The CyberWire Daily Briefing 3.9.17

Summary

By The CyberWire Staff

Jumping to the conclusion that Vault 7 proves Cozy Bear and Fancy Bear were CIA provocations? Well, jump wither thou listeth, but do so after considering the Intercept's sensible observation: you're probably seeing economical code reuse as opposed to false flags. It's unsurprising, most observers say, that the CIA (or any intelligence service, for that matter) would repurpose code pulled from the wild if that code met mission needs. The Bear sisters remain, in all probability, the медведи they've long been taken for.

Emerging security industry consensus holds the interesting question about the Vault 7 dumps to be just how the material leaked.

The leaks do include some commentary on the relative difficulty of bypassing various security products. Some fare better than others, if the leaks are to be believed. KrebsOnSecurity thinks one lesson industry should draw from Vault 7 is that money spent on marketing might be better applied toward "stress-testing" products.

RAND has an interesting study out on the zero-day market. Much of the commentary on the report takes it as a given that purchasing and "stockpiling" zero-days is a bad practice. That may be true, but the issue's not entirely clear. See this discussion of the Vulnerabilities Equities Process at CyCon last October for intelligent advocacy from the debate's two sides.

Cisco's Talos unit reports that an Apache Struts zero-day is being actively exploited. Users are urged to patch.

Eastern European NATO members urge the US to apply "soft power" against Russian assertiveness (that is, more information operations).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, European Union, France, Georgia, Latvia, Lithuania, NATO/OTAN, New Zealand, Poland, Russia, Singapore, Taiwan, Ukraine, United Kingdom, and United States.

A note to our readers: The CyberWire is a finalist for a Maryland Cybersecurity People's Choice Award, so we're taking the liberty of asking you to consider voting for us. If you enjoy the CyberWire Daily News Briefing and and the CyberWire Podcast, we'd appreciate your support. You can cast your vote here through March 22 (and you don't need to be in Maryland, or even in the US, to do so). Thanks as always for reading and listening.

On the Podcast

In today's podcast, our partners at the University of Maryland are represented by Jonathan Katz, who talks to us about Google’s Project Wycheproof. We also speak to Tom Corn of VMWare, who takes us through the benefits of virtualization.

And some special editions worth your attention are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's being applied to security. You may also enjoy some video Cylance took on the RSA floor in partnership with the CyberWire: opinions from the conference.

Sponsored Events

What we do matters. Join Booz Allen. (Tysons Corner, Virginia, USA, Mar 15, 2017) Calling all innovators, designers, and coders to solve tough problems. Come interview with Booz Allen and learn about their cutting edge cyber job opportunities.

Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, Mar 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!

ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, Mar 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Leaked docs suggest NSA and CIA behind Equation cyberespionage group (PCWorld) Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

Vault 7: WikiLeaks Docs Hint CIA Could Bypass 21 Security Products (BleepingComputer) One of the hidden gems included in the Vault 7 data, dumped yesterday by WikiLeaks, is a document detailing bypass techniques for 21 security software products.

What CIA cyberspies think of 6 top antivirus programs (Fifth Domain | Cyber) Documents in the Year Zero WikiLeaks dump include CIA hackers’ comments on top cybersecurity tools.

Vault 7: CIA Borrowed Code from Public Malware (BleepingComputer) Documents included in yesterday's WikiLeaks Vault 7 dump reveal the CIA used code from public malware samples to advance its technical capabilities.

WikiLeaks Files Show the CIA Repurposing Hacking Code To Save Time, Not To Frame Russia (The Intercept) WikiLeaks said CIA hackers impersonated foreign hackers. In fact, the files simply showed re-use of code — in ways that implicated no one else.

WikiLeaks Dumps Thousands of Alleged CIA Files (Fortune) The leaks describe hacking tools that target iPhone and Android.

WikiLeaks Publishes Files It Says Are Biggest Leak of Secret CIA Documents (SIGNAL Magazine) WikiLeaks is posting thousands of files Tuesday the organization says detail the CIA’s efforts to surveil overseas targets by tapping otherwise ordinary devices that are connected to the Internet. The anti-secrecy group launched a “new series of leaks,” this time taking aim at the CIA’s Center for Cyber Intelligence, which falls under the agency’s Digital Innovation Directorate.

Wikileaks' CIA dump looks like a dud for now (Chicago Tribune) Wikileaks' latest data dump, the "Vault 7," purporting to reveal the Central Intelligence Agency's hacking tools, appears to be something of a dud.

Wikileaks' CIA hacking revelations: Cyber security experts respond with a collective 'meh' (High-Tech Bridge) For many people, the revelation that the US Central Intelligence Agency has been systematically hacking into civilians' personal devices is profoundly disturbing.

The Wikileaks CIA stash may turn out to be interesting—but probably not for the hacks (MIT Technology Review) The software tools revealed by the leak are sinister, unsurprising—and potentially politically explosive.

What WikiLeaks’ massive CIA leak tells us about cybersecurity (Naked Security) The document dump released yesterday by WikiLeaks is huge, but a few themes are emerging as researchers get to grips with its contents

Ex-CIA chief: No, the government is not spying on you through your microwave (Stars and Stripes) Gen. Michael Hayden, the former director of the CIA and National Security Agency, was on "The Late Show With Stephen Colbert" and spent most of his time addressing half-joking questions about the two biggest intelligence-related stories currently in the news.

WikiLeaks looks at helping tech vendors disarm CIA hacking tools (CSO Online) WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products

Tech firms scramble for fixes after CIA hacking dump (iTnews) Security vendors call for better access to mobile devices.

Why the CIA's iOS, Android and Windows hack stockpile puts zero-day hoards in the spotlight (ZDNet) Why are spy agencies and police building up piles of security flaws? Blame the rise of encryption.

Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits (RAND) Zero-day vulnerabilities — software vulnerabilities for which no patch or fix has been publicly released — and their exploits are useful in cyber operations — whether by criminals, militaries, or governments — as well as in defensive and academic settings.

Study examines 200 real-world 'zero-day' software vulnerabilities (Phys.org) Zero-day software vulnerabilities - security holes that developers haven't fixed or aren't aware of - can lurk undetected for years, leaving software users particularly susceptible to hackers. A new study from the RAND Corporation, based on rare access to a dataset of more than 200 such vulnerabilities, provides insights about what entities should do when they discover them.

Mexico’s Troll Bots Are Threatening the Lives of Activists - Motherboard (Motherboard) How an army of Twitter trolls is invading Mexico’s democratic process.

Some notes on the RAND 0day report (Errata Security) The RAND Corporation has a research report on the 0day market [ * ]. It's pretty good. They've got the pricing about right ($1 million for...

Critical vulnerability under “massive” attack imperils high-impact sites (Ars Technica) Exploits for easy-to-spot bug are trivial, reliable, and publicly available.

Hackers exploit Apache Struts vulnerability to compromise corporate web servers (CSO Online) Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution (TrendLads Security Intelligence Blog) Apache Struts is a free and open-source framework used to build Java web applications.

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild (CSO Online) Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a number of active attacks.

Mexico’s Troll Bots Are Threatening the Lives of Activists - Motherboard (Motherboard) How an army of Twitter trolls is invading Mexico’s democratic process.

Threat Spotlight: Dissecting the MAN1 Group’s Macro (Cylance Spotlight) The MAN1 Group, named after the crypter utilized in their attacks, employs an intricate Visual Basic for Applications macro. Our Threat Guidance Team analyzed the macro and reported their findings.

From Shamoon to StoneDrill – Advanced New Destructive Malware Discovered in the Wild (Ilonggo Tech Blog) In the wake of the Shamoon malware attacks, a new wiper targets Middle East and shows interest in European targets Kaspersky Lab’s Glob...

Western Digital My Cloud NAS devices wide open to attackers (Help Net Security) Researchers have revealed a number of critical, easily exploitable flaws in the Western Digital MyCloud NAS devices' firmware.

Researchers critique security in messaging app Confide (TechCrunch) White House staffers have been drawn to Confide by its security features, which include messages that require a reader to run their finger over the text as..

Why is Windows malware cropping up in Android apps? (Naked Security) Infected apps are probably themselves victims of malware, say Sophos Labs researchers

185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked (Help Net Security) A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked.

Why Printers Still Pose a Security Threat (Dark Reading) Newly discovered security flaws in popular printers remind us how networked devices continue to put users at risk.

Botnets: The Dangerous Downside of the Internet of Things (Principia Scientific International) The Internet of Things (IoT) is the name given to describe the relatively new technology that connects everyday objects and devices to the web to provide additional data or functionality. But in th…

9 Phishing Lures that Could Hijack your 2017 Tax Refund (Dark Reading) Scammers are taking an aggressive, social-engineering approach to tax season this year.

Dark Web Suffers After Anonymous Hacked Firm Hosting Child Porn Sites (HackRead) We previously informed you about the hacking of over 10,000 websites on the Dark Web by the notorious hacker group Anonymous. The group took down the server...

Alleged spammer leaks 1.37bn email addresses after backup catastrophe (Naked Security) The database could now be in anyone’s hands – and its exposure reminds us that a breach isn’t always the result of hacking

Dorchester hospital workers at risk of identity fraud following national cyber attack (Dorset Echo) Dorchester hospital workers have been caught up in a high-level cyber-security attack that has put hundreds at risk across the country.

11 months later, insurance still reviewing BWL cyber attack (Lansing State Journal) Nearly 11 months after BWL was cyber attacked, officials are still waiting to find out how much this breach will cost city-owned utility.

EDF customers heading for surprise winter bills after smart meters failed to send data for four months (Computing) EDF customers to be made to pay for smart meters found to be not so smart.

Cyber-attack on Pa. Senate Dems is a reminder no one is safe from hackers: Editorial (PennLive) Think it can't happen here? Think again.

Security Patches, Mitigations, and Software Updates

Critical Apache Struts 2 Vulnerability (Patch Now!) (SANS Internet Storm Center) On Monday, Apache released a patch for the Struts 2 framework [1]. The patch fixes an easy to exploit vulnerability in the multipart parser that is typically used for file uploads.

Confide Updates App After Critical Security Issues Are Raised (Threatpost) The makers of the popular messaging app Confide said Wednesday it has patched multiple security vulnerabilities that could have allowed hackers to intercept messages sent using its secure end-to-en…

Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation (Threatpost) The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI.

Google's 'SHA-1 Countdown Clock' Could Undermine Enterprise Security (Dark Reading) In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why

A Real-Life Look into Responsible Disclosure for Security Vulnerabilities (Dark Reading) A researcher gives us a glimpse into what happened when he found a problem with an IoT device.

Cyber Trends

The security threat of quantum computing is real, and it's coming fast (Help Net Security) The moment quantum computers succeed in cracking today’s most prevalent encryption techniques security breaches won’t be isolated incidents.

Trust, Cloud & the Quest for a Glass Wall around Security (Dark Reading) In the next year, we're going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.

What's the security posture of the Fortune 1000? (Help Net Security) Understanding the security maturity of Fortune 1000 companies provides greater context for any organization looking to benchmark their own performance.

One-Third of Ransomware Victims Pay Associated Ransoms, Finds 2017 Cyberthreat Defense Report (Businesswire) CyberEdge Group, a premier research and marketing firm serving the security industry’s top vendors, today announced immediate availability of it

Venafi Research: Twenty-One Percent of Websites Are Still Using Insecure SHA-1 Certificates and Putting Users at Risk (Venafi) Despite January deadline for SHA-2 migration, more than 1 in 5 certificates for unique IP addresses are still using SHA-1 as the signature hash algorithm.

92 Percent of Most Popular Federal Government Websites Fail to Meet Basic Standards for Security, Speed, Mobile Friendliness, or Accessibility, New ITIF Study Finds (ITIF) Every day, the public relies on federal websites to access information and services from the U.S. government, yet 92 percent of its most popular sites fail to meet basic standards for security, speed, mobile friendliness, or accessibility...

The Insecurity of IoT Devices Presents New and Unique Cybersecurity Challenges (PRNewswire) Security experts point to the growing cybersecurity threats from the proliferation of smart, connected devices known as the Internet of Things. For example, ...

Broader cloud adoption calls for new approach to security: Fortinet (DATAQUEST) Fortinet, the global provider in high-performance cyber security solutions, cautions APAC organisations that traditional security solutions are no longer adequate in protecting today’s agile and highly distributed cloud environments and expanding...

Millennials Are Most Risk Prone To Cyber Security Threats (PCQuest) Fearlessness is what makes the millennials unique also makes them vulnerable to cyber security threats

Banks Confident about Cybersecurity, but Gaps Remain (Infosecurity Magazine) Accenture research suggests banking executives have confidence in their cyber-defenses, but skills shortage is a concern

Singapore's financial sector likely to remain cyber-attack target: Fortinet (The Business Times) Singapore's financial services sector is likely to remain a top target for cybercriminals in 2017 due to the sensitive nature and value of financial data that the industry holds, according to cybersecurity firm Fortinet. Read more at The Business Times.

Taiwan among world's top targets for ransomware attacks: global security firm (China Post) Taiwan is among world's countries most frequently targeted by ransomware attacks, according to Trend Micro Inc. (趨勢科技), a global IT security company.

Marketplace

Fortinet asks: Planning a merger? It’s time for a cybersecurity upgrade (Security Brief Asia) M&A activity can offer CFOs a unique opportunity to ramp up cybersecurity levels with greater investment and integration.

When it comes to cybersecurity, the satellite industry stands out (C4ISRNET) The satellite industry is different from other commercial industries in regard to cyberthreats, according to one satellite executive.

Why FireEye Inc (FEYE) Stock Is a Terribly Good Speculation Pick (InvestorPlace) FEYE stock has earned the unfortunate reputation of the cybersecurity laggard. But early signs point to a possible recovery for FireEye.

KeyW to acquire Sotera Defense Solutions for $235 million (Washington Business Journal) Hanover-based government services firm KeyW Holding Corp. (NASDAQ: KEYW) announced Wednesday that it plans to acquire Herndon-based Sotera Defense Solutions for about $235 million.

Neurodiversity: Recruiting Autistic Cybersecurity Professionals (Infosecurity Magazine) Neurodiversity and Cybersecurity Careers: Recruiting Autistic Cybersecurity Professionals

Rapid7's Tod Beardsley: the day in the life of a research director (Infosecurity Magazine) Rapid7's Tod Beardsley examines the day in the life of a research director

Cybersecurity Industry Leader Brad Maiorino Joins Booz Allen Hamilton to Help Scale U.S. Commercial Business (Yahoo! Finance) Booz Allen Hamilton announced today that cyber industry leader Brad Maiorino joins the firm as an executive vice president in its commercial business effective March 13. Maiorino will be responsible for helping Booz Allen clients deploy cyber security and risk management solutions to combat the dynamic

Products, Services, and Solutions

ManageEngine Unveils Granular Password Policy Enforcer for Active Directory, Cloud Applications (Manage Engine) New complexity rules help organizations improve password security, ward off hackers

Microsoft integrates Black Duck open-source tools with Visual Studio (ZDNet) Is someone sneaking open-source code as their work into your Visual Studio project? Does some of the open-source code you're already using have known bugs in it? This new pairing of Microsoft and Black Duck technology can help with both problems.

Microchip Simplifies the Development of Smart, Connected and Secure Solutions with a Hardware Cryptography-Enabled Microcontroller (GlobeNewswire News Room) The CEC1702 Full-Featured Microcontroller Streamlines Security Implementation for an Increasingly Connected World

WISeKey launches new IoT security solution with nod to Sigfox (IoT Tech News) Swiss cybersecurity and IoT firm WISeKey has introduced a new security solution for the Internet of Things, called VaultIC184.

TopSpin Security at Forefront of Intelligent Deception Technology (CIO Today) Ovum Reports TopSpin Security is at Forefront of Intelligent Deception Technology Detecting Unknown Threats against Enterprises -- Latest Research Reveals Benefits of TopSpin DECOYnet™ Intelligent Deception and Detection Platform for Companies Deploying Proactive Defense Technology.

ICMCP and Cyware Labs Partner for Cyber Situational Awareness Mobile Application (PRWeb) Through this partnership, Cyware Labs will award 1,000 Enterprise Mobile App licenses worth $39,000/year for the next two years to ICMCP members and staff.

Teradata open sources Kylo data lake management software (ZDNet) Teradata's Think Big unit is taking its Kylo data lake management platform open source. The big data win will be a self-service approach to data ingestion.

Check Point vSEC Locks Down Google Cloud (eSecurity Planet) The company's latest offering offers integrated security services for enterprises moving their workloads to Google's cloud.

Technologies, Techniques, and Standards

Emsisoft Releases a Decryptor for the CryptON Ransomware (BleepingComputer) Yesterday, Emsisoft's CTO and malware researcher Fabian Wosar released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable.

SailPoint Survey Confirms Enterprises Have GDPR On Their Mind - Information Security Buzz (Information Security Buzz) 75 percent recognise the important role identity governance plays within GDPR compliance plans LONDON, UK. SailPoint, the leader in identity management, surveyed customers and attendees at this week’s Gartner IAM Summit about their plans for meeting compliance requirements associated with the General Data Protection Regulation (GDPR) which goes into effect in 2018. Of approximately 100 …

Widespread Bug Bounty Program Could Help Harden Open Source Security (Security Intelligence) As part of HackerOne's effort to improve open source security, the vulnerability disclosure firm made its bug bounty program available for free.

In a Cybersecurity Vendor War, the End User Loses (Dark Reading) When vulnerability information is disclosed without a patch available, users are the ones really being punished.

A Reversed Approach to Tackling Insider Threats (Infosecurity Magazine) Network intrusion is relatively straightforward and statistically easy for attackers.

The First Step to Uncovering Cryptography (Infosecurity Magazine) Cryptography remains complex by design, but underlying principles can be fairly accessible

Why cyber hygiene is vital for the security of your organization (Help Net Security) In this podcast recorded at RSA Conference 2017, Rob Brownsword, VP of Product Marketing at Nehemiah Security, talks about how the most useful thing that y

The HTTPS interception dilemma: Pros and cons (Help Net Security) HTTPS interception is controversial in the IT security community. There are two sides in this debate, and much depends on the setting you are in.

Anti-malware is imperfect but still necessary. Here’s why (Sophos Blog) Doctors sometimes make mistakes that harm the patient. Police often fail to protect and serve. When that happens, people rightly demand the failures be analyzed and fixed. But no one ever calls for the elimination of all doctors and police.

Cloud Security: Who is Responsible for What? (CyberArk) Today, the benefits of cloud computing are very well established: it is less costly and provides increased flexibility and agility, including the ability to support on-demand computing at scale. The debate surrounding the security of cloud computing, specifically whether data …

Design and Innovation

FRANCE : Calvar looking to develop home-grown Palantir - Intelligence Online (Intelligence Online) Addressing a parliamentary commission on European borders and the Schengen Agreement, Patrick Calvar, the head of France’s internal intelligence service [...]

Research and Development

IBM claims atomic storage breakthrough using rare-earth element Holmium (Computing) Researchers develop technique to store and retrieve data from a single atom.

Cryptanalysis on a scheme to share information via employing a discrete algorithm to quantum states (SpringerLink) Recently, Yang and Hwang [Int. J. Theor. Phys. 53, 224 (2014)] demonstrated that the scheme to share information via employing discrete algorithm to quantum states presented by Kang and Fang...

Academia

Central Tech’s NSA CyberPatriot Team Is Only Oklahoma Team Going To National Competition (The Cleveland American) Central Tech is proud to announce the NSA CyberPatriot Team earned a spot as a national finalist in the CyberPatriot National Youth Cyber Defense Competition. The competition will be held

Legislation, Policy and Regulation

European diplomats urge support for US soft power against Russia (Defense News) Top Central and Eastern European diplomats came to Capitol Hill on Tuesday to urge lawmakers to support nonmilitary and military means to counter Russian influence in the region.

US Must Counter Putin, Push NATO To Rearm (Breaking Defense) The United States — preoccupied with the wars of the Middle East and a pivot to Asia — has largely left the global playing field to Russian President Putin and must now lead NATO by forging a new consensus on the Russian threat and investing in new weapons.

China’s evolving cyber warfare strategies (Asia Times) PLA is working to combine coordinated use of cyber operations, electronic warfare, space control, and kinetic strikes designed to create “blind spots” in an adversary’s systems

How Trump Undermines Intelligence Gathering (New York Times) President Trump has tried to both politicize and marginalize the intelligence community.

How Homeland Security plans to end the scourge of DDoS attacks (The Christian Science Monitor) The agency is working on a multimillion dollar effort to protect the country's most critical systems from distributed denial of service attacks, which are among the simplest digital assaults to carry out and the toughest to fight.

De-complicating cybersecurity at the federal level [Commentary] (Fifth Domain | Cyber) My solution for this might sound a bit controversial.

Comey Talks Strong Crypto, Silent on WikiLeaks (Threatpost) FBI Director James Comey revived old rhetoric on strong encryption during a keynote at the Boston Conference on Cyber Security. He did not address the leak of CIA hacking tools or Russia during his…

FBI Director Comey at cyber conference: 'You're stuck with me' (Reuters) FBI Director James Comey said he has no plans to step down anytime soon in a speech on Wednesday, days after he reportedly pushed back against President Donald Trump's allegations that the Obama administration had tapped phones at Trump Tower.

Watch live: FBI Director James Comey takes questions at cyber security conference (Raw Story) Rarely seen FBI Director James Comey is expected to take questions following an address at Boston College on cyber security.

Giuliani talks security, Trump at cybersecurity conference (Yahoo! Finance) Former New York City Mayor Rudy Giuliani testifies on Capitol Hill in Washington, D.C., July 10, 2013. Former New York City Mayor Rudy Giuliani brought a marker to a cybersecurity conference Tuesday. The occasional advisor to President Trump had a few things to say to attendees of the V4 Cybersecurity

Opinion: It's time for us geeks to stand up and be heard (The Christian Science Monitor Passcode) Too often computer scientists are left out of public debates about computer science.

Litigation, Investigation, and Enforcement

Senators want warrants, court orders for any Trump wiretapping (TheHill) Graham and Whitehouse sent a letter to top Department of Justice and FBI officials.

FBI Director Tells Companies Not to 'Hack Back' Against Hackers (Motherboard) Last week, a congressman proposed a bill that would allow companies to legally counterattack against hackers. But it's not just the law that companies should take note of, Comey suggests.

US senator probes into CloudPets smart toy hack (CSO Online) A U.S. senator is probing reports of a breach of data from smart toys from Spiral Toys, writing to the company’s CEO a letter with ten questions about the issue, including about the company’s security practices.

Amazon fight to keep Echo recording out of murder trial now moot (Naked Security) Despite the decision by the accused, the arguments for considering Alexa protected by First Amendment rights remain ‘surprisingly plausible’

Did Alexa hear a murder? We may finally find out (Ars Technica) However, novel and vexing legal questions about IoT data privacy won't be answered.

Dad ruled liable and fined for his son’s illegal download (Naked Security) Judge ruled that the man’s warning to his 11-year-old son not to download content illegally was not explicit enough

Vigilante who conspired to hack local football website sentenced to 2 years (Ars Technica) Local prosecutor: Deric Lostutter got story wrong, hurt rape investigation.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, Apr 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.

AutoMobility LA (Los Angeles, California, USA, Nov 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

upcoming Events

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, Mar 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations and cutting edge training opportunities, including hands-on demonstrations and workshops.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, Mar 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will be delivered by Milan Patel of K2 Intelligence, formerly the FBI’s Cyber Division Chief Technology Officer. Speakers include NJCCIC Director Michael Geraghty. NJCU students pursuing their D.Sc. degree will present academic research posters and a panel of experts will discuss careers in cyber security.

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, Mar 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.

Rail Cyber Security Summit (London, England, UK, Mar 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.

CyberUK 2017 (Liverpool, England, USA, Mar 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.

Cybersecurity: The Leadership Imperative (New York, New York, USA, Mar 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.

BSides Canberra (Canberra, Australia, Mar 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, Mar 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

European Smart Grid Cyber Security (London, England, UK, Mar 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, Mar 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, Mar 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.

SANS Pen Test Austin 2017 (Austin, Texas, USA, Mar 27 - Apr 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, Mar 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, Mar 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Middle East and Africa Forum (MEAF).

Insider Threat 2017 Summit (Monterey, California, USA, Mar 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, Mar 30 - Apr 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, Mar 31 - Apr 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, Apr 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, Apr 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS 2017 (Orlando, Florida, USA, Apr 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.

Hack In the Box Security Conference (Amsterdam, the Netherlands, Apr 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Vault 7 indicates code reuse (false flags not so much). RAND reports on the zero-day market. Apache Struts vulnerability exploited in the wild. Eastern European nations ask for more soft power.