As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award, and we'd appreciate your support. You can vote here through March 22 (you don't need to be in Maryland, or even in the US, to do so). Thanks to all who've voted for us so far.
More Signal. Less Noise.
D&B breach exposes third-party corporate contact information. Lazarus Group may be back in the bank robbing business. DDoS of Netherlands voting info sites. US indicts four in Yahoo! breach.
Announcements
Maryland Cyber People's Choice Award: cast your ballot
Summary
Dun & Bradstreet sustained a data breach that exposed contact information for some 33.7 million persons employed by companies and US government agencies. D&B acquired the database when it bought NetProspex in 2015.
Symantec has fingered the Lazarus Group for a wave of bank fraud in thirty-one countries. The Lazarus Group is widely believed to be a criminal operation run by and on behalf of the Kim regime in North Korea. It's been implicated as a suspect in the Bangladesh Bank fraud and Sony hacking cases.
Tensions between Turkey and EU members Germany and the Netherlands appear to have been manifested online, most recently in a distributed denial-of-service attack two Dutch voter information sites suffered yesterday.
The US Justice Department has indicted four men in connection with the Yahoo! breaches. Three are in Russia (Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin, and Alexsey Alexseyevich Belan), the fourth in Canada (Karim Baratov). Baratov and Belan are described as "criminal hackers," but Dokuchaev and Sushchin are said to be FSB officers. Major Dokuchaev is in trouble with both the US and Russia: he appears to be one of the FSB officers currently facing charges for treasonously providing information to "Americans." Dokuchaev worked in the FSB's Center 18, responsible for liaison with the US FBI in matters touching cyber law enforcement. Police in Montréal have Baratov in custody, and he will probably wind up before a US court. The others are being named and shamed.
Kim Dotcom continues to live large, driving New Zealand crazy.
Notes.
Today's issue includes events affecting Brazil, Canada, Chile, China, Kenya, Democratic Peoples Republic of Korea, Mexico, Netherlands, New Zealand, Poland, Russia, Turkey, United States
On the Podcast
In today's podcast, we talk to Markus Rauschecker (from our partners at the University of Maryland Center for Health and Homeland Security) who has some thoughts on the increased role of cyber lawyers in mergers and acquisitions. (That's "cyber lawyers," as in lawyers who have a cybersecurity practice, not virtual or robotic attorneys, although those may be coming eventually as well. At least cyberparalegals?) We also have a guest, Tim Bandos from Digital Guardian, who offers insight into defense against state-sponsored threats and hacktivism.
Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's applied to security. And see also Cylance's video (taken in partnership with the CyberWire): opinions from the conference floor.
Sponsored Events
Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!
ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.
Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
RPT-North Korean hacking group behind recent attacks on banks -Symantec (Reuters) A North Korean hacking groupknown as Lazarus was likely behind a recent cyber campaigntargeting organizations in 31 countries, following high-profileattacks on Bangladesh Bank, Sony and South Korea, cyber securityfirm Symantec Corp said on Wednesday.
Pirate radio carries the fight to Isis (Times of London) “Simor” was murdered to the sound of his own voice phoning in to his favourite radio show. The man from Mosul, known only by his nickname, was a regular caller to Alghad FM, the pirate radio...
Millions of records leaked from huge US corporate database (ZDNet) Exclusive: The database contains more than 33 million records from government departments and large corporate clients which get sold onto marketers.
Wide Swath of Corporate America Exposed in D&B Leak (Infosecurity Magazine) About 33 million records of personal information on employees of government and Fortune 100 companies have been leaked.
Corporate database leak exposes details of DoD, IBM and AT&T staffers (Inquirer) Troy Hunt says 52GB data dump is a 'goldmine for targeted phishing'
Dutch Voting Guide Sites Offline in Apparent Cyber Attack (Reuters via US News and World Report) Two publicly-funded websites used by Dutch voters to help them decide which party to vote for in their national election were inaccessible on Wednesday, apparently victims of a cyber attack.
Swastikas all over Twitter – what you need to do (Naked Security) When Amnesty International calls Dutch people “Nazis” on Twitter, you know something went wrong. Here’s how to stop it happening to you.
Malwarebytes Researchers Hack into Soon-to-be-Launched RaaS Portal (BleepingComputer) A ransomware author's plans to launch a RaaS portal were foiled last week after security researchers from Malwarebytes managed to infiltrate the crook's command and control server, hosted on a common shared hosting provider.
Ransomware Disrupting Business Operations and Demanding Higher Payouts (SurfWatch Labs, Inc.) Malicious actors are continually fine-tuning their tactics, and one of the best examples of this is the evolution of ransomware. Ransomware has largely been an opportunistic, rather than a targeted…
SMBs Increasingly Targeted in Ransomware Attacks (Infosecurity Magazine) Financial impact and downtime are putting SMBs at risk, but many don’t bother to report attacks to the authorities
5 essential things to know about Ransomware (Geektime) The term “ransomware” denotes a type of malicious code that locks down computers or encrypts victims’ important data and demands money for recovery.
PhishMe: Ransomware Leads in Growth and Impact While Hackers Remain Committed to Data Theft (Yahoo! Finance) PhishMe Inc., the leading provider of human phishing defense solutions, today released findings showing that while Ransomware delivered the greatest impact and growth in 2016, threat actors continue to attempt data breaches and theft.
Latest phishing tactics: infected PDFs, bogus friend requests, fake HR emails (Naked Security) The bad guys have always got new tricks up their sleeves: here are some tips to help you steer clear of them
Data breaches: Playing by a new set of rules? (Help Net Security) Tell me, what’s your response when you hear that a company that was breached are now losing customers? I suppose it’s at this point the word reasonable mak
Bye bye, botnet! Kibosh put on Chamois Android fraud network (Graham Cluley) Security researchers have put the kibosh on Chamois, a fraud botnet which derived its jollies from targeting Android users.
Cyber attacks on e-wallets aim to steal data: Report (MoneyLife) As traffic to e-wallet platforms grows, there has been a significant increase in cyber attacks on online payment gateways to steal data than to disrupt operations, a new report said on Wednesday.
Online fraudsters' preferred tools and techniques revealed (Help Net Security) A new report has revealed online fraudsters' favorite tools and attack techniques for creating accounts and evading detection.
Private pictures and video of Emma Watson and other celebrities leak online (TechCrunch) Photos apparently stolen from Emma Watson, Amanda Seyfried and other female celebrities have been posted on 4Chan and Reddit, drawing comparisons to a 2014..
Security Patches, Mitigations, and Software Updates
SAP releases patches (TechEye) The software maker which makes esoteric expensive business programmes which no one is really sure what they do, has patched vulnerabilities in its latest HANA software.
March Patch Tuesday closes record number of vulnerabilities (Help Net Security) With no February Patch Tuesday, it was to be expected that Microsoft would fix a huge number of security issues in March, and they didn't disappoint.
Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player (BleepingComputer) Adobe has released updates for Adobe Flash Player and Adobe Shockwave Player that resolves a combined 8 security vulnerabilities. Of these 8 vulnerabilities, 7 of them are rated as Critical because they could lead to information disclosure or remote code execution.
Facebook and Instagram deny access to tools used for surveillance (Naked Security) Instagram and owner Facebook update terms and conditions specifically to deny access to tools used by law enforcement for gathering intelligence on protesters
Expert: Apple may have deployed unauthorized patch by mistake (CSO Online) Last month, reports came out that Apple accidentally installed a fake firmware patch on internal development servers. That's a lesson to all companies to be careful about where they get their patches.
Cyber Trends
Securing document flow: Exploring exposure and risk (Help Net Security) In a global survey of managers and information workers, 60% said they or someone they know have accidently sent out a document they shouldn't have.
Security chiefs join the chorus of concern about shoddy IoT devices (Naked Security) As security chiefs flag up their fears about vulnerable devices, we offer some tips to help you stay safe with the IoT
Marketplace
The Cyber Crystal Ball—Is There Insurance Coverage for the Top Threats of 2017? (Part I) | Lexology (Lexology) Cyber sages tell us the question is not whether your business will suffer a data breach, but when. To prepare for the inevitable, businesses want to…
The Impact of Cybersecurity Concerns on M&A Activities is Growing: eDiscovery Trends | JD Supra (JD Supra) This is the second story that I’ve covered in the past several months where cybersecurity concerns impacted merger and acquisitions. See below for...
Cyber Rule Could Quell the Urge to Merge for Government Contractors (SIGNAL Magazine) Contract streamlining and a revised NIST cybersecurity standard will lead to some big changes for firms competing for billions in federal government information technology contracts.
Trend Micro Celebrates One Year Anniversary of TippingPoint Acquisition; Announces Major Milestones Achieved in First Year of Integration (Businesswire) Trend Micro celebrates one year since the acquisition of TippingPoint from Hewlett Packard Enterprise
Okta IPO: Cautious Optimism (Seeking Alpha) Okta Inc., a tech security company which works with cloud technology, has made preliminary filings for an IPO on the NASDAQ. The company is in an important fiel
Can Gigamon, A Visibility Specialist, Restore Visibility Into Its Own Business? (Seeking Alpha) Gigamon shares, have gone from the mid $30's to over $60 and then back again in little more than 8 months. The shares fell sharply after the company missed expe
Why A10 Networks Popped 19% in February (The Motley Fool) The company reported record revenue for both the fourth quarter and full-year 2016, giving investors a lot to be happy about.
Webroot Drives Twelfth Consecutive Quarter of Double-Digit Business Growth in Q2 2017 (PRNewswire) Webroot, the market leader in next-generation endpoint security,...
whiteCryption Named Hot Company by Cyber Defense Magazine (Businesswire) whiteCryption, a provider of software application security and white-box cryptography, has been selected as a “Hot Company” in the applica
Centrify Named “Best-of-the-Best” by SPI Research (Yahoo! Finance) Centrify, the leader in securing hybrid enterprises through the power of identity services, announced today that SPI Research, the leading independent technology services research firm, has named the company a 2017 Best-of-the-Best professional services organization. Centrify was among 416 participating
Companies Face Growing Shortage of Security Personnel (Wall Street Journal) Companies will face a shortage of 1.8 million information security personnel by 2022, up 20% from 1.5 million in 2015, according to a survey released in February by Booz Allen Hamilton and ISC2, a cybersecurity education group.“There’s a whole range of skills needed,” said Bill Phelps, head of U.S. commercial business at Booz Allen.
Philip Dimitriu swaps Check Point for Palo Alto Networks (ARN) Palo Alto Networks chosen former Check Point director of systems engineering, Philip Dimitriu, to run its local systems engineering team.
Zscaler Adds Karen Blasing to its Board of Directors (Yahoo! Finance) Zscaler, Inc., the leading cloud security company, has appointed four-time CFO Karen Blasing to its board of directors as an independent director and the chair of the board's audit committee. Blasing currently ...
Products, Services, and Solutions
Trustonic device security platform achieves world's first TEE security certification from Common Criteria - Trustonic (Trustonic) Security certification supports and accelerates deployment of secure services on connected devices
LookingGlass Debuts New Partner Portal (Channel Partners) The portal grants LookingGlass partners 'round-the-clock access to sales and technical enablement with the goal of increasing partner productivity and
TruSTAR’s New Chat Feature Helps You Collaborate with Peers Faster (TruSTAR Blog) You asked and we listened. Today we’re launching a complete revamp of TruSTAR Chat, which is now equipped to let you communicate within…
Sliced Tech and Vault Systems gain ASD Certified Cloud Services' protected certification level (CRN Australia) Sliced Tech and Vault Systems granted 'Protected' level.
Microsoft Boosts Windows Defender ATP Security (eWEEK) In the forthcoming Windows 10 Creators Update, Microsoft previews some of the new capabilities coming to its threat protection product for businesses.
Advanced Phish Threat Simulator combats low security awareness among end-users (InterAksyon) Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information.
Barracuda Networks Inc.: Barracuda and Zscaler Jointly Deliver Comprehensive, Affordable Cloud-Delivered Web Security (Wall Street Transcript) Barracuda Web Security Service now powered by Zscaler to bring high-performance, scalable, cloud-delivered web security to midmarket customers
OPSWAT Announces the Release of Metadefender Threat Intelligence Feeds (Benzinga) OPSWAT released Threat Intelligence Feeds, a new feature that will provide a blacklist of malware signatures for the most prevailing and widespread threats in order to make...
Technologies, Techniques, and Standards
NEC Joins U.S. Department of Homeland Security "AIS" Initiative for Sharing Cyber Threat Indicators (ACNnewswire) NEC Corporation (TSE: 6701) today announced its participation in the "Automated Indicator Sharing" (AIS) initiative implemented by the United States Department of Homeland Security (DHS) that swiftly shares cyber threat indicators between the government and the private sectors, aligning technologies and human resources in the cyber security businesses and bolstering cyber intelligence as an important source of information.
Trust Begins With Layer 1 Encryption (Dark Reading) In today's distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Here's how.
Hit by cyber attacks, some Singapore enterprises are fighting back with AI - Techgoondu (Techgoondu) When Phoon Huat, a baking accessories firm in Singapore, had some of its files locked by cyber attackers, it decided not to pay the ransom.
Design and Innovation
Lip reading: biometrics you can reset just like passwords (Naked Security) By combining biometrics and passwords, this lip reading security solution promises to overcome one of biometrics’ key challenges
Research and Development
NSA, DOE say China's supercomputing advances put U.S. at risk (Computerworld) China's computing efforts are a threat to U.S. national security and may undermine profitable parts of the U.S. economy, a new report warns.
Legislation, Policy and Regulation
Turkey, Netherlands dispute deepens over sanctions (Global News) Watch Turkey, Netherlands dispute deepens over sanctions Video Online, on GlobalNews.ca
Assessing China’s Proposal for International Cooperation on Cyberspace (Canada Free Press) Assessing China’s Proposal for International Cooperation on Cyberspace, cybersecurity, protecting financial systems, commercial ports, and civilian nuclear energy systems from third-party threats
Trump’s cyber job #1: protecting federal networks and data (FCW) Protecting federal networks and data, followed by protecting critical infrastructure, are the Trump administration's cyber priorities, the homeland security advisor says.
Donald Trump taps Rob Joyce, NSA hacker, for National Security Council cyber role (The Washington Times) President Trump has picked the head of the National Security Agency’s elite hacking division to be the next White House cybersecurity coordinator, his administration said Wednesday.
You may soon have the right to know when you’ve been hacked (MarketWatch) Bipartisan support for a federal data breach disclosure law is growing
Joint Testimony...At a Hearing Entitled “Section 702 of the FISA Amendments Act” (IC on the Record) Chairman Goodlatte, Ranking Member Conyers, distinguished members of the Committee, thank you for the opportunity to brief you today about the FISA Amendments Act (“FAA”), particularly Section 702.
U.S. Marine Corps Looking to Stand Up Information Warfare MEF (SIGNAL Magazine) With a little more financial backing, the U.S. Marine Corps is primed to grow its force in three critical areas to meet the threats of the future. An increase in the number of troops will meet cyber, electronic warfare and intelligence needs in what the Corps is calling a Marine Expeditionary Force (MEF) information group.
Litigation, Investigation, and Enforcement
U.S. Charges Russian FSB Officers and Their Criminal Conspirators for Hacking Yahoo and Millions of Email Accounts (US Department of Justice Office of Public Affairs) The US Department of Justice has charged four Russian-connected hackers with crimes related to the Yahoo mega-breach.
Four Men Charged With Hacking 500M Yahoo Accounts (KrebsOnSecurity) The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of the men named in the indictments worked for a unit of the Russian Federal Security Service (FSB) that serves as the FBI’s point of contact in Moscow on cybercrime cases. Here’s a look at the accused, starting with a 22-year-old who apparently did not try to hide his tracks.
US charges Russian-connected Yahoo hackers over 2014 data breach (CRN Australia) Russian-connected hackers accused of 2014 data breach.
DOJ Charges Russian Intelligence in Huge Yahoo Hack (Foreign Policy) Investigators say FSB agents teamed up with criminal hackers to pull off one of the largest data breaches in history.
US charges Russian FSB officials in connection with massive Yahoo security breach (WeLiveSecurity) The United States has charged four men, including two officials of Russia's FSB intelligence agency, in connection with a hacking attack against Yahoo that saw the details of 500 million users stolen and the use of forged cookies to break into accounts.
Russian Spies Conspired With Most Wanted Cybercriminal In Yahoo Hack -- DOJ (Forbes) Prosecutors today unsealed an indictment charging four men, including two Russian intelligence officials, with a 2014 hack of Yahoo that affected 500 million accounts.
US faces limits in busting Russian agents over Yahoo breach (CSO Online) In a rare move, the U.S. has indicted two Russian government agents for their suspected involvement in a massive Yahoo data breach. But what now?
How did Yahoo get breached? Employee got spear phished, FBI suggests (Ars Technica) Unwitting sysadmin or other employee was conned out of credentials, FBI theorizes.
Inside the Russian hack of Yahoo: How they did it (CSO Online) One mistaken click. That's all it took for hackers aligned with the Russian state security service to gain access to Yahoo's network and potentially the email messages and private information of as many as 500 million people.
Yahoo hackers manipulated search results for ‘erectile dysfunction medications’ (TechCrunch) One of the hackers alleged to be responsible for a 2014 hack of Yahoo that affected half a billion users also manipulated search results in his favor to make..
Outsourcing Cyberespionage Landed Russia in Trouble (InfoRisk Today) If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.
Carnegie Mellon Helped the Government Access a Terror-Linked iPhone, Source Says (Motherboard) It’s not clear if this relates to the San Bernardino case.
What’s The Department Of Homeland Security Hiding? (BuzzFeed) The Department of Homeland Security knows something about the hack into the Democratic Party’s servers, but in response to a Freedom of Information Act request, the agency turned over just two page...
The Latest: Lawmakers want Americans' identities protected (ABC News) The Latest on the congressional investigation into Russian hacking during the 2016 campaign and contacts between Trump campaign associates and Russian officials (all times local): 2:50 p.m. Republican Sen. Lindsey Graham says the FBI has promised members of the Senate Judiciary...
Apple, Amazon, Microsoft and Cisco line up to support Google on emails (Naked Security) Posse of tech giants lines up with Google to resist pressure to hand over emails held on overseas servers
Op-Ed: The US just fired a $1 billion warning shot with massive fines against Chinese telecom firm (CNBC) The record $1 billion settlement the US reached with Chinese telecom ZTE over its Iran dealings sends a strong message to other international firms.
Track, Capture, Kill: Inside Communications Surveillance and Counterterrorism In Kenya (Privacy International) This investigation focuses on the techniques, tools and culture of Kenyan police and intelligence agencies’ communications surveillance practices.
The Kim Dotcom film: How to avoid a trial for 5 years and counting (Ars Technica) Dotcom's showmanship throws a small democracy for a loop.
Industry Events
upcoming Events
Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed. Cybersecurity: The Leadership Imperative will provide case studies and actionable insights on building and maintaining a structure in which leaders across the organization are able to work together seamlessly to comprehend, measure and respond to cyber risk challenges.
BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.
SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge. This was achieved by creating a prototype solution for the extraction of forensics artifacts from SSL/TLS encrypted packets between a software defined networking (SDN) switch and controller as well as a memory dump from the SDN switch. Mr. Bull and Mr. McAlister of Booz Allen Hamilton will articulate the steps which enabled the team to forensically enumerate the SDN network using only open source tools.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Middle East and Africa Forum (MEAF).
Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.
Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.
Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!
Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.
SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances
Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.