As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award, and we'd appreciate your support. You can vote here through March 22 (you don't need to be in Maryland, or even in the US, to do so). Thanks to all who've voted for us so far.
More Signal. Less Noise.
Nation state competition in cyberspace: Cold War Two? Fileless malware infestation traced to common actor. Wishbone breached; teens hit hardest. Cloud-based keylogger.
Announcements
Maryland Cyber People's Choice Award: vote for the CyberWire (our regular summary appears below)
Summary
An increasing operational tempo in international cyber conflict induces some observers to see the beginning of a new Cold War. Poland sees an uptick in attacks on that country's sites that have some connection with US-Polish combined operations. Nor are smaller countries immune: Luxembourg reports seeing more attacks by state-sponsored actors.
If this is indeed a new Cold War, cyber operations' low barriers to entry and the disparate national interests in play make Cold War Two much more multipolar than the original was. (See the US indictment of FSB officers in the Yahoo! hack, but see also recent Turkish operations against sites in the Netherlands and Germany.) One similarity a new Cold War seems to bear to the old one: much of the chill is manifest in propaganda (now called "information operations"). One difference may be the convergence of information operations with covert and clandestine work.
A Washington Post op-ed looks at WikiLeaks' Vault 7 and believes it discerns the root cause of the US Intelligence Community's security problems—too many contractors—but exactly how this amounts to a weakness in practice isn't really specified.
Turning to cyber crime, the popular quiz app Wishbone has sustained a breach. 2.2 million email addresses and 287 thousand mobile numbers, many if not most of them belonging to teenagers, have turned up for sale in dark web souks.
Morphisec believes it's traced recent infestations of flieless malware to a common threat actor.
Palo Alto researchers see NexusLogger, a cloud-based criminal keylogger, taking growing black marketshare.
Notes.
Today's issue includes events affecting Brazil, Canada, China, Luxembourg, Poland, Russia, United Kingdom, and United States.
On the Podcast
In today's podcast, we talk to Rick Howard, from our partners at Palo Alto Networks. He discusses a recent capture-the-flag event Palo Alto held with the University of Alabama at Birmingham. Our guest is Brian David Johnson on the threatcasting report from the Army Cyber Institute at West Point and Arizona State University: "A Widening Attack Plain.”
Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's applied to security. And see also Cylance's video interview with our Producer.
Sponsored Events
Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!
ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.
Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Attacks on U.S.-linked Polish sites back higher cyber spending: minister (Reuters) Several Polish municipalities that have hosted U.S. troops under a planned NATO operation suffered cyber attacks in January, a senior government official told Reuters, saying it highlighted the need for Poland's sharp increase in cyber-defense spending.
CIA leaks: Luxembourg increasingly under cyber-attack (Luxemburger Wort) Following recent reports by Wikileaks regarding cyber-attacks by the CIA, Xavier Bettel now confirmed that Luxembourg is increasingly a target of such attacks, but not necessarily by state actors.
User info of millions of Wishbone users slurped by hackers (Help Net Security) Personal information of over 2.2 million of Wishbone users - many of them teenagers - is being circulated on underground forums.
Wishbone Quiz App Exposes Millions of Kids to Criminals (Infosecurity Magazine) Included are 2.2 million email addresses and 287,000 mobile phone numbers, mostly linked to kids under the age of 18.
Fileless Malware Campaigns Tied to Same Attacker (Threatpost) Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group.
Abta website: Holidaymakers hit by cyber attack (BBC News) Travel trade organisation Abta says a cyber attack on its website may have affected about 43,000 people.
Statement from ABTA CEO, Mark Tanzer, relating to Data Security Incident (March 2017) (ABTA) We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability. The web server is managed for ABTA through a third party web developer and hosting company. The infiltrator exploited that vulnerability to access data provided by some customers of ABTA Members and by ABTA Members themselves via the website.
Google Points to Another POS Vendor Breach (KrebsOnSecurity) For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Commodity Ransomware is Here (LinkedIn) Brian Krebs recently posted a blog on a slick ransomware-as-a-service interface called “Philadelphia,” enabling almost anyone to launch a ransomware campaign. It is almost as easy as ordering pizza. The criminal developers even had the heart to offer a “mercy” feature should a victim plead for access to ransomed family photos of lost family and friends. Welcome to the new world of commodity malware.
Zscaler reveals risk of SSL based threats, warns of new security priority (SC Magazine UK) More than half of the internet traffic is already HTTPS encrypted for the sake of higher security. However, the encrypted traffic is used by cyber-criminals as well to hide their malicious activities from detection.
US-CERT Warns That HTTPS Inspection Tools Weaken TLS (Dark Reading) Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.
New cloud-based keylogger slowly gaining momentum among criminals (Graham Cluley) Cloud-based NexusLogger's friendly web portal makes it simple for non-skilled criminals to configure the malware however they want.
ERP Attack Risks Come into Focus (Dark Reading) New highly critical SAP vulnerability highlights dangers against critical business software.
Bad bots attack 96% of websites with login pages (Help Net Security) Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities.
Forget Microwaves and Smart TVs, Here Are the Real Concerns with the 'Internet of Things' (RealClearLife) Instead of listening smart TVs and peeping microwaves, people should be looking at other vulnerabilities in the 'Internet of Things.'
Sound Waves Used to Hack Common Data Sensors (Dark Reading) Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
McDonald's got Twitter bump after hacked account insulted Trump, expert says (Chicago Tribune) Someone on McDonald's social media team has some strong words for President Donald Trump.
That Deleted McDonald’s Tweet? Too Surreal, Even For Fast-Food Twitter (WIRED) From surreal Denny's to nihilist Arby's, fast-food Twitter is a meme-filled fever dream.
WIRED Had a Potential Infosecurity Problem. Here’s What We Did About It. (WIRED) We found out about a potential exposure of some of our internal data ... so we fixed it.
Anonymous Brazil Hacks Football Club for Hiring Goalkeeper Convicted of Murder (HackRead) The online hacktivist Anonymous along with its counterparts in Brazil hacked and defaced the official website of Boa Esporte, a second division football cl
Switch console flaw leaves Nintendo looking flat-footed (Naked Security) Hack exploited a flaw in the browser – but Nintendo had said there was no browser on the console
Security Patches, Mitigations, and Software Updates
Microsoft’s silence over unprecedented patch delay doesn’t smell right (Ars Technica) Canceling Patch Tuesday at the last minute warrants an explanation, not platitudes.
Cyber Trends
Thales: 63% of enterprises using cloud, big data, IoT and container environments without securing sensitive data (Thales) Adoption of advanced technology continues apace despite security gaps
How much of the IT your workers use is hiding in the shadows? (Naked Security) Is your IT infrastructure so restrictive it’s forcing your staff to use unauthorised ‘shadow’ infrastructure? If so, it’s time to have another look at your policies
Hyperconnectivity and IoT Set to Radically Disrupt Cyber by 2019 (Infosecurity Magazine) The key differentiating factor will be the degree to which organizations are prepared to meet the challenges of a fully connected society.
Marketplace
Biennial Women in Cybersecurity Report Reveals that Female Representation in Industry Remains Stagnant (PRNewswire) According to new research from the Center for Cyber Safety and Education™ (the Center) and the Executive Women's Forum on Information Security, Risk Management & Privacy (EWF), conducted by Frost & Sullivan, women comprise only 11 percent of the information security workforce – a number that has remained steady since 2013.
The 2017 Global Information Security Workforce Study: Women in Cybersecurity (Frost and Sullivan) Over the past 15 years, the Executive Women's Forum on Information Security, Risk Management, and Privacy has been committed to the important mission of engaging, developing, and advancing women leaders in cybersecurity.
MetTel, VeloCloud, Analysts Report Dramatic Rise in Market Demand for SD-WAN (MetTel) SD-WAN emerges as leading communications technology to support mobile, social, big data apps
Former Symantec COO’s San Jose business intelligence startup raises $45M (Silicon Valley Business Journal) Visier, a business intelligence startup co-founded by longtime tech executive John Schwarz, has raised a $45 million Series D led by Sorenson Capital.
Citi's latest cybersecurity bet veers from the usual model - Digiday (Digiday) Citi has invested in a cybersecurity defense solution that's a little more proactive than the usual analytics company
Palo Alto Networks Is a Buy on the Pullback (Yahoo! Finance) Growing cybersecurity concerns give it upside potential
Lockheed keeps cyber crime work under $347M DOD contract -- Washington Technology (Washington Technology) Lockheed Martin won a $347 million contract to continue supporting the Defense Cyber Crime Center.
CSAA Makes Name Change: The Monitoring Association (Security and Sales Integration) The association says the name change reflects an adjustment in mission and focus necessitated by growth and changes in the alarm monitoring industry.
Shawn Riley Assumes Integral Role as Chief Data Officer at DarkLight (BusinessWire) DarkLight, a cybersecurity analytics and automation platform driven by artificial intelligence, today announced that Shawn Riley has been named C
Procera Networks appoints SVP of Global Sales and Services (Yahoo! Finance) Procera Networks, Inc., today announced Tom Carter, a former F5 Networks executive, has joined the company as Senior Vice President of Global Sales and Services. Carter brings 25 years of sales and leadership experience selling strategic technology and
Products, Services, and Solutions
Recorded Future Joins IBM Security App Exchange Community (Yahoo! Finance) Recorded Future, which provides threat intelligence powered by machine learning, today launched two apps — Recorded Future for IBM QRadar and Recorded Future for ...
Pwnie Express Introduces Industry’s First IoT Risk Assessment Solution (Pwnie Express) IoT security leader enables security teams to quantify and address risk from IoT and connected devices in the enterprise
New infosec products of the week: March 17, 2017 (Help Net Security) Here are new infosec products from several vendors, including: Express Logic, Linux Academy, MapR Technologies, SecureWorks, and Pwnie Express.
Bankentag: Sicherheit im Online-Banking (Pressebox) Auf dem G DATA-Campus diskutierten und referierten Experten über den Schutz des Bankengeschäfts in der digitalen Welt
Technologies, Techniques, and Standards
Threat Data, Information, and Intelligence: What’s the Difference? (Recorded Future) Threat intelligence is hugely popular, and for good reason. But human analysts still play a vital role: converting threat data into threat intelligence.
IaaS Security: Threats and Protection Methodologies (eSecurity Planet) Cloud infrastructure services face unique security threats that require a variety of different protection methodologies.
In Cyber, Who Do We Trust to Protect the Business? (Dark Reading) If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
What Businesses Can Learn From the CIA Data Breach (Dark Reading) Just because threats like malicious insiders, zero-days, and IoT vulnerabilities are well-understood doesn't mean organizations have a handle on them.
Threat Sketch Joins the Department of Homeland Security's Cyber Security Intelligence Sharing Program (PRNewswire) Starting in 2017, Threat Sketch will begin receiving real-time...
A weak information security culture means your organization is vulnerable (SWNS) With the marked increase in cyber attacks and ever tighter legislation around data privacy it’s imperative that organisations prioritise security activities and interventions.
Fragmentation: the silent killer in security management (CSO Online) Today’s detection deficit between attackers and defenders is near an all-time high – and the gap is only getting wider. While many factors contribute to this deficit, among the top is the fragmentation of people, processes, and technologies. Adam Vincent, co-founder and CEO, ThreatConnect, describes best practices for overcoming security fragmentation.
Poor Device and App Care Leaves Users Drowning in Digital Clutter, Kaspersky Lab Study Reveals (Tempo) Digital clutter is growing due to an explosion in application usage and advances in the storage capacity of devices. But poor maintenance of these apps is leaving devices vulnerable to security threats. A new report by Kaspersky Lab reveals the scale of the digital clutter problem among internet users worldwide.
Beginner's guide to bitcoin (CoinDesk) As stated in our guide "What is Blockchain Technology?", there are three principal technologies that combine to create a blockchain. None of them are new. Rather, it is their orchestration and application that is new. These technologies are: 1) private key cryptography, 2) a distributed network with a shared ledger and 3) an incentive to …
Security Teams Need to Understand How Developers Tools Work (Security Week) Understanding development work practices allows security reams to speak to developers using terms they understand
Don't Leave Security to Luck - 5 Security Controls to Implement in 2017 (Security Week) Like burglars looking for the soft target in the neighborhood, such as the house without cameras or newspapers piled up indicating a family on vacation, cyber criminals are constantly probing for vulnerabilities.
Ethical Hacking: The Most Important Job No One Talks About (Dark Reading) If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
Design and Innovation
Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017 (Threatpost) On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux.
Legislation, Policy and Regulation
Nations jockey for influence in cyber space (Financial Times) After Russian interference in US politics, a second cold war looms
GOP lawmakers renew push for ISIS war authorization (TheHill) The U.S. has used a 2001 authorization to justify the war against ISIS.
U.S. military is finding it must adapt to multi-domain intel collection (C4ISRNET) As the Army looks to multi-domain battle, it will be essential to be able to collect intelligence across domains.
The operating environment of the future (C4ISRNET) In future battlefield environments, adversaries will make it challenging to support and sustain expeditionary units.
Trump’s budget proposal gives DHS $1.5 billion for cybersecurity (TheHill) Proposal directs government to increase cyber cooperation with private sector.
FBI would get $61M to fight cybercrime, encryption in Trump budget proposal - Fedscoop (Fedscoop) This report first appeared on CyberScoop. President Donald Trump’s budget blueprint for the federal government proposes a $61 million increase for the FBI and Justice Department in fiscal 2018 to better track terrorist communications and combat cybercriminals. “The FBI would devote resources toward its world-class cadre of special agents and intelligence analysts, as well as invest $61 …
Senate approves Coats as US director of national intelligence (DNA) President Donald Trump's national security team was finally completed today when former senator Dan Coats gained final approval in Congress as director of national intelligence.
Trump expected to pick Dina Powell for deputy national security adviser (Washington Examiner) President Trump is expected to name his senior counselor for economic initiatives, Dina Powell, as his new deputy national security adviser, according to multiple reports Wednesday evening.
Boeing exec, Russia cynic among Trump's picks for top DoD posts (Defense News) President Donald Trump has announced his nominees to fill five of the top spots at the Pentagon, including naming a Boeing vice president to be deputy secretary of defense.
Litigation, Investigation, and Enforcement
Analysis | Why does WikiLeaks keep publishing U.S. state secrets? Private contractors. (Washington Post) By outsourcing key intelligence work, the government has made classified material more vulnerable.
Russian Spies Helped Hack Yahoo, as if Tensions Weren’t High Enough (WIRED) The Department of Justice pinned a major Yahoo hack on Russia, adding to cyber-tensions between the two countries.
Here’s How Russian Agents Hacked 500 Million Yahoo Users (Bloomberg) It was June 2013, and U.S. law enforcement thought they were finally getting their hands on a slippery target: Russian hacker Alexsey Belan, indicted in Nevada and California for computer intrusions at three U.S. e-commerce companies, had been arrested in Europe.
DOJ indicts Russian spies in massive Yahoo breach (POLITICO) The indictments are part of the largest hacking case the Justice Department has ever pursued.
Trump stands by unverified wiretap claim (BBC News) The president hints that more will emerge to back his unsubstantiated accusation Barack Obama spied on him.
Trump adviser: Secret warrant may have caught contact with Russian hacker (Fifth Domain | Cyber) Longtime Trump adviser Roger Stone says he believes his contacts with a Russian-linked hacker who took credit for breaching the Democratic National Committee may have been obtained through a special warrant that allows the government to collect the communications of people suspected of being agents
GCHQ ridicules White House over claims it spied on Trump (Times) GCHQ hit back furiously at the White House after it repeated unsubstantiated claims that the intelligence agency had helped Barack Obama to spy on Donald Trump. In a rare public statement, a...
Trump Can’t Quit His Wiretap Claims. That Won’t End Well (WIRED) The Trump administration keeps doubling down on a surveillance story, even though it's in their best interests to drop it.
Trump adviser Flynn paid by multiple Russia-related entities, new records show (Washington Post) House Oversight Committee records show the former national security adviser collected nearly $68,000 in 2015.
Instagram is the latest nexus of the Marines photo sharing scandal (TechCrunch) Following the revelation that a private Facebook group with 30,000 members targeted female Marines in a non-consensual photo sharing ring, other toxic online..
Judge OKs warrant to reveal who searched a crime victim’s name on Google (Ars Technica) Order seeks data for "any/all user or subscriber information" related to the searches.
Canada's Privacy Watchdog Lacks the Teeth to Curb Phone Searches at the Border (Motherboard) It's a nice thought, though.
UK watchdog “close” to verdict in DeepMind Health data consent probe (TechCrunch) The UK's data protection watchdog has said it's "close" to concluding a 10-month+ investigation into consent complaints pertaining to a patient data-sharing..
Google’s fight with Uber over self-driving cars is heating up (TechCrunch) Google's legal battle with Uber over the development of self-driving cars is already off to an ugly start. Lawyers for the two tech firms spent the last two..
YouTube hate preachers share screens with household names (Times) Just as Steven Anderson reached the climax of his latest hate-filled sermon, uploaded each week on to YouTube, he was replaced on computer screens by a close-up image of the actress Helen Mirren.
Industry Events
newly Noted Events
GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding the development, implementation, management and use of information technology for mission-critical functions.
2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!
2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This black-tie event will celebrate the accomplishments of the most influential members of our community as well as the efforts of today’s most impactful cybersecurity leaders. The funds raised from this Benefit will be used to help sustain and grow the Institute’s research, publications, and educational activities for the communities it serves.
upcoming Events
BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field. The technical and academic presentations at BSidesCbr are given in the spirit of peer review and advanced knowledge dissemination. This allows the field of Information Security to grow in breadth and depth, and continue in its pursuit of highly advanced scientifically based knowledge.
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.
SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge. This was achieved by creating a prototype solution for the extraction of forensics artifacts from SSL/TLS encrypted packets between a software defined networking (SDN) switch and controller as well as a memory dump from the SDN switch. Mr. Bull and Mr. McAlister of Booz Allen Hamilton will articulate the steps which enabled the team to forensically enumerate the SDN network using only open source tools.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Middle East and Africa Forum (MEAF).
Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.
Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.
Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!
Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.
SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances
Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.