Question: What happened to the Internet Wednesday? Answer: A typo. Google purges bad Android apps (which CERT Polska had rendered largely harmless). Bullets dodged in the Cloudbleed and Slack bug cases. Industry notes. Cyber conflict and cyber arms control.
Amazon has identified the cause of the S3 server outage that rendered large swathes of the Internet unavailable Wednesday: a command entry error during debugging. The operator intended to remove some capacity, temporarily (a routine practice); unfortunately a typo caused the command to remove far too much capacity. Amazon is working on procedures to prevent a recurrence.
There's some welcome good news about vulnerabilities and risk mitigation today. First, Google has removed 132 Android apps from the Play Store. They contained hidden iFrames that linked to malicious domains. Those apps weren't in much position to do damage anyway: CERT-Polska had sinkholed the malicious domains back in 2013.
The Cloudbleed bullet also seems to have been dodged. CloudFlare says the vulnerability was triggered 1.2 million times, but that there was no evidence of malicious exploitation. The company has also engaged Veracode to conduct a third-party check of CloudFlare's software.
And Slack is getting good reviews for their swift patching of a vulnerability—a potentially serious one—that exposed user tokens to compromise. They responded to the bug disclosure in half an hour and had a fix out in five hours. A Detectify researcher reported the vulnerability under Slack's bug bounty program.
In industry news, Symantec has opened a venture arm. Yahoo!'s exit by sell-off to Verizon is concluding with whimpers as the Yahoo! board investigation of the company's breaches imposes costs on executives.
China warns of the dangers of cyber conflict.
The Wassenaar cyber arms control regime's future looks shaky (again).
Today's issue includes events affecting Australia, Canada, China, Poland, Russia, Singapore, United Kingdom, and United States.
In today's podcast, we hear from our partners at Terbium Labs, as Emily Wilson tells us what tax season looks like from the dark web. We also hear from Melanie Gluck of MasterCard about the behind-the-scenes security systems that protect our credit cards.
There's also a bit of video from RSA, done by Cylance in partnership with the CyberWire. It's short, so watch and enjoy the heebie-jeebies being shared on the floor. (The scariest malware story trophy is awarded at 2:20.)
And, of course, our special edition on artificial intelligence is up. Hear what we learned in conversations with experts in the field.
Cyber Attacks, Threats, and Vulnerabilities
AWS S3 outage blamed on employee's typo (Computing) Firm say it will make "several changes" to prevent recurrence
Forcepoint Researchers Work To Identify A New Piece Of Malware - The Minature Monero Mining Botnet (Information Security Buzz) Throughout February, researchers at Forcepoint have been identifying a new and unusual piece of malware – the miniature Monero mining botnet. Just like the California Gold Rush attracted amateurs lured by the promise of easy money (the original ’49ers’), a low barrier-to-entry is tempting unskilled individuals to take up cryptocurrency mining. In January 2017 it was reported that the Sundown Exploit Kit was …
Chinese VoIP Kit Contains Backdoor, Warn Researchers (Infosecurity Magazine) Chinese VoIP Kit Contains Backdoor, Warn Researchers. DBL Technology patched but did not fix issue
132 compromised apps removed from Google Play (Help Net Security) Google has recently removed 132 Android apps from Google Play due to them containing hidden iFrames linking to malicious domains in their local HTML pages.
Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum (Threatpost) Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times.
Cloudflare Breach Had Potential To Be Much Worse (Dark Reading) An initial analysis shows no personal data was leaked and most customers not impacted, Cloudflare's CEO says.
Cloudflare chief pledges third-party review of code (Naked Security) ‘No evidence’ that attackers exploited the vulnerability, says Cloudflare CEO
Privacy Issue Discovered in Telegram Messaging App (Infosecurity Magazine) Researchers from Fidelis Cybersecurity have unearthed an “interesting security issue” involving the popular messaging app Telegram
Cisco Warns of High Severity Bug in NetFlow Appliance (Threatpost) Cisco is warning of a flaw that creates conditions susceptible to a DoS attack in its NetFlow Generation Appliance.
Why Internet of Things is the world's greatest cyber security threat (HackRead) The number of Internet-of-Things (IoT), devices will reach more than 15 billion units by 2021, according to research from Juniper. As businesses and consum
Common Types of Ransomware (eSecurity Planet) Ransomware is getting more sophisticated all the time, so prevention is key to avoid paying the ransom or losing data.
Ransomware spiked 752% in new families (Help Net Security) 2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and BEC scams gaining popular among cybercriminals.
Poor robot security could lead to ‘Skynet’ nightmare, warn researchers (Naked Security) Generic robot tools mean robots pose some of the same risks as poorly secured IoT devices – but those fears could be overstated
Yahoo cookie-forging incident affected 32 million accounts (Help Net Security) We finally know how many user accounts were affected by last year's high profile Yahoo cookie-forging incident: 32 million.
Pence used private mail for state work as governor, account was hacked (CSO Online) U.S. Vice President Mike Pence reportedly used a private email account to transact state business when he was governor of Indiana, and his AOL account was hacked once, according to a news report.
Security Patches, Mitigations, and Software Updates
Slack only took five hours to fix bug that could have allowed hackers to hijack your account (Graham Cluley) …on a Friday evening!
Hack Brief: A Slack Bug Could Have Been Everyone’s Worst Office Nightmare (WIRED) A vulnerability in Slack left every account potentially exposed. Thank goodness the caught it in time.
Slack bug paved the way for a hack that can steal user access (CSO Online) One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick its users into handing over access.
Chrome users on macOS to see more dangerous site warnings (Help Net Security) Google's Safe Browsing service will start flagging sites using ad injection and/or peddling potentially unwanted software for Chrome macOS users.
Twitter scrambles those anonymous account eggs (Naked Security) Twitter makes another attempt to reduce abuse by cracking down on eggs
Here's what 'the brave new world' of cyber security will look like (Business Insider Australia) Over recent years, cybersecurity and cybercrime have become areas of increasing concern for both the public and private sector. It is important to note that this is not merely a panic stirred by media and politicians, nor is it a signifier that technology is failing us.
Attackers thrive in a fluid market, while bureaucracy constrains defenders (Help Net Security) Cybercriminals have the advantage, thanks to the incentives for cybercrime creating a big business in a fluid and dynamic marketplace.
The agile IT stack grows and becomes more complex (Help Net Security) IT practitioners are relying on a growing number of tools to do their job, as the underlying systems they must support grow more agile and complex.
The evolution of cloud and mobile security (Help Net Security) Salim Hafid from Bitglass talks about how BYOD, cloud security, and mobile security are affecting businesseses in a real and fundamental way.
Privacy issues in 2017 (CSO Online) Decades ago privacy really wasn’t that much of an ongoing issue. In the days of agrarian society everyone seemed to know about everyone else’s business and personal lives.
Australian security investments increasingly driven “from the top down”: Cisco GM (CSO Online) A growing governmental focus on cybersecurity issues has contributed to a marked upswing in cybersecurity investment that is now often being driven from the board level, according to the head of Cisco Systems’ local security business.
Are Investors Too Excited About Cisco Systems' Anemic Growth? (The Motley Fool) Should Cisco’s stock be hovering near a 16-year high?
America has a 'cybersecurity crisis': Symantec CEO (CNBC) Thirty-nine percent of North Americans have been affected by cybersecurity crime in the past year alone, Symantec's CEO tells CNBC.
Symantec Launches Venture Capital Arm (Dark Reading) CEO Greg Clark says new Symantec Ventures could provide an 'onramp for M&A' opportunities for the security vendor.
Air Force makes cryptographic deal with 7 companies (C4ISRNET) The contract is scheduled for completion by December 2026.
Yahoo CEO Gives Annual Bonus to Employees After Company Confirms New Hacks (BleepingComputer) Yahoo CEO Marissa Mayer announced she'll forgo her annual bonus ($2 million) and equity grant ($14 million), which she'll be redistributing to Yahoo employees instead.
Yahoo withholds CEO Marissa Mayer's bonus as punishment for security breach response (Chicago Tribune) Yahoo is punishing CEO Marissa Mayer and parting ways with its top lawyer for the mishandling of two security breaches in 2014.
Products, Services, and Solutions
New infosec products of the week: March 3, 2017 (Help Net Security) Here's a collection of interesting new products from Avast, FourV Systems, Goodix, Nehemiah Security, Radisys, and Sophos.
HackerOne Offers Free Bug Bounty Programs for Open Source Projects (BleepingComputer) HackerOne, a platform that is offering hosting for bug bounty programs, announced today that open-source projects can now sign up for a free bug bounty program if they meet a few simple conditions.
ThreatConnect Adds Seven Key Partners to its more than 100 Current Integrations (IT Briefing) In an age when an organization may have up to 40 pieces of technology in their security operations, ThreatConnect, Inc.©, provider of the industry's only extensible, intelligence-driven security platform, demonstrates its commitment to uniting specialized, disparate solutions by announcing new integrations with Phantom Cyber, PhishMe, Dragos, Atlassian Jira Software, ServiceNow, and Recorded Future.
Enriching an Indicator with Operations (ThreatQuotient) ThreatQ Operations offers a tremendously powerful investigation and analysis capability to automate efforts across common workflows.
Exostar collaboration solution meets DFARS standards for cybersecurity (GSN) Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced it has augmented its enterprise collaboration solution to provide off-the-shelf compliance with the latest Government cybersecurity standards.
Axway API Management Enhances Security Credentials with Common Criteria Certification (BusinessWire) Axway (Paris:AXW) (Euronext: AXW.PA), a catalyst for transformation, today announced that it has received the access control and policy management
Dell Introduces New Industrial IoT Gateways for Rugged Environments (CIO Today) At Mobile World Congress in Barcelona this week, Dell launched new edge gateways specifically designed to support Internet of Things (IoT) deployments in harsh environments and confined spaces. Dubbed the Dell Edge Gateway 3000 Series, the new gateways target use cases and embedded solutions in the industrial automation, energy, transportation and digital signage markets, according to Dell. MWC 2017, which kicked off on Feb. 27, is running through March 2.
Capsule8: Container-aware real-time threat protection (Help Net Security) Dino Dai Zovi, CTO at Capsule8, illustrates how they're pioneering the industry’s first container-aware real-time threat protection platform.
Short on Security Resources? Try These Force Multipliers (Cisco Blogs) One in four organizations are exposed for six months or longer due to a lack of qualified security workers.
Hey, a Windows 10 Mobile newcomer! – Wandera to release data management app | On MSFT (On MSFT) Sometime later next week, Windows 10 Mobile will be getting a new app in the Windows Store, Wandera. Already available on Android and iOS, Wandera is a Mobile Security and Data Management app for enterprise customers. Based in the UK, US, Czech Republic, and Israel, Wandera offers enterprise customers a Mobile Security and Data Management solution, by providing a unique gateway architecture for secure corporate mobility.
Technologies, Techniques, and Standards
Free decryption tools now available for Dharma ransomware (CSO Online) Researchers have created decryption tools for the Dharma ransomware after someone recently leaked the encryption keys for it.
GDPR: Should you delete all emails after a certain period? (Computing) Robert Bond, partner at law firm Bristows LLP, explains how to deal with the tricky issue of having sensitive data mixed through your email databases,Legislation and Regulation,Cloud and Infrastructure,Privacy ,email,GDPR,Cyber security
Adding threat intel to your security stack (SC Magazine US) This month we are addressing another of the new categories that we've added this year: threat intelligence.
How Netgear and Trustwave built a virtuous cycle of vulnerability disclosure (Cyberscoop) Good news is rare in cybersecurity, but here's some: Coordinated, responsible disclosure of software security vulnerabilities is increasingly the norm.
How to respond to a cyber attack (CSO Online) Following a breach, organizations should focus on mitigating damage and data loss and providing information to law enforcement. Partner at Ballard Spahr, LLP and former Assistant U.S. Attorney Ed McAndrew and Guidance Software President and CEO Patrick Dennis have compiled best practices for preparing and responding to a cyber-attack and working with law enforcement.
4 Easy Ways to Protect Your Company From a Cyber Attack (Entrepreneur) As the frequency of cyber-attacks and data breaches grows, the failure to have a plan of counterattack for your company is no longer an option.
Economic Development: Be sure to protect your business from cyber attack (The Billings Gazette) Is Your Business at Risk for a Cyber Attack?
Design and Innovation
Why A Computer Beating Poker Pros Is Great News for Cybersecurity (Anomali) Use of Machine Learning (ML) is a hot topic in cybersecurity, one which will undoubtedly shape the industry for years to come. To see evidence of this we’d have to look no further than the booths at this most recent RSA Security Conference, where ML was promised as a solution for corporate cybersecurity problems. But why exactly will ML play such a prominent role, and how could it prove useful? Oddly enough the answer comes from the recent victory of ML in a game of poker.A competition
Virginia Cyber Range to grow under new agreement (Virginia Business) Virginia’s new cybersecurity training platform is set to grow statewide thanks to a partnership with Amazon Web Services (AWS).
Legislation, Policy, and Regulation
Trade secrets directive to add to GDPR, NIS directive and Privacy Shield (Computing) Organisations warned of even more EU directives targeted at IT security,Security,Privacy,Threats and Risks,Cloud and Infrastructure ,Cloud,GDPR,secrecy,data security,Privacy,trade secret,Bristows,Robert Bond,General Data Protection Regulation
Uncertain future for Wassenaar 'cyberweapons' agreement under Trump (The Parallax) Revision proposals for the international Wassenaar agreement to control weapons exports aim to address language that could impede security researchers.
China warns against cyberspace becoming a battlefield amid rising international tensions (International Business Times UK) China also called for 'international peace and security' to prevent an 'arms race' in cyberspace.
Parliament: Mindef sets up new cyber command to beef up defence against cyber attacks (The Straits Times) SINGAPORE - The Defence Ministry (Mindef) will set up a cyber command to beef up its defence against cyber attacks, and rope in National Servicemen (NSmen) to play a bigger role in safeguarding the nation's military networks.. Read more at straitstimes.com.
Pentagon Advisers Want Cyber ‘Tiger Teams,’ More Authorities for Cyber Command (Defense One) Pentagon advisers: We need more infrastructure cybersecurity. Congress: We want more election-hacking security.
McCain continues push for cyber policy (FCW) Arizona senator says the U.S. still lacks a clear policy for deterring and defending against cyberattacks and vows to pressure the Trump administration to develop a comprehensive cyber strategy.
Infosec mourns over Howard Schmidt, who helped make the country a safer place (CSO Online) Howard Schmidt advised both President Brack Obama and George W. Bush on cybersecurity. He was a CSO at Microsoft and a CISO at eBay. He led several industry groups, and wrote books on cybersecurity. But when security professionals remember him, it is not so much for his technical accomplishments as for the impact he had on the people around him. He is remembered as a mentor, a communicator, and an educator
Litigation, Investigation, and Law Enforcement
The FBI Allegedly Asked SoundCloud to Delete a Phone Call Recording (Motherboard) Maybe SoundCloud should start a transparency report.
Here Are Some Papers Written By An Arrested Russian Cyber Security Researcher (BuzzFeed) Ruslan Stoyanov was an influential investigator of Russia cybercrime before his December arrest by the Russian government on charges of treason.
Canada accidentally releases classified documents on counterterrorism plans (Defense News) One of the security measures outlined in the document permits fighter jets to shoot down a hijacked commercial airliner in order to protect the CN Tower in Toronto.
Navy's mishandling of classified documents spawns series of investigations (CBC News) The Canadian military conducted almost a dozen formal internal investigations into the "loss or compromise" of classified information during a six year period, and over half of them involved the navy, internal defence department data shows.
California Supreme Court: No, you can’t hide public records on a private account (Ars Technica) "Open access to government records is essential."
The Strange Story of an Alleged Hacker Killed by Police (Motherboard) The first episode of Motherboard’s new pluspluspodcast takes you deep into a twisted tale.
Software engineer detained at JFK airport; forced to prove he is really an engineer (HackRead) Visitors to the US are currently going through a lot of trouble due to the temporary immigration ban imposed by Trump administration and the increased secu
Ex-White House Secret Service officer guilty of “at work” teen sexting charges (Ars Technica) Many of his online chat sessions with an officer posing as minor happened on the job.
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
SIA GovSummit (Washington, DC, USA, Jun 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.
SANS San Jose 2017 (Milpitas, California, USA, Mar 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.
Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, Mar 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?
15th annual e-Crime & Cybersecurity Congress (London, England, UK, Mar 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.
ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.
Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.
IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.
Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.
Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, Mar 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.
SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, Mar 30 - Apr 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, Mar 31 - Apr 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, Apr 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, Apr 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS 2017 (Orlando, Florida, USA, Apr 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.
Hack In the Box Security Conference (Amsterdam, the Netherlands, Apr 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!