May we ask for your vote? As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award. If you're a fan of the CyberWire, we'd appreciate your support. You can cast your vote here through March 22 (and you don't need to be in Maryland, or even in the US, to do so). Thanks as always for reading and listening.
More Signal. Less Noise.
Vault 7 updates, and the search for leakers. Apache Struts attack traffic down. Malware loaded into Android phones somewhere in the supply chain. GCHQ warns UK of coming Russian influence operations.
Announcements
Maryland Cyber People's Choice Award
Summary
The Vault 7 leaks look more as if their ultimate source was an insider. Former CIA Deputy Director Mike Morrell expressed no doubt over the matter in appearances on weekend talk shows—the material could only have come, he said, from strictly controlled and segregated internal networks. The effectiveness of such control and segregation seems not to have been called into question. Observers note a disturbing progression (Snowden, "ShadowBrokers," Martin, and now person(s) unknown) that some say casts doubt on the US Intelligence Community's security capabilities.
It seems there's been no large-scale leak of the hacking tools mentioned in Vault 7, so far. Two immediate sequelae of the incident include Chinese rumination to the effect that US equipment may be compromised, and some self-satisfaction from a couple of companies whose security products were noted as troublesome in the leaks.
Exploitation attempts against vulnerable Apache Struts deployments continue, but Rapid7 reports that malicious traffic is down. Patching Apache Struts remains a good idea.
MalwareHunter reports finding a new and unusually persuasive paycard information stealer. The malicious app, "Betaling," passes itself off as the Chrome browser.
Check Point warns that it's detected pre-loaded malware in thirty-eight Android phone models two unnamed companies issued to employees. The manufacturers (Samsung, ZTE, Oppo, Asus, Lenovo, and Xiaomi) were not, Check Point says, responsible. Rather, the bad code appears to have been introduced "somewhere along the supply chain."
The Japan Times laments ransomware's local successes.
GCHQ warns British political parties of coming Russian attempts to influence elections.
Notes.
Today's issue includes events affecting Australia, Canada, China, Iran, Japan, Russia, United Kingdom, United States and Vietnam
On the Podcast
in today's podcast we hear from our partners at Virginia Tech's Hume Center, as director Charles Clancy discusses end-to-end encryption. And we speak with a guest from Novetta, blockchain expert Corey Petty, who tells us what to expect at their next Jailbreak session.
Special editions are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's applied to security. And take a look at Cylance's video (taken in partnership with the CyberWire): opinions from the conference floor.
Sponsored Events
What we do matters. Join Booz Allen. (Tysons Corner, Virginia, USA, March 15, 2017) Calling all innovators, designers, and coders to solve tough problems. Come interview with Booz Allen and learn about their cutting edge cyber job opportunities.
Case Study: 6 Lessons Learned Hunting Advanced Cyber Criminals (Webinar, March 16, 2017) What is it like to find out you’re on the trail of an advanced cyber criminal? What are the tools and skills you need to track them? What is the mindset you need to approach the hunt? And what indicators and intelligence can you use to see who the attacker is? In this webinar, our experts will discuss all of these questions and more, based on an actual case study.
Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!
ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.
Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
WikiLeaks says it will work with software vendors to fix CIA zero-day exploits... but when? (Graham Cluley) After the media hystericane, Julian Assange says he will help bugs get fixed.
WikiLeaks’ CIA document release will probably be traced back to private contractors (Vice News) It was probably a contractor. That’s what intelligence experts are saying about the source of the massive WikiLeaks dump of CIA documents this week. Though authorities don’t appear close to naming a suspect in the so-called Vault 7 leak, intelligence community sources VICE News spoke to agree that the leak…
Former CIA Deputy Director Mike Morell: CIA leak 'absolutely' an 'inside job' (Washington Examiner) Former CIA Deputy Director Mike Morell said on Saturday that the WikiLeaks' dump of documents it claims are from the top-secret CIA hacking program is absolutely an inside job.
What the WikiLeaks CIA Dump Says About the Weakness of Washington's Data Security (Fortune) The new WikiLeaks revelation of CIA hacking capabilities showed that Washington is still struggling to secure its data.
Cyber Expert: Haven't Seen CIA Hacking Tools on Black Market Yet (NBC News) Julian Assange says the CIA's hacking tools may now be available on the black market, but an expert said he hadn't seen them there yet.
Researcher Posts Hacking Tool Pulled From WikiLeaks CIA Release (NBC News) A cyber researcher has posted a malware component that was extracted from one of the documents released by WikiLeaks Tuesday.
Vault 7: Die Cyber-Waffen der CIA (APA OTS) Die Veröffentlichungen von vertraulichen CIA-Dokumenten auf der Enthüllungsplattform Wikileaks beleuchten deren Aktivitäten im Bereich Hacking von Hard- und Software in den Jahren 2013 bis 2016.
Wikileaks says CIA does CYA, reinvents the ‘Boss’ key from 1992 (Naked Security) Want to be a CIA field agent? It’s important to keep up appearances, just as you would at a fine dining restaurant.
Kaspersky Lab Comment On WikiLeaks Disclosure (Information Security Buzz) On Tuesday, 7th March, WikiLeaks published thousands of documents. The documents are alleged to show tactics and tools employed to, among other things, break into computer devices from leading manufacturers, to circumvent installed security solutions and even lay a trail of false flags. Kaspersky Lab believes, along with many of its colleagues across the security industry, …
Encrypted messaging through Signal and WhatsApp hasn't been compromised, despite what you've heard (Mic) At least that's not what we learned from WikiLeaks' CIA dump.
WikiLeaks Dump Adds to China’s Foreign-Tech Wariness (Netralnews.com -) The latest WikiLeaks trove hands fresh ammunition to China’s cyberspace hawks, already pushing to reduce dependence on foreign products that could be vulnerable to espionage, observers say.
We’re worrying too much about zero days (The Next Web) The bulk of media coverage after leaks like the recent ‘Vault 7’ release by WikiLeaks focussed on zero days, but known vulnerabilities are a bigger problem.
Apache Attack Traffic Dropping, Limited to Few Sources (Threatpost) While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.
"Super Malware" Steals Encryption Keys from Intel SGX Enclaves (BleepingComputer) In a research paper published at the end of February, a team of five scientists from the Graz University of Technology has described a novel method of leaking data from SGX enclaves, a secure environment created by Intel CPUs for storing sensitive information for each process, such as encryption keys, passwords, and other.
Security Flaws in MAC Address Randomization Technique makes iOS, Android Devices Vulnerable to Tracking (HackRead) Tracking mobile phones has become relatively easier since the advent of smartphones and wireless connectivity as these devices become traceable when they m
Malware found preinstalled on 38 Android phones used by 2 companies (Ars Technica) Malicious apps were surreptitiously added somewhere along the supply chain.
Android devices delivered to employees with pre-installed malware (Help Net Security) A test of Android devices used in two unnamed companies revealed that 38 of them were infected with malware before being delivered to the employees.
Pre-installed malware stealing data from mobiles: Check Point (InfotechLead) Israel-based cyber security firm Check Point has detected a malware that is not downloaded due to users’ use but is already present in Android device. According to a company blog post last week, the pre-installed malware was detected in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. “The malicious …
Credit Card Stealer Disguises as Google Chrome Browser (BleepingComputer) A new malicious application tries to disguise itself as the Google Chrome browser to fool victims into entering their payment card details. The app is still active at the time of writing and sends collected user details to an AOL email address.
Sticky Attacks: When the operating system turns against you (Panda Security Mediacenter) Pandalabs detects and neutralizes an attack that does not use any malware as such. The "Sticky Keys" become a corporate nightmare.
Over a Third of Websites Use Outdated and Vulnerable JavaScript Libraries (BleepingComputer) More than a third of the websites you visit online may include an outdated JavaScript library that's vulnerable to one or more security flaws.
ISP Blocks TeamViewer Because of Tech Support Scammers (BleepingComputer) TalkTalk, a UK-based Internet service provider, has temporarily banned TeamViewer and other similar remote control software programs, citing security issues related to increased scam operations.
TeamViewer stopped working? Let me guess, your ISP is TalkTalk... (HOTforSecurity) If you have ever had to provide remote technical support to a less-nerdy friend or member of your family, you'll know just how hard it can be. Over the phone you're trying to get them to say what they can see on their PC screen, and attempting to describe the button... #remoteaccess #scam #talktalk
How online gamers use malware to cheat (Naked Security) As the sophistication of attacks to allow cheating have grown, so too have the defenses of the games industry
Computer ransomware that locks out users flourishes in pay-to-make-it-go-away Japan (The Japan Times) Companies and individuals in Japan are finding their computers are increasingly targeted by ransomware — programs that bar victims from accessing imp
Inadequate software beckons hackers (VietnamNet Bridge) A lack of adequate software is the reason many agencies and airports have become vulnerable to hackers, according to Viet Nam Computer Emergency Response Team (VNCERT).
A tale of two cyber bank heists that reveals their vulnerability (Financial Times) What attacks on Lloyds and Tesco Bank tell us about how online crime is evolving
How Tax Fraud Is Evolving In 2017 (PYMNTS.com) If there’s one thing that can be counted on to happen every year around tax season — besides the ongoing tax preparation service commercials — it’s fraud.
Law firms warned by regulator of new cyber-crime threat (Global Legal Post) Law firms have been put on high alert as the Solicitors Regulation Authority (SRA) warns of new threats impacting hundreds of firms.
#OpBlueWhale: "Anonymous" Urges Teens to Quit Playing Suicide Game (HackRead) A group of hacktivists connected to the online hacktivist group Anonymous is urging teens to quit taking part in a sinister game called Blue Whale.
Security Patches, Mitigations, and Software Updates
Google Chrome 57 Browser Update Patches ‘High’ Severity Flaws (Threatpost) Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.
Dahua, Hikvision IoT Devices Under Siege (KrebsOnSecurity) Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products.
ZTE Releases Security Patches and Bug Fixes to its 6 Phones (GoAndroid) ZTE today rolls out an update with latest Android Security Patch and bug Fixes to its 6 Phones. The phones are ZTE Blade V7, Blade V7 Lite, Blade A610 Plus
Cyber Trends
Most security pros expect increasing attacks on Industrial Internet of Things (Help Net Security) A new survey looked at the rise of Industrial Internet of Things deployment in organizations, and to what extent it is expected to cause security problems.
'Insecurity of IoT Devices' at Billington Int'l Cybersecurity Summit (Video) (American Security Today) Security experts point to the proliferation of smart, connected devices known as the Internet of Things and the growing cybersecurity threats they present. For example, last year’s Dyn attacks, initiated by about 100,000 endpoints using IOT devices, was viewed as the largest DDoS attack to date and interrupted service to a number of large websites. (The …
IoT DDoS Reaches Critical Mass (Infosecurity Magazine) There are roughly 3,700 DDoS attacks per day.
What Are The Consequences Of Cybersecurity Attacks for Marketing Leaders? (Forbes) As part of a series exploring cybersecurity and its impact on consumers, marketers, and marketing (see here for Part 1 and Part 2), I talked with Holly Rollo, the CMO of RSA, a Dell Technologies business
Financial Institutions Less AppSec-Savvy Than You'd Think (Dark Reading) New study shows banks all have policies in place, but lack metrics and good third-party software controls.
Malwarebytes says in 2016 threat reality caught up with hype (iTWire) Malwarebytes' latest global state of malware report states, “2016 – the year threat reality caught up with the threat hype". To better und...
Exploring The Gap Between Cybersecurity Perception And Reality (Forbes) Most company executives and security professionals have a reasonable understanding of cybersecurity.
Quantum Cryptography: A Boon for Security (National Review) Quantum cryptography will revolutionize computing, making data immune from hackers.
Marketplace
Total security appliance market shows positive growth (Help Net Security) The total security appliance market showed positive growth in both vendor revenue and unit shipments for the fourth quarter of 2016, according to IDC.
Is cyber insurance really worth it? (CRN Australia) Legal and financial dangers lurk in the fine print.
Ignition warns resellers of shift away from appliance-based security (ChannelWeb) Ignition CSO Sean Remnant tells partners to focus on software-based tech as the distributor showcases its vendors at The Shard in London.
The need for cyber security during an M&A (IT Pro Portal) Due diligence is an absolute must when it comes to cyber security checks during mergers and acquisitions.
Comcast acquires Icontrol Networks' IoT home security platform and expertise (Internet of Business) Comcast Cable Communications has acquired smart home platform provider Icontrol Networks' Converge IoT business.
KeyW buys national security firm Sotera from Ares Mgmt (Mergers & Acquisitions) The deal comes as the FBI opens an investigation into Wikileaks documents that claim to reveal CIA cyberespionage capabilities.
RiskSense Raises $14 Million for Intelligent Vulnerability Management (eSecurity Planet) The company's machine-learning technology helps enterprises focus their security efforts on high-priority threats.
FireEye Has Not Bottomed Yet (Yahoo! Finance) Lack of growth and profitability will continue hurting FireEye
Palo Alto Networks: Lofty Expectations Baked Into Valuation (Seeking Alpha) From mid 2014 to mid 2015, the cyber security industry was the “hot buy.”. However, the fundamentals of the business make it hard to imagine a scenario where th
Why Palo Alto Networks Left Investors Unimpressed -- The Motley Fool (The Motley Fool) The cybersecurity specialist produced record revenue last quarter, but investors want more.
Cisco: An Unusual Puzzle (Seeking Alpha) Cisco recently reported the results of its fiscal Q2. Results were mixed - the company lost ground as expected in switching and routing, but enjoyed a strong qu
IBM's position on Security Analytics and Operations (SOAPA) (Network World) Marc van Zadelhoff, general manager of IBM’s security division, talks SOAPA market demand and evolution
Air Force awards information security contract (C4ISRNET) The Air Force has awarded a $50 million information contract to five companies.
Virtru Named to CNBC's Global List of Top 25 Startups (Businesswire) Virtru today announced it has been named to CNBC’s inaugural Upstart 25, CNBC’s list of promising young startups.
Target Security Chief Joins Booz Allen Hamilton (Wall Street Journal) Brad Maiorino, former information security chief at Target Corp., has joined Booz Allen Hamilton as an executive vice president responsible for growing the defense contractor’s U.S. commercial business.
Products, Services, and Solutions
IT Service Providers Scramble to Protect Customers After CIA Cyberweapons Leak (Talkin' CLoud) Needless to say, it was a busy week at managed security services provider (MSSP) Digital Guardian.
Thales leverages principles of evolution for cyber defence (IHS Jane's 360) Thales is working to defend security systems against cyber threats through the use of 'genetic behavioural algorithms', with the concept already deployed and being tested on a number of customers' networks.
More than 600 Visitors Across a Dozen Industries Have Trained for Cyber Attacks at IBM Security's Cyber Range (PRNewswire) IBM Security (NYSE: IBM) today announced that more than 600...
American National Bank Selects Skyport Systems to Secure Their Critical Infrastructure (Businesswire) Skyport Systems, a leading secure hyper-converged infrastructure provider for the hybrid enterprise, today announced that it has been selected by Amer
EIT Digital to provide key to secure IoT systems (SAT PR News) The complex and dynamic nature of Internet-of-Things (IoT) systems requires cryptographic key management services to ensure IoT units operate at high speed and are reliable and scalable.
ZeroFOX Safeguards Modern Businesses against Latest Social and Digital Risks with a New Comprehensive Brand Protection Offering (Yahoo! Finance) ZeroFOX, the innovator of social media and digital security, today unveiled its latest security offering, ZeroFOX Brand Protection, enabling businesses to protect their online brand identity, reputation and security across all digital channels for only $200 per month.
This VR Tool Lets a Company Police Its Networks Like Neo (Bloomberg) Virtual-reality software from ProtectWise sees the massive blur of data for what it is: a matrix.
Amnesty International and ProtonMail join forces to fight cyber censorship (Amnesty International) The internet is a powerful tool for free speech and activism, but in the wrong hands it can also be a tool for repression.
CyberArk announces support for Amazon Inspector for enhanced cloud security (ITWeb) CyberArk's integration with Amazon Inspector simplifies discovery and prioritisation of privileged account risk; enhanced AWS access key protection further reduces exposure to advanced threats.
How secure is WhatsApp? (CSO) WhatsApp has introduced end-to-end encryption, and now changes to its terms and conditions in order to share your data with its parent company Facebook. But how secure is WhatsApp? We break down what is WhatsApp encryption, and what it means for you - and whether WhatsApp is being totally honest.
Outcomex installs Cisco security suite Umbrella to secure the College of Law network (CRN Australia) Outcomex installs advanced malware protection.
Technologies, Techniques, and Standards
Industry calls for more cyber threat context from DHS (FCW) The Department of Homeland Security is not providing enough context around the cyber threat indicators it shares with the private sector for firms to use the data effectively, say industry leaders.
Industry Bodies Align to Standardize On-Device NFC Service Management (Global Platform) Collaboration ensures predictable behavior of an NFC service regardless of where it is hosted and other services being delivered.
Training an Army of Cyber Defenders: The Case for Simulation (Infosecurity Magazine) Cultivating security experience through a framework of simulation training
Invest now to protect your industrial control systems from cyber attacks (Engineer Live) Phil Neray explains why the threat of cyber attacks on industrial control systems can no longer be dismissed by the 'it’s never happened before' argument.
Secure operations automation: Close the gap between security and operations teams (Help Net Security) The goal of secure operations automation is to improve processes and technology to unite IT security and IT operations teams with a focus on collaboration.
Why your company is one click away from a cyber attack (Baltimore Business Journal) One wrong click could be the start of a major cyber breach. Here’s how to protect your company’s data.
Disaster recovery: How is your business set up to survive an outage? (CSO Online) Can your business get by with an asynchronous backup or must that offsite server be updated by the second to keep the business up and running at all times.
WatchGuard reveals why defence is never enough in the fight against ransomware (Security Brief) Ransomware. It is a deadly form of computer malware that can cripple your systems, drain your bank accounts and wipe all your critical business data.
Remove the Simolesr.com Home Page Hijack (Removal Guide) (BleepingComputer) The Simolesr.com Homepage Hijack is a potentially unwanted program that configures your browsers to automatically open the simolesr.com web page when you launch them.
Remove the Hijacker Searpages.com Redirect (Removal Guide) (BleepingComputer) The Searpages.com Homepage Hijack is a potentially unwanted program that configures your browsers to automatically open the searpages.com web page when you launch them.
Cylance Talks Third-Party Testing - Dark Reading (Dark Reading) At the RSA Conference, Chad Skipper, vice president of industry relations and product testing for Cylance, discusses the customs and controversies of third-party testing and verification of security products.
Design and Innovation
Bittercoin: true blockchain believers vs. the trough of disillusionment (TechCrunch) The last 12 months have seemed an annus horribilis in the cryptocurrency world. The Bitcoin community is still fighting its years-old esoteric-to-an-outsider..
Here’s what’s next for bitcoin after the SEC killed the Winklevoss Bitcoin Trust (MarketWatch) The Securities and Exchange Commission rejects a proposed rule change that would’ve allowed for the creation of the first bitcoin exchange-traded fund—a decision that has followers of the world’s largest cryptocurrency wondering what happens next.
Bitcoin’s Very Important Day Has Turned Into a Shitshow (Motherboard) An investment fund was denied, and price is plummeting.
Research and Development
New Machine Learning Framework Uncovers Twitter's Vast Bot Population (Motherboard) Up to 15 percent of Twitter accounts are likely bots.
Academia
Baltimore's historically black colleges have a new cybersecurity training program - Technical.ly Baltimore (Technical.ly Baltimore) Digit All City, Northrop Grumman and the U.S. Department of Defense are behind the program at Morgan State and Coppin State.
Bipartisan bill would increase cybersecurity scholarships (TheHill) Sens. Mike Rounds (R-S.D.) and Tim Kaine (D-Va.) introduced a bill to revive and expand a Department of Defense scholarship fund for cybersecurity.
Cyber Innovation Center wants to weave cybersecurity into K-12 STEM instruction (EdScoop) Cyber Innovation Center outreach director Kevin Nolten hopes schools will infuse instructional resources into classes as part of a long-term, Department of Homeland Security-supported effort to build a cybersecurity workforce.
Legislation, Policy and Regulation
GCHQ: Russian cyber‑threat to British elections (Times of London) Spies at GCHQ have called an emergency summit with Britain’s political parties after warning them that they are at risk of Russian cyber-attacks disrupting the next general election. Security...
GCHQ Warns Over Russia Threat to UK Elections (Infosecurity Magazine) Russian hacking of US election could happen here, spy agency boss warns UK politicians
Pentagon: Russia, China Able to Launch Catastrophic Cyber Attacks on U.S. Infrastructure for Next 10 Years (Washington Free Beacon) Critical American infrastructure like the electric grid will remain vulnerable to catastrophic cyber attacks from Russia and China for at least 10 years, according to a Pentagon study. A report by
Proposed Bill Would Legally Allow Cyber Crime Victims to Hack Back (The Hacker News) Proposed 'Active Defense' Bill Would Legally Allows Victims to Hack Back Hackers and Cyber Criminals
[DISCUSSION DRAFT] FEBRUARY 23, 2017 115TH CONGRESS 1ST SESSION H. R. ll (US House of Representatives) To amend title 18, United States Code, to provide a defense to prosecution for fraud and related activity in connection with computers for persons defending against unauthorized intrusions into their computers, and for other purposes.
FTC Guidance for Handling Phishing Scams that Falsely Invoke Your Business's Name (The National Law Review) It seems to be a daily occurrence that we receive an e-mail from a company we generally recognize, requesting that we respond with personal information, including passwords, account numbers, etc. Hope
Palantir's Man In The Pentagon (BuzzFeed) A former Palantir “evangelist” has taken a top job at the Defense Department, after spending years lobbying the Pentagon on behalf of the Silicon Valley company.
Litigation, Investigation, and Enforcement
Russian Espionage Piggybacks on a Cybercriminal’s Hacking (New York Times) It appears that the Russian authorities, leaning on the work of a hacker, grafted an intelligence operation onto a far-reaching cybercriminal scheme.
White House report finds cybersecurity gaps at federal agencies (Stars and Stripes) As the government increasingly relies on technology to create, collect, maintain and dispose of personal information, “federal agencies must continue taking steps to analyze and address privacy risks,” the report said.
Lawyers ask Canada to grant asylum to families who sheltered Edward Snowden (CTVNews) Lawyers for three families who sheltered Edward Snowden in Hong Kong say they have formally asked the Canadian government to grant them asylum.
Australian government has no issue with agencies demanding telco data outside metadata laws (ZDNet) The Attorney-General's Department does not consider agencies using their own statutes to demand data from telcos as a loophole.
Can your smart home be used against you in court? (TechCrunch) First responders found a body floating in a hot tub. The home’s resident, James Andrew Bates, told authorities he’d found the body of Victor Collins dead..
IoT & Liability: How Organizations Can Hold Themselves Accountable (Dark Reading) To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
Three Important Lessons to Be Learned from the $1.2 Billion ZTE Settlements (JD Supra) On March 7, we learned that Zhongxing Telecommunications Equipment Corporation (ZTE) concluded 3 settlement agreements that could result in penalties...
Time for Journalists to Encrypt Everything (WIRED) Opinion: Journalists must embrace encryption to protect themselves and their sources.
Industry Events
newly Noted Events
Connect Security World (Marseille, France, September 25 2017 - September 27 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a new generation of connected devices and services is required, with better security and privacy by design. In its 6th edition, Connect Security World invites both digital security experts and IoT developers to discuss and define a true end-to-end security, from sensors to Cloud, from design and development to deployment.
upcoming Events
IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its own as a leading forum for practical data protection education.
4th Annual Cybersecurity Summit (Arlington, Virginia, USA, March 14, 2017) Federal agencies are facing ever more sophisticated adversaries and threats that place our privacy, our economy, and our Nation at risk. These cyber threats are diverse and include the prevalence of malicious actors who operate globally at will; the growth of risks from the Internet of Things, and increasingly complex networks, all elevating the security and resilience of cyberspace to a critical homeland security imperative. Exacerbating these challenges is a shortfall in cybersecurity and IT talent that effects not on the Federal government, but the private sector as well. This in-depth, half-day session will gather an all-star line-up of chief information officers, chief information security officers, and other thought leaders from government and industry who will explore growing threats as well as innovative approaches to attract and retain the best cyber talent.
Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry, as well as leading Government and global cyber security leaders and academics working in the field.
CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information security communities from both the public and private sector. The NCSC’s partnership with information security businesses of all sizes is essential in strengthening the UK’s cyber resilience. CyberUK 2017 will play a key role in defining the role industry must play in achieving this step change, and is expected to attract 1,600 information assurance (IA) and cyber security leaders and professionals.
Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.
SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Middle East and Africa Forum (MEAF).
Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.
Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.
Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!
SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.