Snake Wine may be a (Fancy, Cozy) bear infestation in Japan. Singapore sees attempt against its Defense Ministry. Google releases another unpatched Microsoft vulnerability. Stuffed animals remember and report too much? ESET patches its AV.
Cylance has found a threat group operating against business and government targets in Japan. They're tracking the campaign as "Snake Wine," but the operation looks a great deal like APT 28, also known as "Sofacy," which, of course, became famous over the past year for its involvement in apparent attempts to either influence or discredit the US elections. Snake Wine has a lot in common (particularly its registration style) with attacks attributed to Russian intelligence services, but in this instance there's a degree of ambiguity, since some aspects of the campaign seem to be marked with China's spoor. The threat actors have adopted a variety of measures to baffle attribution. Their goal is a matter of speculation, but Cylance thinks there's a good chance Snake Wine is ultimately aimed at disinformation.
Personal data belonging to about 850 members of Singapore's military services have been stolen in an apparent attempt to penetrate that country's Defense Ministry. The theft was successful but the penetration wasn't. Authorities in Singapore believe the culprit is some state actor, with most signs pointing to China.
Google has disclosed another set of unpatched vulnerabilities in Microsoft's Internet Explorer and Edge browsers. While Google's Project Zero has been reticent about the details, lest they render exploitation easy, it's believed the flaws could render users vulnerable to remote code execution.
There are reports that stuffed animals from CloudPets, said to be Internet-connected, contain privacy flaws that record and report conversations in the toys' vicinity.
ESET patches its Mac antivirus.
Notes.
Today's issue includes events affecting Brazil, China, Czech Republic, European Union, Germany, Italy, Japan, Kazakhstan, Lebanon, Malaysia, Mexico, Russia, Singapore, Sweden, Syria, Turkey, United Arab Emirates, United Kingdom, and United States.
A note to our readers: while we concluded our dedicated RSA coverage with yesterday's issue, you may find an updated account of threat intelligence interesting if you haven't already seen it. We also have an article up recapping our conversations with some innovative companies; you may find any of them worthy of your attention.
In today's podcast we talk to our partner and friend Joe Carrigan from the Johns Hopkins University: he's here to give us all the straight dope on the Cloudbleed data leak. Our guest is Steve Grossman from Bay Dynamics on the equally timely issue of what we need to know about the New York State cyber regulations that take effect tomorrow.
And we've also got two special editions up. One we've been telling you about: our 2017 prognostication special. The other one is new, just posted. It's a look at everything concerning artificial intelligence we heard discussed at RSA.
Cyber Attacks, Threats, and Vulnerabilities
Nachrichtendienst: BND bespitzelte offenbar ausländische Journalisten (Spiegel) Von der britischen BBC über die Nachrichtenagentur Reuters bis zu einem Telefonanschluss der "New York Times": Nach SPIEGEL-Informationen hat der deutsche Auslandsgeheimdienst weltweit Medien überwacht.
Japan-Centric APT Campaign Targets Government (Infosecurity Magazine) The hackers believed to be behind the election-season hacking in the United States may have now set their sights on Japan.
The Deception Project: A New Japanese-Centric Threat (Cylance) Cylance has discovered another prolonged campaign that appears to exclusively target Japanese companies and individuals. To date, all observed attacks were the result of spear phishing attempts against the victim organizations.
Singapore: Defence Ministry comes under cyber attack, but no secrets leaked (Asian Correspondent) Cyber attackers have stolen basic personal data from about 850 Singapore national servicemen and employees in a possible attempt to access official secrets, the Defence Ministry said on Tuesday.
Singapore military hack ‘probably state sponsored’ (South China Morning Post) Breach of defence ministry’s ‘I-net’ system stole identity card information, telephone numbers and dates of birth of 850 people
Mexico’s misinformation wars (Medium) How organized troll networks attack and harass journalists and activists in Mexico
Syrian Rebels Are Using Snapchat to Sell and Show-Off Their Weapons (Motherboard) Why Snapchat is the perfect ephemeral weapons marketplace.
Google releases details, PoC exploit code for IE, Edge flaw (Help Net Security) Google has released details about a serious vulnerability in the Internet Explorer and Edge browsers, along with PoC exploit code.
Google Discloses Another ‘High Severity’ Microsoft Bug (Threatpost) Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers.
126 vBulletin forums hacked; 819,977 accounts leaked on hacking forums (HackRead) vBulletin (vB) is an internet forum software widely used by website owners. Lately, there has been a critical vulnerability in the software's old versions
Carders capitalize on Cloudflare problems, claim 150 million logins for sale (CSO Online) A carder forum is advertising a special deal to VIP members. The website claims to possess more than 150 million logins, from a number of services including Netflix, and Uber.
Cloudbleed’s silver lining: the response system worked (Naked Security) There are points of contention but overall the researcher-to-vendor collaboration delivered
RATANKBA: Delving into Large-scale Watering Holes against Enterprises (Trend Labs Security Intelligence Blog) In early February, several financial organizations reported malware infection on their workstations, apparently coming from legitimate websites.
SHA-1 collision can break SVN code repositories (CSO Online) The recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system.
Germans, Czechs served with banking malware through SMS (Help Net Security) German and Czech Android users are getting served with a variant of the Marcher banking Trojan directly through text messages.
Cyber extortionists hold MySQL databases for ransom (Help Net Security) We have witnessed attackers holding MongoDB, CouchDB and Hadoop databases for ransom, and now they've set MySQL databases in their sights.
Attackers using cracked builder to duplicate and spread Betabot (Naked Security) Some attackers love Betabot malware but not all of them like paying for it
Millions of smart devices in Spain are vulnerable to attack (Help Net Security) Avast identified more than 493,000 smart devices in Barcelona and 5.3 million in Spain overall that are connected to the internet and vulnerable to attacks.
Avast Exposes Internet of Things Attack Risk in Barcelona, Home of Mobile World Congress 2017 (BusinessWire) A new Avast research experiment shows that half a million smart devices including webcams and baby monitors in Barcelona, home of Mobile World Congres
500,000+ devices have dangerous apps installed (Help Net Security) At Mobile World Congress (MWC) 2017, connected cars, the future of smart homes and, of course, the newest handsets are top of the agenda. Intel Security’s
1500 companies in over 100 countries hit by malicious Adwind backdoor RAT (Graham Cluley) More than 1,500 companies in over 100 countries have suffered an infection at the hands of the Adwind Remote Access Tool (RAT).
Analysis of a Simple PHP Backdoor (SANS Internet Storm Center) With the huge surface attack provided by CMS like Drupal or Wordpress, webshells remain a classic attack scenario.
More on Bluetooth Ingenico Overlay Skimmers (KrebsOnSecurity) This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes.
Password-Manager Apps (TeamSIK) There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords.
A (Fruit) Fly on the Wall: Surveillance Malware (Wapack Labs) The Fruit Fly malware is designed to exploit web cams that are used for surveillance. There are both Windows and Mac versions. A...
The Economical RAT: Luminosity.Link (Wapack Labs) The Luminosity.Link Remote Administration Tool (RAT) has been observed by a number of companies over the past year being spread ...
Wikipedia’s bot-on-bot battles that can last for years (Naked Security) Sustaining a grudge is a lot easier when you don’t have to take breaks. Or breathe.
Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages (Ars Technica) Publicly accessible database wasn’t even protected by a password.
Smart teddy bears involved in a contentious data breach (CSO Online) If you own a stuffed animal from CloudPets, then you may have been hacked. The company’s toys -- which can receive and send voice messages from children and parents -- have been involved in a serious data breach dealing with more than 800,000 user accounts.
iPhone Robbers Try to iPhish Victims (KrebsOnSecurity) In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone.
Tens of thousands of Chromebooks fail because of Symantec BlueCoat problem (ZDNet) Did your web access just go badly wrong when you upgraded to the Chrome web browser 56 or Chrome OS 56? The problem is probably in your web proxy.
Boeing Notifies 36,000 Employees Following Breach (Threatpost) A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse.
Online scammers target seniors during tax season (WVLT Local 8) Officials report that over two-thirds of U.S. seniors have been victim or target of at least one common online scam or hack.
Security Patches, Mitigations, and Software Updates
ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle (Register) Get patching – fix available now
Microsoft Adds Technical Updates to SDL Site (Dark Reading) Microsoft releases a new round of updates and technical content additions to its Security Development Lifecycle website.
Cyber Trends
Threat Intelligence: Use Cases, War Stories, and ROI (updated) (The CyberWire) Ability to collect information can notoriously outstrip the ability to analyze that information into intelligence. And once you have the intelligence, what, exactly, are you supposed to do with it? After all, you haven't developed it merely to gratify curiosity. So what are the use cases? (Updated 2.27.17.)
Passcode at SXSW: Ad blockers, spies, hackers, and Hollywood (The Christian Science Monitor Passcode) From biometric tracking to smart cities to hackers on film, bookmark our four panels on digital security and privacy at this year's South by Southwest festival in Austin.
Katie Moussouris on Bug Bounty Programs, Hack the Army, and Wassenaar (Threatpost) Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement.
New AT&T Research Finds 75% of Email Traffic Could Be Malicious (AT&T) And 50% of businesses have outdated cybersecurity protections
Password re-use is rampant among Millennials 18-30 (Infosecurity Magazine) More than half of respondents in a new survey are still trying to remember their passwords in their heads.
Marketplace
New Report: Businesses Suffer Serious, Measurable Damage From Data Breaches (Inc.) People who own, run, or work for businesses should take note of several findings of a recent Cisco study of the impact of data breaches.
Cyber Insurance Uptake Hampered By Skewed Data, Poor Communication (Dark Reading) Only 29% of US businesses have cyber insurance; Deloitte outlines steps for insurance companies to improve risk models, communication, and policy sales.
Salary Survey: What's a CISO Worth in 2017? (Bricata) Several benchmarks suggest CISO salaries are rising and top $200,000 dollars. The figure may seem sizable except when compared with the cost of exposed risks.
A year after Jasper acquisition Cisco expands the platform (TechCrunch) Just over a year ago Cisco bought Jasper Technologies for $1.4 billion, and with that transaction, created the company's IoT cloud business. This week, Cisco..
Strategic Cyber Ventures aims to build ‘supermax prison’ to halt hackers (Washington Post) The D.C.-based venture fund announced its fourth of at least eight investments Monday.
As OPM’s background bureau gets off the ground, could a bid protest stymie its efforts? (Federal News Radio) The Office of Personnel Management’s National Background Investigations Bureau (NBIB) is almost five months old and already embroiled in its first bid protest.
SS8 Among Key Vendors Making Up Security Analytics Ecosystem According to Independent Research Firm (Marketwired) SS8 BreachDetect recognized for using communication analytics to find compromised devices
Ad hoc Research Associates receives 8(a) certification from SBA Read more: http://www.digitaljournal.com/pr/3250203#ixzz4Zysl7g5F (Digital Journal) Ad hoc Research Associates, LLC is proud to announce that it has received 8(a) certification from the Small Business Administration (SBA).
Products, Services, and Solutions
Nehemiah Security's AtomicEye RQ Quantifies the Effects of Cyber Exploits (BusinessWire) Nehemiah Security, an internationally recognized supplier of cybersecurity software and services to enterprise and government organizations, today announced...
Big strides in Cloud security: IP whitelisting & required 2-Step Verification in Bitbucket (Atlassian) We live in an age where data breaches are very common. In the last three years major retailers to modern tech companies have experienced massive data breaches - yet CompTIA research shows that most companies are still not fully prepared against security threats and haven't taken necessary steps to overhaul their security measures.
LookingGlass ScoutPrime Becomes First Threat Intelligence Platform Compliant with STIX 2.0 (BusinessWire) LookingGlass™ Cyber Solutions, a leader in threat intelligence driven security, today announced that its ScoutPrime™ platform has successfully...
LockPath Announces Availability of GRC Buyer's Guide (Marketwired) Guide will help bring transparency to GRC software purchasing
eSentire Adds Cloud Visibility to Deliver Integrated Managed Detection and Response (Marketwired) 360-degree visibility across network, endpoint, and cloud enables unparalleled threat detection and response from fully nanaged security operations center (SOC)
Cisco Accelerates Digital Network Transformation with New Virtualization and Security Technologies (EMEAR) According to a newly released IDC study, organizations around the world are expected to triple the adoption of modern, automated networks over the next two years. To accelerate the journey to these digital-ready networks, Cisco is introducing new technologies that allow customers to virtualize and secure their networks.
Simility Achieves PCI DSS Service Provider Level 1 Compliance (Benzinga) Cloud-based fraud prevention solution achieves PCI Compliance to beef up customer data security from credit card fraud and hacking.
Not all threat intelligence is created equal (Help Net Security) Learn the difference between threat intel versus threat intelligence platforms, how threat intelligence changed over the past few years, and much more.
Hypori: First Virtual Mobile Device to Achieve NIST Certification (Video) - American Security Today (American Security Today) Hypori, has obtained the Federal Information Processing Standards (FIPS) 140-2 Level 1 certification for cryptographic modules from the National Institute of Standards and Technology (NIST), making it the first virtual mobile infrastructure (VMI) provider to receive the difficult certification for a virtual mobile device. The certification approves Hypori’s virtual mobile device as a method for federal …
Spirent extends security, performance testing leadership with CyberFlood (-Voice&Data) British telecommunications company Spirent Communications said that it has extended its lead in security and performance testing by introducing the industry’s first server-response fuzzing capability within CyberFlood, its premier security test solution.
DarkMatter launches secure mobile suite | The National (The National) DarkMatter’s Katim suite includes a secure mobile device with its own 'hardened' Android operating system, together with a secure communications application suite and cyber command centre.
Lidera Network Signs Agreement with Cylance to Distribute Artificial Intelligence-Based Cybersecurity Solution (BusinessWire) Lidera Network, IT value wholesaler, has signed a distribution agreement with Cylance® Inc. to offer its next-generation endpoint security solutio
Carbon Black extends reach with M.Tech partnership (CSO) Carbon Black, the leading provider of next-generation endpoint security, today announced a channel distribution agreement with M.Tech, a leading regional IT security solutions distributor.
Google's Ease-of-Use Email Encryption Project Goes Open Source (Dark Reading) E2Email, together with open source Key Transparency project, are meant to take on the challenges that have dogged end-to-end email encryption adoption for decades.
Google shifts on email encryption tool, leaving its fate unclear (CSO Online) Google is asking developers to take over its effort to make end-to-end email encryption more user friendly, raising questions over whether it’ll ever become an official feature in the company’s products.
Technologies, Techniques, and Standards
The CEO's Guide to Data Security - AT&T Cybersecurity Insights | Volume 5 (AT&T Cybersecurity Insights) Increasingly, organizations of all sizes are facing a growing variety of cyberthreats. Protect your data through innovation with AT&T Cybersecurity Insights: The CEO’s Guide to Data Security.
Rewriting the rules on how to protect against evolving adversaries (Help Net Security) Hackers are getting better at exploiting your organization's increasingly complex IT environment. Adversaries are using highly customized attack campaigns
Who should be on an insider risk team? (CSO Online) Catching an insider taking confidential information doesn't happen by chance, and policies and procedures must be in place to know what to do when an insider is caught.
What should an insider risk policy cover? (CSO Online) To protect from liability concerns, enterprises need something in writing so that everyone knows what to do upon finding an insider threat. Here are some suggestions from security experts.
Measuring the Detection and Response Gap (ThreatConnect) Despite efforts to stockpile the best technology and assemble an army of defenders, today’s security organizations struggle with inefficiencies.
The Top Six Obstacles to Adoption of the Industrial Internet of Things (Mocana) The following aspects show how many hurdles will be surmounted to open the inevitable future of the IIoT.
In Cybersecurity, Language Is a Source of Misunderstandings (Dark Reading) To successfully fight threats across industries, we must all use the same terminology.
Addressing pain points in governance, risk and compliance (Help Net Security) The end goal with GRC implementation is to streamline the general day-to-day processes of activities, and support collaborative efforts between departments.
20 Questions for SecOps Platform Providers (Dark Reading) Security operations capabilities for the masses is long overdue. Here's how to find a solution that meets your budget and resources.
Regardless of where it is stored, it's your data in their cloud. (Infosecurity Magazine) Regardless of where it is stored, it's your data in someone else's cloud.
Learning Cryptography Through Bitcoin’s Proof of Existence Feature (Nigeria Today) Proof-of-existence (PoE) is a utility built into the Bitcoin blockchain that allows anyone to store records in an immutable fashion.
Paranoid Spouses Can Spy on Partners' iOS 10 Devices with iCloud Backups (Motherboard) In this case, you still need the target's Apple ID and password.
Design and Innovation
Roundup: Conversations with Innovators (The CyberWire) While at RSA 2017 we spoke to a number of companies, and we've recounted what we learned in our other coverage. But we also wanted to present a roundup of some of the more interesting and innovative start-ups we caught up with before, during, and after RSA. Here are some firms worth your attention.
Opinion: The tech behind Bitcoin could reinvent cybersecurity (The Christian Science Monitor Passcode) Blockchains track, record, and secure transactions made within the virtual currency Bitcoin. They can also help defend many critical systems from devastating cyberattacks.
Google! Here's how to achieve 'really intelligent search' (Computing) Peter Cochrane examines how to bring AI to bear on search engines - but do Google et al really want to make search more efficient?
Academia
Cyber attack simulation unearths fresh talent (The Engineer) This year’s first Cyber Security Challenge UK has taken place, with 30 of the country’s top amateur cyber practitioners coming together to defend against a simulated attack. Hosted by Protection Group International (PGI), the event saw teams attempting to thwart a cyber attack on a connected car company, similar to the 2016 Mirai DDoS IoT...
Coding, Cybersecurity Classes Give Hawaii Teens Head Start on IT Career Path (Government Technology) Four students from Waipahu High School are on track to work part time at the National Security Agency’s Hawaii office while they are seniors.
Legislation, Policy, and Regulation
The failure of EU's regulation on cyber-surveillance tech exports (Help Net Security) A report shows how EU regulation has failed to prevent authoritarian regimes from getting their hands on cyber-surveillance technology.
Sweden to scale up cyberwar defense funding (Fifth Domain | Cyber) Sweden is set to earmark increased budgetary funding to strengthen its cyberwarfare defense infrastructure and increase the country’s capability to protect critical infrastructure.
Cyberwar, US, Russia and the non-State Actors: Frenemies with Benefits? (Cyberint) The growing tension between Russia and the US on the cyberfront has opened a Pandora box of cyberthreats. Are we on the verge of the “cold cyberwar”?
Russia looks for positive signals in Trump's speech to Congress (Reuters) Russia's deputy foreign minister said on Tuesdays that relations with the United States were at their lowest ebb since the Cold War, but hoped they could improve under U.S. President Donald Trump.
NSA, Cyber Command structure should remain the same (TheHill) OPINION | THe U.S. can learn from Israel.
FCC Chairman pledges to roll back net neutrality regulations during European address (TechCrunch) As Ajit Pai took the stage for a speech at Mobile World Congress in Barcelona this morning, CNBC anchor Karen Tso noted that the newly appointed FCC..
US regulator set to tamp down on privacy rules (The Christian Science Monitor Passcode) The Federal Communications Commission will announce plans to delay Obama-era privacy regulations that would push broadband companies to institute stronger standards for protecting consumers' data.
Litigation, Investigation, and Law Enforcement
Yahoo offers new details on breaches to Senate committee (TechCrunch) Since Yahoo disclosed two mega-breaches late last year, its executives have met almost daily with CEO Marissa Mayer for working sessions focused on improving..
Samsung head Lee Jae-yong charged with bribery, embezzlement and hiding assets overseas (Computing) Four other Samsung executives also charged
IT admin was authorized to trash employer’s network he says (Naked Security) It’ll make you think twice about hitting the delete key
Two Charged In Gas Station Card-Skimming Scheme (Dark Reading) Two individuals face federal charges for skimming debit card information from gas station pumps across multiple states.
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Inaugural Yorkshire and Humber Cyber Protect Business Conference (Leeds, England, UK, Feb 28, 2017) The aims and objectives of this conference are to raise cyber awareness built around the 10 steps to cyber security, provide an environment and opportunity for professionals to network and share experiences and solutions, connect industry, academia and law enforcement collaborating to drive innovation and creativity to find effective and efficient methods to protect businesses and pursue cyber criminals and to promote the CISP network and membership. The audience will be made up of small, medium enterprises from around the Yorkshire and Humber region, law enforcement, police partners and industry and academic partners.
Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, Feb 28 - Mar 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.
The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders including: Mary McCord, Asst. Attorney General for National Security, U.S. Dept. of Justice & Chad Alvarado, Supervisory Special Agent, Cyber Task Force, FBI Denver Division. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers
International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, Mar 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons learned, and methodology on cyber security. We are delighted to build on last year’s very successful ICRMC. Cyber security has grown into a global pandemic and organizations of all sizes are struggling with questions on how to mitigate, manage, and transfer cyber risk. We’ve structured our agenda based on delegate feedback and our exceptional 2017 Advisory Committee is determined to provide engaging high-profile speakers and compelling content to share knowledge, captivate and educate. Visit www.icrmc.com for details.
SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.
Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?
15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.
ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.
Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.
IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.
Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.
Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, Mar 30 - Apr 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, Mar 31 - Apr 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, Apr 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, Apr 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.