The CyberWire Daily Briefing 3.6.17

Summary

By The CyberWire Staff

Cisco's Talos research unit describes DNSMessenger, an evasive remote-access Trojan that avoids detection by pulling malicious PowerShell commands stored in DNS TXT records. As so often happens, victims were infected by enabling macros in a bad Word document. The Asia-Pacific Network Information Centre's (APNIC) chief scientist calls failure to secure DNS "pathetic" and "savage ignorance."

Luxembourg government services sustained a protracted distributed denial-of-service attack last week. The actors and any motives remain unknown. Before this incident DDoS attacks against the country had largely affected financial trading platforms. DDoS has become effectively a commodity form of attack as resistant to suppression as any endemic form of crime: the stressor services, for example, taken down with HackForum late last year are back and being actively traded on the black market.

In the US, an on-going cyber offensive designed to impede North Korean missile development is revealed. Ordered by President Obama, it seems likely to continue under President Trump.

The Defense Science Board's Task Force on Cyber Deterrence has publicly released its final report. It recommends both denial (reduction of vulnerability) and retaliation (which should be assured, encompassing a range of responses from diplomacy through cyber attack to kinetic strike). It discounts cyber arms control as "not viable" and suggests lines of work that might produce higher confidence in cyberattack attribution.

Over the weekend US President Trump said his predecessor engaged in surveillance of the Trump presidential campaign. The former president's spokespeople retort that any surveillance would have been pursuant to FISA warrants.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Algeria, Australia, Canada, China, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Luxembourg, Russia, Singapore, United Kingdom, United States

On the Podcast

In today's podcast, we hear from our partners at Palo Alto Networks, as Rick Howard explains what people mean when they talk about orchestration with respect to cyber security.

Our special edition on artificial intelligence is up. Hear what we learned in conversations with experts in the field.

You may also enjoy some video from RSA. Done by Cylance in partnership with the CyberWire, the video collects some of the more vigorous opinions voiced on the exhibit hall floor.

Sponsored Events

What we do matters. Join Booz Allen. (Tysons Corner, Virginia, USA, March 15, 2017) Calling all innovators, designers, and coders to solve tough problems. Come interview with Booz Allen and learn about their cutting edge cyber job opportunities.

Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Difficult-to-detect new malware hides in memory (SiliconANGLE) Difficult-to-detect new malware hides in memory

DNS-based malware detected, Cisco report (SC Magazine US) Researchers at Talos released findings of their investigation into a curious piece of malware that, they determined, went to great lengths to disguise its origins.

Malware Retrieves PowerShell Scripts from DNS Records (BleepingComputer) Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a domain's DNS TXT records.

Covert Channels and Poor Decisions: The Tale of DNSMessenger (Cisco Blogs) The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks.

Hackers Using Unmonitored System Tools, Protocols for Malicious Goals (HackRead) The IT security researchers at Cisco's security intelligence and research group Talos have discovered a malware that can fully hide its origins. The sample

DDoS attack pummels Luxembourg state servers (Naked Security) Attack has been ongoing since Monday with no indication of who is behind it

Singapore Reveals Cyber Attack on Defense Ministry (The Diplomat) The breach indicates even more capable Asian states are struggling to confront cyber threats.

1 Million Decrypted Gmail and Yahoo Accounts Being Sold on Dark Web (HackRead) A dark web marketplace is where one can buy all sorts of illegal stuff including drugs, fake id cards and weapons. Lately, these marketplaces have become t

Palo Alto Networks Unit 42 Vulnerability Research February 2017 Disclosures (Palo Alto Networks Blog) Palo Alto Networks researcher Tao Yan discovers two new Adobe Flash Vulnerabilities.

Researchers Find 26 Security Flaws in 9 Popular Android Password Managers (BleepingComputer) A team of German security professionals has discovered 26 security flaws in nine of the world's most popular Android password managers.

Threats Converge: IoT Meets Ransomware (Dark Reading) Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?

This old ransomware variant is back - with sneaky new tricks (ZDNet) It's been quiet since 2015, but TorrentLocker has suddenly returned. And this time it wants to steal your passwords too.

Secrets of the Filecode ransomware revealed (Naked Security) Cryptography can be fun! Our resident cryptosplainer Paul Ducklin shows how to recover from the Filecode ransomware without paying up.

Fake Extortion Demands and Empty Threats on the Rise (SurfWatch Labs, Inc.) I’ve previously written about the rise of extortion as an emerging trend for 2017, but if you didn’t want to take my word for it, you should have listened to the numerous warnings share…

Ransomware hits Pennsylvania's Democratic state senators (AIVAnet) Ransomware hits Pennsylvania's Democratic state senators

Businesses Blame DDoS Attacks on Rival Companies (Infosecurity Magazine) Kaspersky Labs research suggests companies blame competitors for DDoS attacks rather than disgruntled employees or political activists

Whack-A-Mole Cyberattackers: Why The DDoS For Hire HackForums Closure Didn’t Matter (Information Security Buzz) It may come off as a pessimistic world view, but lately it seems as though there are two types of news: bad news, and news that seems good but then isn’t.

LeakedSource Clone Pops Up on Russian Domain (BleepingComputer) A website surfaced online today, posing to be the infamous LeakedSource data hoarding service, which went down shrouded in mystery at the end of January 2017.

Mike Pence’s Email Got Hacked? He Won’t Be the Last By a Long Shot (WIRED) Mike Pence joins an ever-growing list of public figures whose email account fell to hackers. It only gets worse from here.

Spammers expose their entire operation through bad backups (CSO Online) In January, MacKeeper researcher Chris Vickery contacted Salted Hash with an interesting discovery, and with the help of Spamhaus, we were able to fully make sense of the data.

In-Depth Analysis of a Criminal Organization Targeting WordPress Websites (Wordfence) Today we are posting an in-depth analysis of a prolific brute force attacker. We show that their motives are financial and are based on a wide-spread campaign to market counterfeit sports apparel websites. We describe the threat actor’s tactics, techniques and procedures. Finally, we follow a financial trail to uncover individuals who are behind the …

Phishing scam uses myGov to pull personal information (CRN Australia) Campaign mirrors the real site.

The Amateur from Algeria (Wapck Labs) On March, 1, 2017 Wapack Labs Researcher observed a hacker providing malicious tools on various Arabic, Russian, and English hack-forums. H...

South Korean Retail Giant Lotte's Website Hacked After US Military Deal (HackRead) Lotte Group is a multinational corporation having footprints across Asia, Europe and North America. It has headquarters in Seoul, South Korea. Apart from J

U of M says 9th malicious email sent Thursday night (CBC News) The University of Moncton says a ninth malicious email was sent to the campus community Thursday night and reached almost 2,000 students.

Cyber attack on Barts NHS trust exploited zero-day vulnerability (ComputerWeekly) A cyber attack that forced parts of Barts NHS trust offline in January 2017 has been blamed on previously unknown malware that was able to bypass the antivirus systems, highlighting a common weakness in cyber defences

Researcher finds bug that allowed free Uber rides (TechCrunch) Uber has patched a bug in its code that allowed a researcher — and anyone else who might've discovered the problem — to hail Uber rides without paying for..

Security Patches, Mitigations, and Software Updates

0patch creates a 0-day patch for Windows gdi32.dll vulnerability before Microsoft (BetaNews) Following the revelation of vulnerabilities in Windows, Internet Explorer and Edge by Google, and the delaying of the traditional Patch Tuesday, Microsoft security update practices have been in the spotlight. Google's Project Zero has exposed security issues that Microsoft is yet to fix, so a third party has decided to step in to help out.

Third-Party Vendor Issues Temporary Patch for Windows GDI Vulnerability (BleepingComputer) A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security.

Microsoft wants you to plan a new generation of legacy systems (Register) Redmond offers six years extra support for Windows, SQL Servers, cheap if you pay now

Apple pushing two-factor authentication for iOS 10.3 users (Naked Security) If you haven’t enabled 2FA on your iDevice, you’ll be getting a reminder to do so. And while you’re there, do it on your other devices, too.

Cyber Trends

Threat of cyber attack on critical infrastructure is real, present danger (Third Certainty) During his keynote address at RSA 2002—and long before Anthem, Target and Sony Pictures attacks—former White House official Richard Clarke famously said, “If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.” Fast forward to the recent S4x17 ICS cybersecurity conference. Clarke described …

Cyber 9/11 is coming - returning Check Point UK boss (http://www.channelweb.co.uk) Nick Lowe reflects on his time away from Check Point as he returns to the vendor he left in 2011,Security,Vendor ,Check Point

Key areas for risk managers in 2017 and beyond (Help Net Security) A majority of banks and other financial institutions surveyed are not confident about their firms' effectiveness in managing cybersecurity and geopolitics.

'Cloud computing is coming to end,' claims Andreesen Horowitz VC (http://www.computing.co.uk) Edge computing is the future - and always will be?,Cloud and Infrastructure,Big Data and Analytics,Software ,cloud summit

The Future of Encryption (Infosecurity Magazine) As technology advances so does our ability to encrypt data, with neural networks now capable of learning how to keep data safe. With so much innovation at our fingertips, Davey Winder explores where else encryption might go in the future.

Verizon: Most Breaches Trace to Phishing, Social Engineering (BankInfo Securtiy) With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris

The next technology war? Artificial intelligence, Penn Medicine IT exec says (Healthcare IT News) With the personal computer OS, browser and smartphone wars behind us, vendors including Amazon, Apple, Google and Microsoft are setting sights on AI devices. Here’s what hospitals need to know now about the emerging technologies.

Half of Fast-Growing Companies Offer In-app Payment Capabilities (Payment Week) Recent studies have shown that it will be the companies that are growing at a rapid rate to accept mobile payments with open arms.

Marketplace

What’s Keeping Risk Officers Awake at Night: Cybersecurity (Institutional Investor) A new Deloitte survey of risk officers for financial institutions finds that many think their firms are not well-equipped to deal with these risks.

New Trend in the Security Space: Customers Want Vendor Consolidation and a Platform Approach (Centrify Blog) Starting late last year, I kept on hearing a growing drumbeat from customers that they were highly interested in consolidating the breadth of security vendors and products that they use internally to secure their enterprise.

Should Investors Buy FireEye's Turnaround Plan? (Madison) When FireEye (NASDAQ: FEYE) released fourth-quarter 2016 results last week, shareholders were interested in hearing the progress the company has made on its transition.

Announcing Our Finalists for the MD Cybersecurity Awards (MDCyber.com) Check out the finalists for the Maryland Cybersecurity Awards Celebration.

Army seeks help to guard against fake social media accounts (FederalNewsRadio.com) The Army put out a request for information (RFI) looking for vendors who could provide services to find, monitor and remove imposter social media accounts.

Request for Information for Identification, Reporting, and Removal of Imposter Social Media Accounts (FedBizOpps) The U.S. Army Contracting Command -New Jersey (ACC-NJ) on behalf of Office of the Chief of Public Affairs (OCPA), Washington DC is currently seeking potential sources with the capability of providing the identification, reporting, and removal of imposter social media accounts.

Google, Microsoft increase bug bounties (Help Net Security) Google increases bug bounties for RCE and unrestricted file system or database access, Microsoft for bugs in Exchange Online and Office 365 Admin Portal.

IBM aims to commercialize quantum computing, launches API, SDK and sees Q systems in next few years (ZDNet) IBM put some more meat on its roadmap and plans to commercialize quantum computing for enterprises. For now, developers will get APIs and a software developer kit to play with qubits.

Fortinet targets MSSPs with new partner program (Channel Life) Fortinet has launched a new program for MSSPs which it says will help partners accelerate profitability and increase leadership.

How cloud-centric Sophos is selling across the security portfolio (ARN) Security vendor doubles down on both endpoint and network plays.

Sexy Snapchatters Aren’t Thrilled With Its IPO (Motherboard) People who sell pornographic photos and videos on Snapchat are worried about a crackdown after the app's parent company went public.

Digital Defense, Inc. Ranked #21 in Cybersecurity 500: World’s Hottest Security Companies (Digital Defense) Digital Defense, Inc. (DDI), a managed security risk assessment firm, has been identified as #21 in the recently announced publication of Cybersecurity 500, a global compilation of leading companies that provide cybersecurity solutions and services.

Malwarebytes CEO Marcin Kleczynski Named CEO of the Year by 2017 Global Excellence Awards (BusinessWire) Malwarebytes™, the leading advanced malware prevention and remediation solution, announced today that Marcin Kleczynski, CEO of Malwarebytes, wa

Jeff Spence takes over as CEO of NexDefense (Atlanta Business Chronicle) Jeff Spence is the freshly minted CEO of NexDefense. The Atlanta-based startup develops software that protects industrial control systems — computer systems that control electric plants, nuclear reactors, oil-and-gas equipment and military equipment — from cyber attack.

Products, Services, and Solutions

IBM opens up its pay-as-you-go quantum computing cloud (http://www.computing.co.uk) IBM Q rolls out from today as IBM looks to take early lead in quantum computing,Cloud and Infrastructure,Big Data and Analytics,Hardware ,ai,Cloud Computing,cloud summit,quantum computing

Microsoft Releases Azure Blueprint To Support UK Government Security Practices (Silicon UK) Microsoft has announced the release of Azure Blueprint for the UK Government’s Cloud Security Principles, providing the highest level of cloud security.

Axway API Gateway earns Common Criteria certification, meets requirements to conduct government business (GSN) Axway (Euronext: AXW.PA),a catalyst for transformation, today announced that it has received the access control and policy management Common Criteria certification for Axway API Gateway, meeting the latest requirements from the U.S. Federal Government to conduct business within government and international agencies and other highly regulated industries.

AlienVault USM Anywhere: Security in the cloud, for the cloud (Help Net Security) AlienVault USM Anywhere is a SaaS security monitoring solution that centralizes threat detection, IR and compliance management across your environments.

Cybereason Signs OEM Agreement with OPSWAT to Leverage Metadefender Threat Intelligence Platform (PRWeb) Cybereason and OPSWAT have signed an OEM agreement in order to offer the industryleading threat detection of OPSWAT's Metadefender platform as part of Cybereason's security solution.

Secure messaging startup Symphony looks to expand the industries playing in its orchestra (TechCrunch) The secure communications technology company, Symphony, is expanding its customer base.

A10 Networks firewall secures path to 5G, proliferation of IoT (Security Middle East) A10 Network expands A10 Thunder CFW family with a new Gi/SGi firewall solution and a software-only vThunder CFW for NFV deployments.

D'Crypt to include Barco Silex IP for public key cryptography in cutting-edge communication chip (Design And Reuse) Barco Silex, leading provider of security IP cores, has entered into an agreement with D’Crypt Pte Ltd, Singapore’s premier design house for hardware cryptography solutions. Barco Silex will provide D’Crypt with its BA414EP core for public key cryptography for inclusion in their FPGA solutions that will secure automotive car-to-infrastructure communication.

Vkansee introduces laptop integration for under-glass optical fingerprint sensor (BiometricUpdate) Vkansee introduced a prototype laptop integration for it’s under-glass optical fingerprint sensor compatible with Windows operating systems, which the company demonstrated at this week’s Mobile Wor…

Firm to secure mobile devices, laptops and IoT devices (The Standard) Sophos has announced the latest version of its Enterprise Mobility Management solution (Mobile 7) extending containerization support for Android Enterprise (formerly “Android for Work,”).

HackerOne Offers Open Source Projects Free Access to Platform (Threatpost) HackerOne announced a free version of its platform for open source projects.

Gmail users can now receive attachments up to 50MB, but please don't send them (CIO) Google doubles the limit of the size of emails it will accept from 25MB to 50MB, but keeps the sending cap fixed at 25MB.

Technologies, Techniques, and Standards

Failing to secure DNS is 'savage ignorance': Geoff Huston (ZDNet) The domain name system is everything, says APNIC's chief scientist. If you're not securing it, that's 'pathetic'.

Kaspersky, ESET, Avast release Dharma ransomware decryptors (Healthcare IT News) The master keys for the ransomware strain Dharma – a Crysis variant – were released on the security website BleepingComputer on March 1.

Cloudbleed Vulnerability Alert (eSentire) Cloudbleed has resulted in the potential exposure of user's passwords and personally identifiable information.

Security experts talk insider threats (CSO Online) So much of the noise today seems to still focus on the adversary/hacker breaking the perimeter and accessing a network. While a huge problem, I wanted to shed more light on the insider threat problem and better understand some potential trends. I interviewed three experts providing perspective from the technical, legal and compliance and consulting viewpoints.

Does Cyber Security Have An Operational Excellence Problem? | McAfee Blogs (McAfee Blogs) Generally, as any start-up matures, the people working in it go through a professionalization process. Silicon Valley may be home to companies where jeans

Design and Innovation

New software continuously scrambles code to foil cyber attacks (Digital Journal) A new approach to foiling cyber-attacks and hackers has been proposed. This takes the form of software that is continuously scrabbling its core code. The program is called Shuffler and it seeks to close every window that a cyber-attack could get through.

Crypto Valley Association building a concentrated blockchain ecosystem in Switzerland (Brave New Coin) Several businesses in “Crypto Valley,” centered in and around the Swiss canton of Zug, recently launched the Crypto Valley Association.

In Case You Missed it, The Blockchain Revolution's Officially Begun (Futurism) Two research labs in Japan and Scotland are being set up to research cryptography, smart contracts, and upgrading cryptocurrency systems.

Research and Development

Analysis of coherent quantum cryptography protocol vulnerability to an active beam-splitting attack. (Quantiki) We consider a new type of attack on a coherent quantum key distribution protocol [coherent one-way (COW) protocol]. The main idea of the attack consists in measuring individually the intercepted states and sending the rest of them unchanged. We have calculated the optimum values of the attack parameters for an arbitrary length of a channel length and compared this novel attack with a standard beam-splitting attack.

Academia

University of Phoenix offers preview of cyber training (Augusta Chronicle) Not everyone is cut out for a career in cybersecurity, and the University of Phoenix’s Augusta campus said it wants to help people find that out before they invest in an education in the growing industry.

Legislation, Policy and Regulation

China's Quest for Informatization Drives PLA Reforms (The Diplomat) China's ongoing military reforms hint at new confidence in the PLA's ability to conduct informatized warfare.

Singapore readies its national army in war for cybersecurity (Security Brief Asia) "Yes, national servicemen will also be trained in vocations for cyber defence - it would be silly for us not to as they are our main resource."

Singapore sets up cyber command (Saigon GP Daily) Singaporean Defence Minister Ng Eng Hen on March 3 said the country will set up a new cyber command to beef up its defence against cyber attacks, source from Vietnamplus.

Obama ordered cyber attacks on NKorea (NewsComAu) FORMER US president Barack Obama undertook a series of cyberattacks against North Korea’s missile program, the New York Times is reporting.

Trump Inherits a Secret Cyberwar Against North Korean Missiles (New York Times) The United States has been trying to sabotage North Korea’s missile program. President Trump must decide what to do next.

Obama hit North Korea's nuclear program with cyber attacks (Mashable) About three years ago, North Korean missiles sputtered during launch attempts.

Final Report of the Defense Science Board (DSB) Task Force on Cyber Deterrence (Office of the Secretary of Defense: Defense Science Board) The United States gains tremendous economic, social, and military advantages from cyberspace. However, our pursuit of these advantages has created extensive dependencies on highly vulnerable information technologies and industrial control systems. As a result, U.S. national security is at unacceptable and growing risk.

DoD scientists offer cyber deterrence framework, report (C4ISRNET) The Defense Science Board released a new report on cyber deterrence.

Report: U.S. military can't guarantee retaliation against major cyber attack (Cyberscoop) For at least the next decade, the U.S. will be at risk from massive cyberattacks against critical industries which could damage its ability to retaliate.

Thank Goodness Nukes Are So Expensive and Complicated (WIRED) Physics and economics have partly protected humans from nuclear weapons. So far, anyway.

Canada under-invests in IT, senior bureaucrat tells cyber security conference (IT World Canada) It’s one thing when a security vendor or consulting firm talks about how increasingly difficult it is to fend off cyber attackers,

Former NSA director: It's time to trash the federal cybersecurity hierarchy (Cyberscoop) Former NSA Director Keith Alexander told senators Thursday that the government should undertake a massive reorganization effort that would consolidate some current cybersecurity responsibilities split between the FBI, Homeland Security Department, Defense Department and intelligence community, into a single entity. “When we talk to the agencies they don’t understand their roles and responsibilities,” said Alexander, …

NSA lawyer advocates for one agency to handle cyber (TheHill) Agency could be modeled after British cyber center, NSA general counsel says.

Cybersecurity experts tell Congress weapons need better security (Defense Systems) A panel of experts told lawmakers new policy or acquisition procedures may be necessary to protect weapons systems.

Pentagon Advisers Want Cyber ‘Tiger Teams,’ More Authorities for Cyber Command (OODA Loop) “The proposed tiger team would ‘develop options and recommendations for improved and accelerated acquisition of scalable offensive cyber capabilities, including additional authorities to USCYBERCOM, and the establishment of a small elite rapid/special acquisition organization.’ The idea echoes what U.S. Cyber Command head Adm. Michael Rogers has said he wants to do

Putin critic will handle Russia for Trump’s National Security Council (Yahoo! Finance) A former intelligence official who has warned that the West dangerously underestimates Russian President Vladimir Putin will manage Europe and Russia on President Trump’s National Security Council (NSC), a White House aide confirmed to Yahoo News. Fiona Hill, who followed Russia and Eurasia for the

White House tech vacancies may threaten cybersecurity advances (The Christian Science Monitor Passcode) President Trump has not replaced the federal chief information officer or chief information security officer, leaving gaps in key positions responsible for safeguarding and updating government systems.

Trump administration reportedly makes request to fix Wassenaar cyber-export controls (InsideTrade.com) Industry sources say the Trump administration has filed with the international parties to the technology export control regime known as the Wassenaar Arrangement to indicate that the United States is interested in having the issue of intrusion software included on the agenda for a technical, planning session expected in April.

House Dems push FCC to adopt stronger cybersecurity measures (TheHill) House Democrats on Thursday introduced a slew of bills aimed at making the Federal Communications Commission (FCC) strengthen its cybersecurity policies.

Trade secrets directive to add to GDPR, NIS directive and Privacy Shield (http://www.computing.co.uk) Organisations warned of even more EU directives targeted at IT security,Security,Privacy,Threats and Risks,Cloud and Infrastructure ,Cloud,GDPR,secrecy,data security,Privacy,trade secret,Bristows,Robert Bond,General Data Protection Regulation

Litigation, Investigation, and Enforcement

If the Feds Did Wiretap Trump Tower, It’s Not Obama Who Should Worry (WIRED) President Trump made extraordinary claims about Obama wiretapping Trump Tower. If wiretapping did take place, it says more about Trump and his associates.

How the feds could have listened to Trump’s phone calls (POLITICO) Government has multiple methods for surveillance, but Obama would not have been allowed to order it.

'Conducted at the behest of the Justice Dept.': Fmr Bush AG Mukasey discusses Trump's wiretap claims (Twitchy.com) "I think he's right."

Trade commission should act to stop Chinese from spying on American consumers (TheHill) OPINION | China's acquisition of Vizio highlights the urgency of the issue.

NSS Labs fires back at CrowdStrike over endpoint security test | CRN (Channelweb) NSS Labs CEO Vikram Phatak accuses CrowdStrike of putting customers' cybersecurity at risk,Security,Vendor ,Crowdstrike,NSS Labs

Trump Adviser Peter Thiel's Palantir Technologies To Aid ICE In Immigration Raids Using Surveillance And Data Analysis (International Business Times) Thiel's company, Palantir Technologies, will be helping Immigration and Customs Enforcement use mass data collection and analysis to track down undocumented immigrants.

Enigma Software Group Resolves Bleeping Computer Litigation (Yahoo! Finance) Enigma Software Group USA, LLC ("ESG") announced that it reached a settlement in the lawsuit it filed last year against Bleeping Computer LLC. The case will now be dismissed. ESG filed suit against Bleeping Computer in federal court in New York

To keep Tor hack source code secret, DOJ dismisses child porn case (Ars Technica) DOJ: "Disclosure is not currently an option."

National 911 cyber attack was first detected in Tarrant County (Star-Telegram) The cyberattack hit 911 call centers from Washington state to Florida. It would lead to the arrest of an 18-year-old Arizona community college student.

Man charged with cyber crimes after NCA raid (Clacton and Frinton Gazette) A man has been charged with cyber crimes after a raid at a house in Colchester.

FCC Issues Emergency Caller-ID Waiver After Jewish Center Threats (Motherboard) The FCC moves to suspend caller-ID rules after a wave of bomb threats across the country.

Anti-Trump Communist Arrested For Jewish Community Center Bomb Threats (The Daily Caller) A disgraced former reporter was arrested by the Federal Bureau of Investigation Friday for several bomb threats to Jewish Community Centers, Jewish schools and other Jewish organizations around the co

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

upcoming Events

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment. SANS San Jose 2017 offers six hands-on, intensive cyber security training courses.

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army, Air Force, Navy, and Marine platform cybersecurity initiatives? What can we learn from connected car and autonomous initiatives in the automotive industry? Who and what is driving acquisition reform to ensure agility and speed? What are the supply chain impacts? What are the “seams” that create vulnerabilities? Who and what is driving cybersecurity platform requirements? What is being done to assess execution readiness? What are platform stakeholders doing technically to address vulnerabilities?

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.