email obfuscation, server-side excludes, or automatic HTTPS rewrites enabled.
Since popular services (said to include Uber, Fitbit, OK Cupid, and Patreon) use Cloudflare and since data have been leaking for some time, many researchers are advising users to assume their credentials have been exposed, and, of course, to change them.
Ransomware and DDoS remain fixtures of the threat landscape. F-Secure describes the "ruthlessness" of Spora ransomware's controllers. New "TrumpLocker" ransomware turns out to be VenusLocker in disguise.
In the ongoing Moscow cyber-treason trial, it emerges that one of the defendants, Ruslan Stoyanov, is accused of passing state secrets to US companies, notably to Verisign's iDefense cybercrime unit. The accusations date back to 2010, and were leveled by the Russian online payment company ChronoPay.
The FBI is being asked, again, how it gained access to the San Bernardino jihadist's iPhone.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Azerbaijan, China, Germany, Iran, Israel, Kazakhstan, Kyrgyz Republic, Mexico, Netherlands, Pakistan, Russia, Tajikistan, Turkey, Turkmenistan, United Kingdom, United States, and and Uzbekistan.
In today's podcast, we hear from Ben Yelin, of our partners at the University of Maryland's Center for Health and Homeland Security. He talks us through the US Administration's current hiring freeze, and its effect on students in cyber security programs.
It's not too late to listen to our special 2017 prognostication edition, in which we talk to experts and even editors about where they see cyber security headed this year.
San Francisco: adios, RSA 2017
The Best of RSA Conference 2017 (BankInfo Security) Our objective, as the industry’s largest global media organization, is to bring you the most important bits from the conference, whether you attended the event or
Salted Hash: RSAC 2017 Recap (CSO Online) Last week, Salted Hash was in California for the annual RSA Conference in San Francisco. The week was full of drama between the testing labs and endpoint protection firms, but aside from that we managed to have a few interesting conversations, here's a quick recap.
Awards, Product Launches, and More: Recap of RSA Conference 2017 (Recorded Future) At RSA Conference 2017 we met hundreds of you in the exhibit hall and launched exciting new aspects to our product. Let's recap last week's highlights.
Threat Intelligence: Use Cases, War Stories, and ROI (The CyberWire) Discussions with leading providers of threat intelligence on what they provide and how their customers use it, with some notes on the DNC hack.
The Internet of Awkward Things (The CyberWire) What security companies make of the risks posed by the Internet-of-things, with some calls for proportion and an optimistic outlook.
Passages: Secure virtual browser for malware isolation (Help Net Security) Passages is a secure virtual browser that provides complete protection from web-based attacks. Mac or Windows, everything the user does is protected.
Discover, catalog and protect all your apps (Help Net Security) Jason Kent from Qualys talks about how organizations are having lots of difficulty identifying the problems in their app infrastructure.
Blockchain's New Role In The Internet of Things (Dark Reading) With next gen 'distributed consensus' algorithms that combine both security and performance, organizations can defend against DDoS attacks, even those that leverage IoT devices
Cyber Attacks, Threats, and Vulnerabilities
Bleeding clouds: Cloudflare server errors blamed for leaked customer data (CSO Online) While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials. Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.
Major Cloudflare bug leaked sensitive data from customers’ websites (TechCrunch) Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from..
Cloudbleed: Which Websites Are Affected By The Cloudflare Bug? (LifeHacker) Last week we found out about Cloudbleed, a bug on Cloudflare services that resulted in data leakage from a number of websites. Here's a list of websites...
Cloudbleed: Breakdown of Cloudflare's Memory Leak (BitSight) Cloudflare announced a serious bug in its caching infrastructure that caused uninitialized memory to be printed on a number of customers’ websites.
Google Search Results Still Expose Sensitive Data Leaked by ‘CloudBleed’ Bug (Motherboard) Despite helping fix the bug, Google hasn’t cleaned up all the exposed leaked data from its search results.
What You Need to Do About the Massive Cloudflare Data Leak (Motherboard) Millions of websites may have been affected by Cloudbleed. Here’s what you should do to keep your accounts safe.
Cloudflare data leak...what does it mean to me? (SANS Internet Storm Center) The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed.
Russia Top Source Of Nefarious Internet Traffic (Dark Reading) Honeypot research from F-Secure shows majority of illicit online activity coming from IP addresses in Russia - also where ransomware is a hot commodity.
From Russia With Malware: "Boris" and "Natasha" (Wapack Labs) Wapack Labs research has revealed an association between the author of the BlackEnergy malware and ZORSecurity: one of the Russian companie...
Extensive Breach at Intl Airport (MacKeeper) In what should be considered a complete compromise of network integrity, New York’s Stewart International Airport was recently found exposing 760 gigs of backup data to the public internet. No password. No username. No authentication whatsoever.
SHA1 Collision Attack Makes Its First Victim: Subversion Repositories (BleepingComputer) It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday.
Linus Torvalds rejected security warnings about SHA1 in 2005 (Computing) Free software evangelist John Gilmore to Torvalds in 2005: "SHA1 has been broken..."
World's Largest Spam Botnet Adds DDoS Feature (BleepingComputer) Necurs, the world's largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks.
Expect many more 300Gbps DDoS attacks (My B roadband) Akamai has released its Q4 2016 State of the Internet Security Report, which shows a dramatic increase in the number of DDoS attacks greater than 100Gbps.
Timeline of Mirai: the Internet of Things botnet (ComputerworldUK) Since its mid-2016 discovery, Mirai has evolved to become one of the most powerful security threats
0.2 BTC Strikes Back, Now Attacking MySQL Databases (GuardiCore) Last week we first tweeted that the GuardiCore Global Sensor Network (GGSN) has detected a wide ransomware attack targeting MySQL databases. The attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers. Similarly to the MongoDB attacks, owners are instructed to pay a 0.2 Bitcoin ransom (approx. …
4 Cybersecurity Risks We’ll Face With WhatsApp Status (Panda Security Mediacenter) Panda Security has detected a few potential risks that all users of this new version of WhatsApp Status should recognize.
Someone Is Selling Coachella User Accounts on the Dark Web (Motherboard) If you're a fan of flower headdresses, watch out.
Macs Feel More Crypto-Locker Ransomware Love (BankInfo Security) New ransomware circulating via BitTorrent is disguised as software that purports to allow Mac users to crack popular Adobe and Microsoft applications. Separately, new ransomware calling itself Trump Locker appears to be the previously spotted VenusLocker ransomware in disguise.
Ransomware 'customer support' chat reveals criminals' ruthlessness (CSO Online) Finnish security vendor F-Secure released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. The transcripts give a whole new meaning to tech support.
The Evolution of Ransomware: Part 2 (Security Week) For most, ransomware attacks are the byproduct of uninformed users opening malicious attachments sent by devious and anonymous criminals.
Dynamite Phishing (SANS Internet Storm Center) Last week I ran across a very successful phishing campaign, what’s odd in most ways it was nothing special. The attacker was using this more like a worm, where stolen credentials would be used within the hour to start sending out a mass amount of more phishes. I've decided to call this "Dynamite Phishing" because there is nothing quiet about this at all.
Movie night? Nope. It's a fake iTunes receipt from phishers targeting Apple users (Graham Cluley) Beware fake iTunes receipts for movies you haven't purchased. When you try to dispute the purchase, you might find you're handing online criminals your personal information.
Twitter users, do you know who’s spying on your web-surfing habits? (Naked Security) Researchers have shown that’s it’s possible to de-anonymise Twitter users and track them around the web
Survey: Most Attackers Need Less Than 12 Hours To Break In (Dark Reading) A Nuix study of DEFCON pen testers shows that the usual security controls are of little use against a determined intruder
Number of people hit by professional financial cyber attack grows after lull (ComputerWeekly) Kaspersky Labs reports that the number of people hit by financial cyber attack grew in 2016 after falling in the previous two years.
Fraud rises as cybercriminals flock to online lenders (CIO) The latest quarterly ThreatMetrix Cybercrime Report shows 1 million cyberattacks targeted online lending transactions throughout 2016, causing estimated losses of more than $10 billion.
Understanding and Combating the Evolving Attack Chain (Security Week) Adversaries continue to find new ways to operate, using varied techniques to accomplish their mission. And, unless you remain informed about these changes, it’s hard to defend against these evolving threats.
Hacker Group Defaces Hundreds of Websites After Hacking UK Hosting Firm (BleepingComputer) A hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster.
Cyber Trends
How IoT initiatives impact the IT infrastructure (Help Net Security) Internet of Things (IoT) infrastructure spending is making inroads into enterprise IT budgets across a diverse set of industry verticals.
IaaS: The Next Chapter In Cloud Security (Dark Reading) Organizations adopting IaaS must update their approach to security by using the shared responsibility model.
Cyber isn’t all that special, says NSA chief (C4ISRNET) The head of Cyber Command has warned against putting cyber on a pedestal.
NSA Deputy Director: Why I Spent the Last 40 Years In National Security (Time) In 1977 I was finishing my sophomore year of college, working two jobs to put myself through school, and thought, “There has to be a better way.” So I enlisted in the U.S. Army as a Signals Intelligence/Electronic Warfare Morse Intercept Operator, which didn’t tell me much but would let me earn money toward college through the GI Bill.
Ponemon Study Finds Cybersecurity Lacking In Oil & Gas Industries (Information Security Buzz) Ponemon has published research that looks at the state of cyber security, particularly in the Oil and Gas industry. Edgard Capdevielle, CEO at Nozomi commented below. Edgard Capdevielle, CEO at Nozomi Networks: “While the oil and gas industries aim to make improvements to their cyber security risk posture, it’s not straight forward and this recent …
Cyber attacks against financial services cost consumers £8bn in 2016, research reveals (The Telegraph) Online financial services and lending companies are increasingly being targeted by fraudsters and costing consumers millions of pounds around the world last year alone, according to research.
Marketplace
Demystifying cyber insurance (DU Press) Organizations continue to invest heavily in cybersecurity efforts to safeguard themselves against threats, but far fewer have signed on for cyber insurance to protect their firms afteran attack. Why not? What roadblocks exist, and what steps could the industry take to help clear them?
Security Awareness Training to Explode in Next 10 Years (Infosecurity Magazine) Fortune 500 and Global 2000 corporations will consider security awareness training as ‘fundamental’ to their cyber-defense strategies by 2021.
20 Cybersecurity Startups To Watch In 2017 (Dark Reading) VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.
Microsoft Wants Tech Industry to Tackle $3 Trillion Problem (The Motley Fool) Security breaches have gone beyond individuals and even companies to become a huge global issue.
Cisco's John Chambers Bets on Google and Citi-Backed Voice Security Startup (Fortune) He has invested and joined the board.
Peter Thiel’s Palantir Spreads Its Tentacles Throughout Europe (Bloomberg) The $20 billion data mining startup tripled revenue in Europe and plans to keep expanding there.
Palantir was dumped by key cybersecurity client Home Depot (CNBC) A handful of blue chip company have "raised doubts about (Palantir's) usefulness" Palantir, BuzzFeed reports.
These five Dutch cyber companies are in Maryland to learn, establish U.S. presence (Baltimore Business Journal) Five Dutch cyber companies have "soft landed" in Maryland and are staying through the end of March as part of a cooperative program between The Netherlands and the Maryland Department of Commerce.
U.S. Air Force Awards $875 Million for Cryptography and Information Assurance (SIGNAL Magazine) General Dynamics Mission Systems, Scottsdale, Arizona (FA8307-17-D-0006); Harris Corp., Rochester, New York (FA8307-17-D-0007); L-3 Systems Corp., Camden, New Jersey (FA8307-17-D-0008); Leidos Inc., Columbia, Maryland (FA8307-17-D-0009); Raytheon, El Segundo, California (FA8307-17-D-0010); Sypris Electronics LLC, Tampa, Florida (FA8307-17-D-0011); and ViaSat Inc., Carlsbad, California (FA8307-17-D-0012) have been awarded a combined not-to-exceed $875 million indefinite-delivery/indefinite-quantity contract.
Malwarebytes teams up with Cybersecurity Factory - Malwarebytes Labs (Malwarebytes Labs) Malwarebytes is proud to support Cybersecurity Factory, a 10-week summer program for early-stage cybersecurity companies.
Virginia Expands Cybersecurity Training for Veterans in Bid to Fill Vacant Positions Statewide (Government Technology) Two new VetSuccess Immersion Academies from the SANS Institute will augment the Cyber Vets Virginia initiative announced in November.
'Don't let them hack us': Here's what it's like working as the CIO for Elon Musk at SpaceX (Business Insider Australia) From Zip2 to Paypal, Tesla and SpaceX, Elon Musk’s businesses have revolutionised their industries.
Products, Services, and Solutions
Telstra to build Australia's first national internet of things network (CRN Australia) Also improving optical network.
Cisco helps businesses eliminate performance and protection trade-offs with next-generation firewall for the internet edge (Al Bawaba) Cisco helps businesses eliminate performance and protection trade-offs with next-generation firewall for the internet edge
Microsoft protecting Mexican people with new cybersecurity center (BetaNews) With all of the talk about border walls and immigration in the news lately, something very important sometimes gets forgotten in the discussion -- Mexicans are people. In other words, these folks are just as important as anyone else; they are not statistics. The same goes for everyone regardless of skin color, religion, region, or country. All humans matter.
Amid cyberattacks, ISPs try to clean up the internet (CSO Online) If your computer’s been hacked, Dale Drew might actually know about it. His company, Level 3 Communications, is a major internet backbone provider and routinely on the lookout for cyberattacks on the network level. From what they can tell, there’s a staggering 178 million IP addresses out there associated with malicious activity.
The Sixth Flag Announces Windows 10 Experience as part of Enterprise Offering (Sixth Flag) Windows 10 Experience VDI is now available for customers as a part of a series of enterprise features that the company will roll out during the first half of 2017.
Digital Defense, Inc. Highlighted on Managed Security 100 and MSP 500 (PRWeb) Cybersecurity company top ranked for cutting edge approach to delivering managed services
Carbon Black: It's Time For Next-Gen Endpoint Security (Silicon UK) Carbon Black believes now is the time to move on from traditional antivirus (AV) software and embrace the next generation of endpoint security.
Now Anyone Can Deploy Google’s Troll-Fighting AI (WIRED) Google subsidiary Jigsaw is now offering developers access to an API for its AI-based detector for abusive comments.
Technologies, Techniques, and Standards
Can the World Economic Forum's Cyber Security Principles Advance Cyber Resilience? (Security Week) A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.”
Advancing Cyber Resilience Principles and Tools for Boards (World Economic Forum) Cyber resilience and cyber risk management are critical challenges for most organizations today. Leaders increasingly recognize that the profound reputational and existential nature of these risks mean that responsibility for managing them sits at the board and top level executive teams.
Getting ready for the GDPR: what you need to know and how to prepare (Computing) Pillsbury Law experts provide breakdown on how law will affect your business.
Has fraud met its match? (CSO Online) New and dynamic authentication factors can help prevent identity theft. The idea of using a fingerprint reader to log on to a smartphone is nothing new, but the latest wrinkle is the pressure with which that finger pushes on the reader.
Famed Hacker Kevin Mitnick Shows You How to Go Invisible Online (WIRED) Want to become invisible online? Start with your emails.
Three Ways to Combat Shadow IT 2.0 (Security Week) While we can blame the cloud for shadow IT 2.0, SaaS isn’t the culprit this time.
Noise-Canceling Headphones for Your Threat Intel Team (Security Week) With transparency and customized scoring, you cancel out the noise that’s distracting your threat intelligence team
10 Essential Security Measures To Keep Your Online Banking Safe In 2017 (Dane County Credit Union) With all the cyber criminals out there, how can you protect your information? Here are 10 essential security measures you must take now.
How Those Impacted by the 2015 Cyber Attack Against Anthem Who Were Under 18 at the Time Can Get a Credit Freeze (BusinessWire) Anthem is offering a special minor credit freeze program to parents and legal guardians of minors whose information was involved in the 2015 cyber att
Design and Innovation
Tech to make background checks a little smarter (CNNMoney) Onfido is a startup that aims to streamline remote background checks and identity verification by using facial recognition technology.
If your TV rats you out, what about your car? (Autoblog) You drive. It watches.
Dropbox’s tool shows how chatbots could be future of cybersecurity (Naked Security) Open-source Securitybot works in Slack to make dealing with security notifications smoother
Academia
CyberTraining 365 and ICMCP Join Forces to Offer Expert Cyber Security Training and Decrease the Skills-Gap (Yahoo Singapore Finance) We are proud to announce our newest scholarship for the International Consortium of Minority Cybersecurity Professionals (ICMCP). Offering 100 ICMCP Members with 6 months of free access to our online academy, CyberTraining 365 hopes to give those new to cybersecurity the skills they need to further their career, while helping fill the cybersecurity skills-gap. ICMCP will be awarding over $33,000 worth of online cyber security training, from our academy, to their members, over the next two years.
Cyber Challenge begins at VMI (WDBJ) This is the first year for the event which combines an invitation-only cyber competition with learning and career opportunities in the cyber world.
Legislation, Policy, and Regulation
ECO summit to focus on transport, cyber linkages (DAWN.COM) The coming 13th summit of the 10-member Economic Cooperation Organisation (ECO) will focus on...
Would a new world accord make the lawless internet safe again? (McClatchydc) If the internet is unsafe now, experts say it will only get more insecure over the next decade. That is one of the reasons why Microsoft is calling for world to enact a Digital Geneva Convention.
Cyber sovereignty principles need to be quickly defined, say experts (The Indian Express) Cyber sovereignty principles need to be quickly defined to address not just national sovereignty and security but also balance conflicting state interests in cyberspace,
A Survey of Nation State Sponsored Hackers (Owl Cyber) The darknet is an unpredictable source of both white hat and black hat hackers working to develop malware, toolkits and viruses (MTVs) for any number of reasons - from political hacktivism to cyber crime.
Cyber Proxies: A Central Tenet of Russia’s Hybrid Warfare (Cipher Brief) Cyber operations remain at the forefront of confrontations between the West and Moscow as relations continue to deteriorate.
First Aussie cyber threat sharing centre opens in Brisbane (iTnews) Co-locates private, public sector experts.
Cyber Espionage Seen Expanding to Grasp Trump Policy Changes (Bloomberg.com) U.S. government agencies, think tanks and political groups should expect an increase in cyber espionage as countries like Iran try to grasp changing foreign and military policies under the new Trump administration, according to an executive with cybersecurity company FireEye Inc.
Rogers touts SOCOM as model for cyber command (InsideDefense.com) The head of U.S. Cyber Command says his organization should be elevated to a unified combatant command and have a centralized structure similar to that of U.S. Special Operations Command.
NSA head Rogers pushes to loosen reins on cyberweapons (TheHill) Adm. Michael Rogers — both head of the National Security Agency (NSA) and Cyber Command — is pushing for widespread changes to the U.S.'s treatment of cyber weaponry, including contracting private sector firms to develop arms.
Assessing US capabilities in cyberspace (Fifth Domain | Cyber) Among the proposals and directives outlined in the three drafts are four cyber reviews, including a full-scale assessment of the nation’s capabilities in cyberspace.
Trump national security adviser wants to avoid term 'radical Islamic terrorism', sources say (Guardian) HR McMaster felt phrase castigates ‘an entire religion’ and indicated ‘he’s not on board’ – a contrast with the president and many key staff members
Opinion: Will Trump sink Privacy Shield? (The Christian Science Monitor Passcode) If Trump walks back US surveillance reform, he could jeopardize a trade agreement with the European Union that ensures the free flow of data across the Atlantic.
FCC prepares to pull broadband privacy rules adopted last year (TechCrunch) FCC Chairman Ajit Pai announced his intention today to block a privacy rule adopted by the Commission late last year. Citing its disharmony with existing FTC..
Policy Experts Push To Make Vulnerability Equities Process Law (Threatpost) By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.
Navy developing preplanned cyber network incident procedures (C4ISRNET) The Navy is looking to develop procedures ahead of time in the case networks go down aboard ships afloat.
Information Warfare Breaks Regional, Geographic Boundaries at WEST 2017 (DVIDS) WEST 2017 concluded on Feb. 23 following three-days of speakers, panels, demonstrations and capability displays.
Congress wants more, better federal cyber workers despite hiring freeze (FederalNewsRadio.com) House and Senate committees are going to prioritize oversight of how agencies hire and train their workforces to deal with cybersecurity.
Top bank executives required to vouch for cyber attack defences (Financial Times) World’s biggest banks and insurers have to meet New York regulator’s tough new rules
New UK laws address driverless cars insurance and liability (Register) 'Automated' vehicles – who pays for damage?
Litigation, Investigation, and Law Enforcement
Treason charges against Russian cyber experts linked to seven-year-old accusations (Reuters) Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation.
Kaspersky security expert charged with treason for sharing security data with Verisign (Computing) Seven-year-old allegations that Kaspersky employee passed on "secrets" to Verisign cyber crime unit
FBI urged to reveal how much it cost to unlock the San Bernardino iPhone (The Next Web) Associated Press, Vice Media and Gannett have asked US court to force the FBI to reveal how much it cost to unlock the iPhone from the San Bernardino case.
I’ll never bring my phone on an international flight again. Neither should you. (freeCodeCamp) A few months ago I wrote about how you can encrypt your entire life in less than an hour. Well, all the security in the world can’t save…
Sentenced to Prison For Telegram Posts (Iran Wire) The Revolutionary Court in the Kurdish city of Saghez sentenced four people to prison for “propaganda in support of Kurdish opposition parties” after they set up a group and channel on the Telegram messaging service.
How to Hunt a Lone Wolf (Foreign Affairs) To make one-off attacks less likely and prepare for those that do occur, governments should keep would-be terrorists isolated, build strong relationships between Muslim communities and law enforcement, monitor social media, and discredit the ideology that lone wolves embrace.
The Man Who Broke Ticketmaster - Motherboard (Motherboard) The most infamous ticket scalper of all time used bots to buy millions of tickets. Now he wants to stop them.
Can parental spyware keep kids safe online? (The Christian Science Monitor Passcode) Some law enforcement officials says it won't – and are discouraging parents from relying on a growing number of smartphone surveillance apps to guard against bullying and sexual predators.
Florida Man Pleads Guilty To Clinton Foundation Hack Attempts (Dark Reading) Timothy Sedlak also convicted in child pornography case and sentenced to 42 years in jail, Reuters reports.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.
Upcoming Events
Second Annual International Security Conference (Riyadh, Saudi Arabia, Feb 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify their portfolio into international companies, particularly in the field of cyber security sectors where innovation could benefit the regional cyberdefense capacity.
SANS Dallas 2017 (Dallas, Texas, USA, Feb 27 - Mar 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security courses to provide you with the training and certification that you need to boost your career by learning from the best! SANS instructors are industry professionals who will ensure that you not only learn the material, but that you will also be able to apply what you learn your first day back in the office.
Inaugural Yorkshire and Humber Cyber Protect Business Conference (Leeds, England, UK, Feb 28, 2017) The aims and objectives of this conference are to raise cyber awareness built around the 10 steps to cyber security, provide an environment and opportunity for professionals to network and share experiences and solutions, connect industry, academia and law enforcement collaborating to drive innovation and creativity to find effective and efficient methods to protect businesses and pursue cyber criminals and to promote the CISP network and membership. The audience will be made up of small, medium enterprises from around the Yorkshire and Humber region, law enforcement, police partners and industry and academic partners.
Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.
The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers
International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.
SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.
Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?
15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.
ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.
Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.
IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.
Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.
Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, Mar 30 - Apr 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, Mar 31 - Apr 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.