As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award, and we'd appreciate your support. You can vote here through March 22 (you don't need to be in Maryland, or even in the US, to do so). Thanks to all who've voted for us so far (and a special invitation to all the nice people we met at Cyber 9/12: we'd like your vote).
More Signal. Less Noise.
Results from Cyber 9/12--the Atlantic Council's cyber policy competition. Lessons on using criminals as subcontractors. Vault 7 and (sort of) responsible disclosure. IoT as Skynet.
Announcements
Maryland Cyber People's Choice Award: vote for the CyberWire
Summary
Amid the speculation about Vault 7's source in unknown, unspecified contractors, some observers are drawing a similar lesson about the Yahoo! breach: the attribution that resulted in four indictments is unlikely to have occurred if Russian intelligence services hadn't sought to rely on the services of third-party criminals. The criminals, especially the car buff arrested in Canada, got sloppy and got them all caught.
To return to Vault 7, Cisco has been poring over the leaks and has issued warnings about a flaw that figures in those leaks: it affects some 318 switch models. They're working on a patch, but in the meantime they offer mitigations that users should take seriously.
WikiLeaks has offered to share vulnerabilities from Vault 7 with software vendors, but it has some conditions it says industry has been disappointingly slow to take them up on. It's unclear exactly what those conditions are (they're being disclosed directly to the companies in WikiLeaks' communication with them) but they appear to included an undertaking to fix the vulnerabilities in question within ninety days of disclosure. A few outfits (notably Mozilla) seem to have agreed to play ball, but others (notably Google) have done nothing beyond acknowledging receipt of WikiLeaks' offer. WikiLeaks has indicated the consequences of failure to agree to terms by suggesting that uncooperative companies are dragging their feet because of connections with the US Intelligence Community.
Bruce Schneier reiterates warnings about the Internet-of-things: we are, he says, building an out-of-control global robot, and that's not good.
Notes.
Today's issue includes events affecting Canada, China, France, Germany, India, Israel, Mexico, Poland, Russia, Spain, United Kingdom, and United States.
A note to our readers: You may have noticed that the Christian Science Monitor's Passcode project has announced it will cease publication at the end of this month. You've been a good service, Passcode, and you'll be missed. Hail and farewell, and thanks to all who contributed a sound and lively voice to our community. We hope we'll continue seeing your bylines in your parent newspaper's cyber coverage.
On the Podcast
In today's podcast we chat with our newest research partner as Webroot joins us. Hear Webroot's David Dufour introduce himself and his company (which actually needs little introduction).
Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's applied to security. And see also Cylance's video interview with our Producer.
Sponsored Events
ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.
Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) 2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The International Cybersecurity Summit features 20+ world class cybersecurity thought leaders from allied nations and US including DoD, IARPA, DHS, USCYBERCOM, ARCYBER, NSA, DOC, NCTC/UK, U.S. Army Cyber Command, U.S. Cyber Command, Cyber National Mission Force.
The Cyber Security Summit: Atlanta and Dallas (Atlanta, GA, USA, April 6, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Selected Reading
Dateline
Cyber 9/12: Not capture-the-flag, but convince-the-executive (The CyberWire) The Atlantic Council and its partners held their Cyber 9/12 competition on Friday and Saturday, March 17th and 18th, 2017, at the American University in Washington, DC. Cyber 9/12 is a contest for student teams that differs from the more familiar capture-the-flag competitions in that its focus is on technically informed policy recommendations.
A major cyber attack has occurred. How should your nation respond? (The Atlantic Council: Brent Scowcroft Center on International Security) We frequently hear the terms “Cyber 9/11” and “Digital Pearl Harbor,” but what might policymakers do the day after a crisis? The Cyber 9/12 Student Challenge is an annual cyber policy competition for students across the globe to compete in developing national security policy recommendations tackling a fictional cyber catastrophe. In 2017, the Student Challenge will take place in Washington, DC in March, Geneva, Switzerland in April, and Sydney, Australia in September.
Cyber Attacks, Threats, and Vulnerabilities
Yahoo breach exposes the drawbacks of state-sponsored hacking (ITworld) When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they're taking a big risk.
Tory activist: Why is Vladimir Putin’s cyber army trashing my reputation with hateful fake news? (The Telegraph) At the age of 26, Azi Ahmed turned her back on an arranged marriage and
instead chose to sign up to the SAS's Territorial Army unit.
The New Handbook For Cyberwar Is Being Written By Russia (BuzzFeed) “It’s not that the Russians are doing something others can’t do,” a US intelligence officer said. “It’s that Russian hackers are willing to go there, to experiment and carry out attacks that others...
Pranksters gonna prank (Errata Security) So Alfa Bank (the bank whose DNS traffic link it to trump-email.com) is back in the news with this press release about how in the last mont...
Polish Authorities Confirm Hack of Bitcurex Bitcoin Exchange, Launch Investigation (BleepingComputer) Polish authorities in the town of Lodz have launched an official investigation into the closure of Bitcurex, a Bitcoin trading platform that launched in 2012, and closed earlier this year.
WhatsApp, Telegram ‘severe’ security flaw pinpointed following #Vault7 release (RT International) A flaw in popular messenger apps WhatsApp and Telegram, which could allow hackers to gain access to hundreds of millions of accounts using the very encryption software designed to keep them out, has been discovered by cyber security firm Check Point.
300+ Cisco switches affected by critical bug found in Vault 7 data dump (Help Net Security) Cisco has unearthed a critical vulnerability affecting 300+ of its switches and one gateway that could be exploited to take over the devices.
WikiLeaks Says Tech Firms Slow to Co-operate on Patching (Infosecurity Magazine) WikiLeaks Says Tech Firms Slow to Co-operate on Patching. US government contracts could be a roadblock, it claims
Wikileaks Sets Conditions for Helping Tech Companies Close CIA Hacks (Fortune) Some companies have been slow to comply.
Want some zero-day exploits used by the CIA? Talk to Wikileaks about it (The Tech Portal) Wikileaks has made it abundantly clear that it is in possession of documents that contain inside details about exploits affecting a slew of major companies.
WikiLeaks will give tech giants CIA zero-day exploits after they meet mystery demands (TechCrunch) WikiLeaks doesn't ever make things easy. When it became clear that the organization possessed documents that detail exploits affecting a handful of major tech..
Ask.com Toolbar Network Compromised Twice in Two Months (BleepingComputer) The Ask Partner Network (APN) was compromised for the second time in two months, as crooks found a way to deliver malware to computers running the Ask.com Toolbar.
New (but Old) Technique Hijacks User Sessions on All Windows Versions (BleepingComputer) A security researcher has detailed a way to log into any account on the same computer, even without knowing its password. The trick works on all Windows versions, doesn't require special privileges, and the researcher can't figure out if it's a Windows feature or security flaw.
Unpatched flaw opens Ubiquiti Networks devices to compromise (Help Net Security) The vulnerability in many Ubiquiti Networks networking devices can be exploited by attackers to take over control of the device.
Fileless attack framework was used in many recent attacks (Help Net Security) Morphisec researchers say that the three attacks were likely performed by the same criminal group, by using a sophisticated fileless attack framework.
Kirk ransomware – A Star Trek Themed Ransomware that requests Monero payments (Security Affairs) The researchers have discovered a new piece of ransomware featuring a Star Trek theme, dubbed Kirk ransomware, the first one accepting Monero payments.
21 Million Decrypted Gmail, 5 Million Yahoo Accounts Being Sold on Dark Web (HackRead) Last week HackRead exclusively reported on a Darb Web vendor “SunTzu583” selling millions of decrypted Gmail, Yahoo and PlayStation Network accounts. Now,
A cyber attack could cause the next global financial crisis (ABC News) The head of ASIC says it is staggering how many cyber attacks go unreported.
Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam (KrebsOnSecurity) Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks.
Saks Fifth Avenue Exposed Personal Info On Tens Of Thousands Of Customers (BuzzFeed) Email addresses, phone numbers and product codes were made available on publicly accessible pages.
McDonald’s India asks users to update app after data leak report (CSO Online) McDonald’s India operation asked users to upgrade their McDelivery app as a 'precautionary measure' after a security firm said it had found that it was leaking personal data of over 2.2 million users.
ATM Access For Sale in Spanish Underground (Wapack Labs) An underground seller is marketing ATM maintenance manuals, access keys/codes, and private software for a major ATM manufacturer on an unde...
Malvertising and Exploit Kits Still a Significant Threat: FireEye (Infosec Island) Malicious online ads and the exploit kits (EK) used to infect computers with various types of malware continue to pose a significant threat, FireEye warns.
Organizations still vulnerable to brute force attacks (Help Net Security) While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, acco
Security Patches, Mitigations, and Software Updates
Cisco to patch 300 devices against flaw found in CIA archives (CSO Online) After digging through the CIA archives released by WikiLeaks, Cisco says they've discovered a previously unknown flaw impacting 318 switch models. The bug, which the CIA has known about for an undetermined amount of time, can allow a remote attacker to execute code or cause a reload of a targeted device.
Microsoft Apparently Ramping Up Heavy-Handed Tactics To Force Windows 10 Migrations (Hot Hardware) The clock is ticking for users holding out on Windows 7 and 8.
Microsoft is killing off its most hated ever product - and it could cause you BIG problems (Dailystar.co.uk) One of Microsoft’s most hated ever products is to finally be killed off, the company has confirmed.
Cyber Trends
Bruce Schneier Calls for IoT Legislation, Argues The Internet Is Becoming One Giant Robot (Slashdot) "We're building a world-size robot, and we don't even realize it," security expert Bruce Schneier warned the Open Source Leadership Summit.
We’re Building a World-Size Robot, and We Don’t Even Realize It (Select All) We’ve created an internet that senses, thinks, and acts. How can we protect ourselves if it goes wrong?
Loss Impact of Third-Party Risks Can Easily Exceed $10 Million Reveals MetricStream Research (PRNewswire) MetricStream Research has released its latest report, "How...
63 Percent of Enteprises Use Advanced Tech Without Securing Sensitive Data (eSecurity Planet) 59 percent of senior security executives are concerned about security breaches due to attacks hitting cloud service providers, a recent survey found.
Marketplace
Want good cyber insurance? Read the fine print | Networks Asia (Networks Asia) Experts describe the cyber insurance industry as “healthy and growing.” But they also say that, given a relatively short history of risk and claims data, pricing and exclusions can be all over the map
6 Things You Didn't Know About FireEye, Inc. (The Motley Fool) Did you know these six things about the struggling cybersecurity company?
Q&A: Check Point Sales Chief On A Big Business Realignment And Competing Against Palo Alto Networks (CRN) Check Point Software Technologies EVP of Worldwide Sales and Global Field Operations Pierre-Paul Allard sat down with CRN to talk about realigning the company's sales force, and how he thinks that will position the company to avoid a sales miss like Palo Alto Networks.
What’s Cisco Plotting with Its Investment in Exabeam? (Market Realist) Cisco helps startup raise $30 million
Can IBM Turn the Tide on Cisco in This $202 Billion Industry? (Market Realist) IBM pursues security spending with Watson
Blockchain-based zero knowledge proof solution QED-it comes out of stealth mode (International Business Times UK) The Tel Aviv-based company combines advanced cryptography, parallel computing and blockchain technology.
DoD cyber crime center to receive support from Lockheed Martin in contract extension (Military Embedded Systems) The General Services Administration (GSA) Federal Systems Integration and Management Center (FEDSIM) tasked Lockheed Martin to continue its role to support the Department of Defense’s (DoD) efforts against cyber criminals.
NSFOCUS launches in Australia, ideally placed to halt cyber attack tsunami from China (PRWire) Threat Intelligence platform defends against sophisticated cyber attacks
National Security Agency chief gives AFA cadets cyber warfare recruiting pitch (Clorado Springs Gazette) America's hacker in chief says his cyber troops are giving as good as they are getting in battles on the internet and he's not worried about perceived conflicts between the Trump administration and the intelligence community.
Digital Shadows Continues to Make Waves with Two Prestigious Award Wins (Zawya MENA Edition) Digital Shadows, the industry leader in external digital risk management, announced that it has been awarded Best Risk Management Product in the Cyber Defense Magazine Infosec Awards 2017 and was recognized as one of the businesses to watch on the Momentum Partners Quarterly Market Report.
Danielle Jackson Joins SecureAuth as Chief Information Security Officer (SecureAuth) SecureAuth Corporation, the leader in adaptive access control, today announced the appointment of Danielle Jackson as Chief Information Security Officer (CISO).
Cylance VP Worldwide Field and Channel Marketing May Mitchell Honored in Cyberscoop’s Top Women in Cybersecurity (Sys-Con) Cylance® Inc., the company that revolutionized traditional antivirus with AI powered prevention that blocks everyday malware along with today’s most advanced cyberthreats, today announced that Cyberscoop has named May Mitchell, vice president of worldwide field and channel marketing, to its inaugural list of Top Women in Cybersecurity.
Passcode signs off (Passcode) Passcode, The Monitor's project on cybersecurity and privacy, winds down on March 31.
Products, Services, and Solutions
How Darktrace is leading Cambridge fightback against global cyber threats (Cambridge Independent) A global arms race is under way – and the dark side has been winning. But a unique weapon is now being unleashed by Darktrace in Cambridge to combat the cyber threats facing every network
Pwnie Express eases security remediation with a risk-assessment tool (Network World) Pwnie Express is adding a tool called Device Risk Scorecard to its Pulse Serivce that ranks the risks its security service finds on customer networks and makes it easier to remediate them.
TopSpin Security's DECOYnet Uses Deception to Defend Networks (eWEEK) TopSpin Security's DECOYnet uses deception to defend networks against hacker intrusions by using deceptive tactics that direct attackers to decoy resources and traps.
Fortinet : launches new MSSP programme | 4-Traders (4-Traders) Fortinet has unveiled a new programme to empower MSSPs (Managed Security Service Providers) with the tools, expertise, training, and support to accelerate profitability, expand growth, increase market leadership and deliver advance security services to its customers.
Cebit showcases security after Snowden (PCWorld) It's almost four years since Edward Snowden leaked U.S. National Security Agency documents revealing the extent of the organization's surveillance of global internet traffic, but he's still making the headlines in Germany.
BlackBerry readies a more secure version of the Samsung Galaxy S7 (CSO Online) Secusmart, the BlackBerry subsidiary that secures the German Chancellor Angela Merkel's smartphone, will roll out a version of its SecuSuite security software compatible with Samsung Electronics' Knox platform later this year.
Technologies, Techniques, and Standards
IoT and the resurgence of PKIs (Help Net Security) PKIs provide every authorized person, device and app with a trusted identity, and enable secure interactions via authentication, encryption and signing.
Standards and Security: The Great DDoS Challenge (DDoSInfo) Whether or not you work in IT security, distributed denial of service (DDoS) attacks are becoming more visible by the day.
Ethical hacking: should you pay a white hat to break in? (Naked Security) Naked Security reporter Paul Ridgewell thinks it’s odd to attach the word ‘ethical’ to an activity that’s usually considered criminal – do you agree with him?
Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them (TechNewsDB) Phishing Scams Even Fool Tech Nerds—Here’s How to Avoid Them
How much is a bug worth? (CSO Online) With recent increases in bug bounty amounts in the news, Bugcrowd shows how a bug bounty amount is calculated.
Secrets of a Highly Productive CIO-CISO Relationship (Dark Reading) The dynamic between CIOs and CISOs has evolved along with the technology. How can they ensure they're on the same page while driving value?
Design and Innovation
Why Current Cybersecurity Doesn't Work and Why Blockchain Should Take Its Place (The Sociable) At the North American Bitcoin Conference in 2017, world renowned (and some would say infamous) security expert John McAfee stated that the current iterations of cybersecurity software are “non-functional.” It simply doesn’t work, he stated — and, to a degree, he’d be right. When you look at the fact that the biggest DDoS attack in […]
Blockchain and Financial System Impact (Fortinet Blog) Blockchain is a technology that basically distributes a ledger. For those of you in the financial management world, you know...
Bitcoin Exchanges Have Accepted the Inevitability of a Fork (Motherboard) But they have some conditions.
Research and Development
Can We Turn Our Intuition Into a Real-Life Superpower? (Motherboard) US military scientists are trying to identify where "gut feelings" come from to try and create the perfect soldiers.
Academia
US Cyber Challenge: Cyber Quests Spring 2017 (US Cyber Challenge) Welcome to the Cyber Quests portion of the US Cyber Challenge, sponsored by Cyber Aces! To participate, please click the Registration link on the left and register for an account within the Question Engine.
IDF cyber cadets 'catch em all' in Pokemon themed exercise (Israel National News) Army exercise features popular Japanese animated characters from the Pikachu franchise.
Legislation, Policy and Regulation
Ahead of elections, French government prepares for Russian cyber attack (India.com) In the council of defence held in early March, President Hollande ordered
What do Islamic State and Tibet have to do with China’s crackdown in Xinjiang? (South China Morning Post) Authorities’ show of force in China’s restive western region follows a spate of terror attacks and an IS video featuring Uygurs
ESET says Australia's mandatory breach disclosure doesn't go far enough (Security Brief) “In 2017, the idea that boards of businesses exempt from the mandatory data breach disclosure laws still don’t need to have plans is very worrying."
Secrets of a Highly Productive CIO-CISO Relationship (Dark Reading) The dynamic between CIOs and CISOs has evolved along with the technology. How can they ensure they're on the same page while driving value?
Trump announces $1.5bn for cyber-security and critical infrastructure (SC Magazine UK) Trump's first budget intends to strengthen the federal state of cyber-security by allotting $1.5 billion to the Department of Homeland Security.
Bipartisan bill looks to aid state and local governments with cyber response (FCW) The legislation would open up new avenues of assistance for state and local cyber incident response and bring resources home for its Texas-based sponsors.
Lawmakers fear infiltration of defense supply chain (TheHill) There's a growing risk of adversaries inserting malicious material into Pentagon weapons systems.
Trump’s Wiretap Accusations Renew Debate About Privacy (New York Times) After the president’s latest attack on American intelligence agencies, questions resurfaced on whether they invade privacy and could undermine democracy.
The Multibillion-Dollar U.S. Spy Agency You Haven’t Heard Of (Foreign Policy) How President Trump might turn an all-seeing spy apparatus on innocent American citizens.
Litigation, Investigation, and Enforcement
Donald Trump fuels diplomatic row with Britain after apology from US officials over GCHQ wiretapping claims (The Telegraph) Donald Trump remained unrepentant amid a diplomatic row with Britain on Friday, hours after US officials made a formal apology for accusing GCHQ of helping Barack Obama spy on the then presidential candidate.
NSA official: Reports that British spied on Trump 'arrant nonsense' (MYARKLAMISS) A top National Security Agency official called allegations that President Barack Obama directed a British spy agency to wiretap Donald Trump during the presidential campaign arrant nonsense.
Fox News: “We Know Of No Evidence Trump Surveilled At Any Time In Any Way” (Deadline) UPDATED with video: “Fox News cannot confirm Judge Napolitano’s commentary; Fox News knows of no evidence of any kind that the now President of the United States was surveilled at any time in…
Lawmakers seek FBI, NSA answers on Trump, Russia at rare public hearing (Reuters) The directors of the FBI and National Security Agency will break their public silence on Monday about investigations into possible links between Russia and President Donald Trump's election campaign at a rare open congressional intelligence committee hearing.
Nunes: New evidence from FBI continues to show no wiretap on Trump (Washington Examiner) House Intelligence Chairman Devin Nunes on Sunday said new evidence the FBI released to the committee on Friday regarding an investigation into President Trump's allegations the Obama administration physically wiretapped Trump Tower in Manhattan during the presidential election last year did not affect the conclusion that there was no interference.
Schiff: Nunes must be willing to subpoena witnesses for Russia probe (Washington Examiner) California Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, is pressuring Chairman Devin Nunes to subpoena witnesses for its investigation into possible collusion between Russia and President Trump's campaign.
Peter Thiel’s Palantir Faces an Escalating Court Battle With an Early Investor (Bloomberg) The battle between Palantir Technologies Inc. and a longtime investor just got nastier. KT4 Partners LLC, which first backed Palantir more than a decade ago, sued the privately held data analytics company, saying attempts to sell shares were thwarted and that financial information was withheld.
At Peter Thiel’s Palantir, Allegations of Theft and Deception (Bloomberg) The data mining startup blocked China’s CDH Investments from buying stock, says an un-redacted lawsuit obtained by Bloomberg.
Palantir Enables Immigration Agents to Access Information From the CIA (The Intercept) According to a set of funding documents, ICE agents can use a Palantir system to access data held by agencies that possess highly classified intelligence.
Army pleads for industry to halt filing contract award protests on 'autopilot' (Defense News) High-ranking Army officials pleaded for industry to halt filing protests on a nearly automatic basis over contract awards at the AUSA Global Force Symposium this week.
Md. man accused of sending seizure-inducing tweet to Newsweek writer who has epilepsy (Washington Post) John Rayne Rivello faces a charge of cyberstalking, the Justice Department said. Newsweek said the target was one of its writers, Kurt Eichenwald, an epileptic who has criticized President Trump.
Man accused of sending a seizure-inducing tweet charged with cyberstalking [Updated] (Ars Technica) Allegations are a first for an online attack with an epileptogenic image.
Minn. court mulls sentencing break for tweet-threats (Maryland Daily Record) Are threats made over social media less serious than those communicated by old-school means? That was one of the questions before the Minnesota Supreme Court earlier this month as the…
Corps' new mandatory social media pledge will make UCMJ prosecutions easier (Marine Corps Times) Marines will soon be required to sign a formal policy statement confirming that they have read and understood the new social media guidance issued by Marine Commandant Gen. Robert Neller. The pledge is designed in part to aid the Marine Corps in prosecuting future misconduct on the social media front.
Former IT Admin Accused of Leaving Backdoor Account, Accessing It 700+ Times (BleepingComputer) An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer.
Calgary police say rising cyber fraud rates are cause for concern (Calgary Herald) Long gone are the days of stick-‘em-up bank robberies and wild police car chases.
YouTube responds to complaints that its Restricted Mode censors LGBT videos (TechCrunch) After concerns that its Restricted Mode hides videos with LGBT content, YouTube released a statement saying that it “regrets any confusion.”
Industry Events
upcoming Events
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.
SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge. This was achieved by creating a prototype solution for the extraction of forensics artifacts from SSL/TLS encrypted packets between a software defined networking (SDN) switch and controller as well as a memory dump from the SDN switch. Mr. Bull and Mr. McAlister of Booz Allen Hamilton will articulate the steps which enabled the team to forensically enumerate the SDN network using only open source tools.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Middle East and Africa Forum (MEAF).
Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding the development, implementation, management and use of information technology for mission-critical functions.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.
Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.
Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!
Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.
SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances
Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.
SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.