As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award, and we'd appreciate your support. You can vote here through tomorrow (you don't need to be in Maryland, or even in the US, to do so). Thanks to all who've voted for us so far (and a special invitation to all the nice people we met at Cyber 9/12: we'd like your vote).
More Signal. Less Noise.
Is the Turkish Crime Family for real? Locky seems to be fading. RoKs report more attacks on their military networks. WikiLeaks finds few takers for its Vault 7 bugs. Germany, US, expect more Russian cyber, influence campaigns. FBI continues investigation Trump campaign alleged Russian contacts.
Announcements
Maryland Cyber People's Choice Award: vote for the CyberWire today
Summary
A group calling itself "the Turkish Crime Family" claims to have contacted Apple with a ransom demand. If Cupertino doesn't pay them either $75,000 (Bitcoin or Ethereum crypto currency) or $100,000 in iTunes gift cards, they will remotely wipe "millions" of iPhones and iCloud accounts. The deadline for payment is April 7. It's unclear whether the threat is real or even whether the "Turkish Crime Family" has actually communicated with Apple. This may well be a case of skids crowing large, but it should also serve as a timely reminder of the importance of securing your iOS devices and iCloud accounts.
As ransomware increasingly becomes a commodity traded on the black market, some long-familiar strains begin to fade. Locky, for one, seems to be on the wane.
South Korea reports stepped up cyberattacks on its military networks.
WikiLeaks' Julian Assange says, in effect, that companies who decline his disclosure of exploitable bugs (allegedly from CIA files) are stooges for the US Intelligence Community. This seems unfair, but on the other hand Mr. Assange knows he's hardly flavor of the month in Langley or Laurel.
Germany raises pre-election cyber alert levels to prepare for Russian cyber and information campaigns. The US FBI warns that more Russian attempts to influence US elections should be expected. The Bureau continues investigating possible contacts between Trump campaign officials and Russia.
Russia's Alfa Bank has asked US law enforcement for help with what it says are false signs of contact between itself and the Trump Organization.
Notes.
Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, France, Germany, India, Iran, Israel, Republic of Korea, Lithuania, Netherlands, Poland, Qatar, Russia, Saudi Arabia, Ukraine, United Kingdom, United States and Venezuela
On the Podcast
In today's podcast, Jonathan Katz from our partners at the University of Maryland offers a technical look at the recent SHA-1 collision demonstration. We also speak with Ron Bushar from Mandiant on his company's recent (and influential) M-Trends report.
Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's being applied to security. And see also Cylance's video interview with our Producer.
Sponsored Events
ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.
Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) 2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The International Cybersecurity Summit features 20+ world class cybersecurity thought leaders from allied nations and US including DoD, IARPA, DHS, USCYBERCOM, ARCYBER, NSA, DOC, NCTC/UK, U.S. Army Cyber Command, U.S. Cyber Command, Cyber National Mission Force.
The Cyber Security Summit: Atlanta and Dallas (Atlanta, GA, USA, April 6, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom (Motherboard) “I just want my money,” one of the hackers said.
Hackers claim they will wipe iPhones and iCloud accounts unless... (HOTforSecurity) A group of hackers are allegedly threatening to remotely wipe millions of iPhones and iCloud accounts, unless Apple agrees to pay a ransom by April 7th.
Defense Ministry: Surge in Cyber Attacks Against Military Computer Network (KBS Radio) The Defense Ministry said on Tuesday that the number of external cyber attacks against the military’s computer network has recently surged.
Assange chastises companies that haven't responded to CIA vulnerability offers (TheHill) WikiLeaks head Julian Assange slammed companies for not taking the site up on the sites offer to share security flaws the CIA had exploited in their products.
WikiLeaks and the Published CIA Documents (Acumin) WikiLeaks has published an explosive trove of 8,761 files and data claiming that they were leaked from the CIA's Cyber Intelligence unit
NSA, FBI: Russian cyber tactics, 'loudness' key differences in 2016 election interference [Updated] (Fifth Domain | Cyber) NSA Director Adm. Michael Rogers told Congress on Monday that the “cyber dimension” was a key difference in the Russian active measures used to interfere in the 2016 U.S. presidential election, compared to previously observed Russian activities in other elections.
Russia will strike US elections again, FBI warns (CSO Online) Future U.S. elections may very well face Russian attempts to interfere with the outcome, the FBI and the National Security Agency warned on Monday.
Press Statement: Alfa Bank confirms it has sought help from U.S. authorities, and discloses new cyberattacks linked to Trump hoax — (Alfa Bank) Alfa Bank, a privately owned Russian bank, confirmed today that it has contacted U.S. law enforcement authorities for assistance and offered U.S. agencies its complete co-operation in finding the people behind attempted cyberattacks on its servers that have made it appear falsely that it has been communicating with the Trump Organization.
Big Surprise: Chinese PUPs Deliver Backdoored Drivers (BleepingComputer) Drivers secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.
Burglars can easily make Google Nest security cameras stop recording (Help Net Security) Google Nest's security cameras can be easily disabled by an attacker that's in their Bluetooth range, a security researcher has found.
ISP customer data breach could turn into supercharged tech support scams (Naked Security) The concept of helping people via a support line has been poisoned by scammers using leaked customer data to target victims
Malspam with password-protected Word documents (SANS Internet Storm Center) On Monday 2017-03-20, the ISC received a notification through our contact page.
Hijacking Windows user sessions with built-in command line tools (Help Net Security) By using built-in command line tools, any privileged user can hijack the session of any logged-in Windows user without knowing that user's password.
Report: 'OilRig' Attacks Expanding Across Industries, Geographies (Dark Reading) The highly-effective malware targets Middle Eastern airlines, government, financial industries and critical infrastructures with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Personalized spam campaign targets Germany (Symantec Security Response) A new spam campaign targeting German users uses victims’ real details and installs banking malware on compromised computers.
Legacy Cobol code an increasing problem in computer security, claims research (Computing) Study finds 'security through obscurity' doesn't work and that investment in modern IT also helps improve security.
3,000 Industrial Plants Per Year Infected with Malware (Dark Reading) Targeted industrial control systems-themed malware is less prevalent yet persistent, including one variant posing as Siemens PLC firmware that has been in action since 2013, researchers find.
Targeted control system cyber attacks - not when, but how much damage (Control Global) Targeted control system cyber attacks have been identified in many countries that include destruction of centrifuges, damage to blast furnace, loss of fuel loading, tilting of an off-shore oil rig, and significant environmental discharges. However, there have been almost no US government or NERC public identification of control system cyber attacks in the US despite the fact that targeted control system cyber attacks have occurred in US critical infrastructures with attendant damage.
Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure (Motherboard) Cyber defenders still don’t understand the real threats that the power grid, energy plants and other critical infrastructure face.
DIY kits for sale on dark web spark rise of ransomware-as-a-service (Naked Security) These days you don’t need much skill to unleash ransomware – all you need is access to the dark web. So how can you protect yourself against ransomware?
Numbers Show Locky Ransomware Is Slowly Fading Away (BleepingComputer) Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March.
Millions of Accounts from 11 Hacked Bitcoin Forums Being Sold on Dark Web (HackRead) A famous Dark Web vendor known by their handle of "DoubleFlag" is selling databases of eleven Bitcoin forums on a popular dark web marketplace. The databas
Study: Some Mobile Devices Can Be Hacked Using Sound Waves (HealthcareInfo Security) Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says
Check Point discloses how Hackers can take over WhatsApp & Telegram account (ETtech.com) The new vulnerability found on WhatsApp Web & Telegram Web allowed hackers to gain control over accounts, including chats, images, video and audio,..
MajikPOS Malware Currently Infecting U.S. Point-of-Sale Systems (eSecurity Planet) The malware began infecting businesses across North America in late January.
Malware Infections Surge on Tuesday in Areas Hit Hard by Winter Storm Stella (Enigma Software) In addition to dumping more than three feet of snow in some areas of the Northeast, Winter Storm Stella may also be to blame for a spike in malware infections.
Three's website exposes mobile phone customers' details to strangers (Graham Cluley) Three appears to have made a blunder, after customers logging into the British mobile phone company's website found themselves looking at other customers' accounts - including the names, addresses, call histories and data usage of complete strangers.
McShame: McDonald's API Leaks Data for 2.2 Million Users (InfoRisk Today) McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
Yes, I Have Been Pwned (InfoRisk Today) With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
Pwn2Own hacking contest ends with two virtual machine escapes (CSO Online) Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.
Security Patches, Mitigations, and Software Updates
Mozilla Patches Pwn2Own Zero Day in Firefox (Threatpost) Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.
Cyber Trends
Report says smart people do dumb things online (CSO Online) People from the religious and legal fields were considered lazy for not following security standards.
Shadow IT is "an abomination", but the IT department can't just ignore change, agree UK CIOs (Computing) "We're not the high priests in the temple" warns IT leader
End user computing has changed forever, and enterprises need to accept it (Computing) Expert panel argues that enterprises need to recognise that transformation is inevitable, and thinking otherwise is 'King Canute territory'
BSH digital chief talks DevOps, cloud and the pitfalls of 'always-accessible' technology (Computing) Mike Faiers tells Computing why opening up IT to the business has had a huge impact
Cellphone Usage Increases by 20% since 2015 - Panda Security (Panda Security Mediacenter) Is that surprising? Well, not really. Cellphone Usage Goes Up to 5 hours a Day! Stay Safe While Out & About with Security Tips from Panda.
Poor Device, app care leaves users drowning in digital clutter, says Kaspersky study (ETCIO.com) Users typically install 12 Android apps every month but delete only 10, in effect adding two apps to their device on a monthly basis.
Ixia Releases First Annual Security Report (Yahoo! Finance) Ixia, a leading provider of network testing, visibility, and security solutions, today announced the release of the first Ixia Security Report, a summation of 2016’s biggest security events including findings from Ixia’s Application and Threat Intelligence Research Center.
ASIC chief warns of ‘black swan’ cyber hit (The Australian) Australian companies faced a “frightening” number of potential cyber attacks, Australian Securities & Investments Commission chairman Greg Medcraft warned yesterday.
The EFF’s Eva Galperin Keeps Activists Safe Online (Motherboard) The director of cybersecurity wants activists to remember to celebrate their wins.
Marketplace
Sources: Tanium COO-CFO Leaves Company Suddenly, Despite IPO Plans On Horizon (CRN) Eric Brown, who was in the dual roles of chief operating officer and chief financial officer, left Tanium last week, sources close to the company told CRN. Brown's exit comes as the company looks to lay the groundwork for an initial public offering.
Why Merrill Lynch Sees 50% Upside in FireEye After Major Sell-Off (247wallst.com) Cybersecurity is one of the main concerns in the world today, whether it is protecting vital information from being hacked or preventing foreign interference with domestic elections.
Capgemini and Fujitsu paid £724m for HMRC Aspire contract in 2016/16 (Computing) HMRC pays out £1.45bn to keep Aspire going over the past two years,Strategy,Public Sector,Government ,Accenture,Fujitsu,HMRC,Capgemini,Mark Dearnley,Aspire,hm revenue and customs
Frost & Sullivan Honors Cyberbit as the Leader in Cyber Security Detection and Response (Yahoo! Finance) Cyberbit , whose cybersecurity solutions protect the world's most sensitive systems, announced today that it has been awarded the Frost & Sullivan 2017 Technology ...
Hollywood Star to Raise Cyber Security Awareness in New TV Series (Acumin) TV and movie actor Christian Slater will appear in a 12-month digital TV series with IT giant HP called 'The Wolf'.
Products, Services, and Solutions
LockPath Included in Gartner's IT Market Clock for Procurement and Sourcing Solutions, 2016 (Yahoo! Finance) LockPath, a leading provider of governance, risk management and compliance solutions, today announced the company has been included as a sample vendor in Gartner Inc.'s January 17, 2017 IT Market Clock ...
WISeKey and OISTE.ORG Localizes Its Cryptographic Root of Trust in India and Creates a New National RoT / CA to Bring Security to India Internet Ecosystems (People and the Connected Devices) (BusinessWire) WISeKey International Holding Ltd. (WIHN.SW), a leading Swiss cybersecurity and IoT company, today announced that it has completed the localization of
Navy launches a 'locker' app that houses all your Navy apps in one place (Navy Times) The Navy App Locker is available to sailors, civilians and family members.
Inside Secure Delivers Application Protection to Defend against Malicious Attacks on Android Java Devices (Yahoo! Finance) Inside Secure , at the heart of security solutions for mobile and connected devices, today announced that it has released its Core security technology specifically for Android applications.
Data security co Safe-T teams with Check Point (Globes) Safe-T believes that cooperation with Check Point can bolster its reputation in the global information security market and increase its sales.
Nerdio Integrates Mimecast For Enhanced Email Security (PRNewswire) Adar, Inc., creator of industry-leading ITaaS platform Nerdio, today...
IBM Launches Industry's Most Secure Enterprise-Ready Blockchain Services for Hyperledger Fabric v 1.0 on IBM Cloud (Yahoo! Finance) IBM InterConnect – IBM (NYSE: IBM) today announced the new release of IBM Blockchain, the first enterprise-ready blockchain service based on the Linux Foundation's Hyperledger Fabric version 1.0. The service enables developers to quickly build and host security-rich
Technologies, Techniques, and Standards
When Apache Struts2 Hits the Fan, Respond with Data and Collaboration (RiskRecon) Mitigating your third-party exposure to Apache Struts2 requires accurate, actionable data.
10 Ways Cos Can Minimize Risk Of Ransomware Read more: 10 Ways Cos Can Minimize Risk Of Ransomware (Anti-Corruption Digets) The connection between IT security and data protection has never been as tight as it should be inside most organizations.
The Network Is Critical To Protect Your Business Assets (CIO) Having an end-to-end cybersecurity framework is a must
Don't be bait for hackers: 5 cybersecurity tips for Triad small businesses (Triad Business Journal) It’s not just large companies such as Yahoo and Target that are vulnerable to cyberattacks. Small businesses, which are often more cash-strapped than large corporations, are increasingly being targeted by hackers, according to industry members.
House Committee on Small Business provides cyber security guidance (Lexology) This month, the United States House of Representatives Committee on Small Business held a hearing on cyber risks facing small businesses and issued…
Getting Beyond the Buzz & Hype of Threat Hunting (Dark Reading) When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it won't happen overnight.
What to consider in developing BYOD policy (CSO Online) In today’s work environment, employees are increasingly expected to be constantly available and communicating. Regardless of whether the company permits it, employees will use their personal devices for work. Instead of ignoring the inevitable, companies should develop and implement a BYOD policy that protects the company and balances productivity with security.
Design and Innovation
How to Build a Virtual Clausewitz (Strategy Bridge) From television shows like Westworld to movies like Rogue One, practical and ethical issues surrounding artificial intelligence (AI) seem to be on the minds of many.
When will blockchain technology deliver on its promise? (Naked Security) There’s a lot of promise in blockchain technology, but it’s bogged down in problems and has a long way to go before it’s ready for prime time
The FBI Says It Doesn’t Need Encryption for Unclassified Evidence (Motherboard) In a list of technical requirements for a smartphone recording app, the FBI says it doesn't need to use encryption.
Research and Development
In Pursuit Of Improving Cybersecurity In The Data Center And Cloud, Illumio Awarded Three Patents For First Of Its Kind Adaptive Segmentation Technology (Yahoo! Finance) Illumio announced today it secured three technology patents from the U.S. Patent and Trademark Office for its breakthrough cybersecurity platform. The patents recognize Illumio's innovation in making adaptive segmentation faster for all companies
Researchers are using Darwin’s theories to evolve AI, so only the strongest algorithms survive (Quartz) Accurate algorithms live on, while poor performers get "killed."
Academia
Oxygen Forensics Software Used to Teach Students Enrolled in Capitol Technology University Cybersecurity Degree Programs (Yahoo! Finance) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that its flagship product, Oxygen Forensic Detective, is being used by professors teaching digital forensic classes within the BS and MS cybersecurity
Legislation, Policy and Regulation
How China is preparing for cyberwar (The Christian Science Monitor Passcode) The US and China have made progress on curbing commercial cyberespionage. Now, the global powers need to set limits when it comes to digital warfare.
What it'll take to forge peace in cyberspace (The Christian Science Monitor Passcode) The international community has finally started a serious conversation about norms in cyberspace. But reaching a global consensus needs the world's attention.
Germany Raises Cybersecurity Alert Level Ahead of Elections (LIFARS) Germany has raised its cybersecurity alert level as it prepares for an onslaught of cyber attacks ahead of the parliamentary elections.
Britain's May to launch EU divorce proceedings on March 29 (Reuters) Prime Minister Theresa May will trigger Britain's divorce proceedings with the European Union on March 29, launching two years of negotiations that will reshape the future of the country and Europe.
GCHQ announces new director days after rubbishing Donald Trump's wire-tapping claims (Computing) Deputy director general of MI5, Jeremy Fleming, to take charge next month.
U.S. confirms ban on large electronics in cabins on flights from 10 airports (TechCrunch) After a lot of confusion yesterday, we have now learned from senior administration officials that the U.S. is indeed banning U.S.-bound passengers from..
TSA explains why it won’t allow electronics on some USA-bound flights (Ars Technica) Terrorist groups may be "smuggling explosive devices in consumer items."
Banning Electronics From Flights ‘Fails the Logic Test' (Motherboard) The US has indefinitely banned passengers from eight majority-Muslim countries from carrying electronics on planes.
A public policy perspective of the Dark Web (Journal of Cyber Policy) The Dark Web is at the centre of the debate over whether online anonymity should be maintained in spite of the illegal activity that it enables.
Bill Would Compel Firms to Say If CyberSec Expert Sits on Board (GovInfo Security) A bill introduced in the Senate would require publicly traded companies to disclose to regulators whether any board members have cybersecurity expertise.
DoD has more intel than it can process (C4ISRNET) With all the data coming in from ISR systems and sensors, the Pentagon is having difficulty processing it all.
Cybersecurity’s Human Side: How Can We Solve Our People Problem? (Defense One) First, stop undermining our own efforts to fill crucial jobs. Second, cast a wide net for useful lessons.
"Countdown to Compliance"--Fasoo Sponsored Ponemon Institute Survey of New Cybersecurity Regulations Impacting Financial Services Organizations Doing Business in New York State--NYDFS 23 NYCRR 500 (PRNewswire) 60% of respondents believe that NYDFS 23 NYCRR 500 will be more difficult to comply with than SOX or PCI
Litigation, Investigation, and Enforcement
Iranian MP threatens to impeach intelligence minister (Al-Monitor) An Iranian parliamentarian has threatened to begin impeachment procedures against the intelligence minister if he is not forthcoming about recent arrests of activists using Telegram.
Comey Confirms Probe of Possible Trump-Russia Links (BankInfo Security) Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald
Analysis | Six big takeaways from Congress’s extraordinary hearing on Russia, President Trump and wiretapping (Washington Post) Honestly, the whole wiretapping was a sidebar to two other big questions: Did Trump associates collude with Russia, and who has been leaking intelligence to the press?
NSA knocks down White House claim of British spying (Fifth Domain | Cyber) Earlier this month, White House Press Secretary Sean Spicer referred to unsubstantiated allegations made by a Fox News analyst that GCHQ, the British electronic intelligence agency, had helped Obama wiretap Trump.
NSA Chief Rogers: Flynn Leaks ‘Hurt’ National Security (Washington Free Beacon) Adm. Michael Rogers, director of the National Security Agency, said Monday that the intelligence leaks of Michael Flynn's discussions with the Russian ambassador to the U.S.
Inside the Hunt for Russia’s Most Notorious Hacker (WIRED) Slavik was like a phantom, stealing money from US banks—and information for Russia's FSB
Man jailed indefinitely for refusing to decrypt hard drives loses appeal (Ars Technica) “Our client has now been in custody for almost 18 months,” defense attorney says.
Sweeping dragnet search warrant given the go-ahead by judge (Naked Security) Google says it will always ‘push back’ when asked for ‘excessively broad requests for data’
In New York, data breaches shot up 60% last year (TechCrunch) On Tuesday, the office of New York State Attorney General Eric T. Schneiderman released a summary of the year 2016 in data breaches. Collecting any breach..
Seizure-inducing tweet leads to a new kind of prosecution for a new era (Maryland Daily Record) The arrest last week of a Salisbury man accused of giving a well-known journalist a seizure by sending him a flashing image online represents a new kind of prosecution for a new kind of crime. The …
Hacking Tools Get Peer Reviewed, Too (The Atlantic) A government-led effort paves the way for data extracted from electronic devices to be accepted as evidence in court.
StrikeForce Sues Gemalto, Vasco, Entrust & SecureAuth for Patent Infringement (NASDAQ.com) StrikeForce Technologies, Inc. (OTC PINK:SFOR) announced today that it has filed patent infringement lawsuits in U.S. District Courts this week against Gemalto, Inc.; Vasco Data Security; Entrust Datacard; and SecureAuth Corporation.
SystmOne creator hits back in row over patient records 'enhanced data sharing' claims (Computing) 'TPP unaware of any prosecution of a SystmOne user for sharing records in this way,' claims company behind SystmOne,
Darknet Drug Dealer Caught After Offline Mistakes (Infosecurity Magazine) Darknet Drug Dealer Caught After Offline Mistakes. Investigators pounce after postal workers raise alarm
Industry Events
newly Noted Events
Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.
Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.
upcoming Events
Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.
European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants, senior engineers and more. Join us to hear from a range of European utility companies present what their strategic programmes are doing regarding cyber security. As well as discuss how communication issues between IT and OT departments can be overcome and learn how to make your company compliant.
Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their cutting-edge technologies; thwarted cyber criminals with their outstanding cybersecurity services; demonstrated exemplary knowledge, expertise, leadership and innovative thinking; or made a significant contribution to Maryland’s cybersecurity ecosystem.
Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community efforts demonstrating cyber defenses art-of-the-possible, through automation and interoperability. Learn how to dramatically change the timeline and effectiveness of cyber defenses, increase community awareness and defensive capabilities. Free event, registration requested.
SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test Austin is all about! If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys, all the while providing real business value to your organization, then this event is exactly what you need.
cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge. This was achieved by creating a prototype solution for the extraction of forensics artifacts from SSL/TLS encrypted packets between a software defined networking (SDN) switch and controller as well as a memory dump from the SDN switch. Mr. Bull and Mr. McAlister of Booz Allen Hamilton will articulate the steps which enabled the team to forensically enumerate the SDN network using only open source tools.
IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.
PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Middle East and Africa Forum (MEAF).
Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical security considerations. A heightened awareness of insider threats due to numerous newsworthy attacks and unauthorized leaks has brought us together for one main purpose: To better understand security challenges in order to better defend against insider threats.
2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building. NOTE: Attendees must be citizens of the U.S. or allied nations to attend this event. The summit, which will attract senior influencers in cybersecurity from allied nations across the world, has as its theme: Protecting Critical Infrastructure in a Connected World.
Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge partner, the Forum will integrate McKinsey’s extensive knowledge of best practices in cybersecurity with Yale’s scholarly expertise. The Forum will expose participants to effective approaches to recognizing, preparing for, preventing, and responding to cyber threats.
WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.
GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding the development, implementation, management and use of information technology for mission-critical functions.
InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include creating solutions. The organizers bill it as a training conference.
Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Atlanta is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando, Florida from April 7-14. This event features over 40 different cutting-edge courses taught by top industry professionals who will provide you with the best available information and software security training. SANS 2017 also features numerous opportunities to learn new skills, techniques, and trends at the SANS@Night talks, Vendor Expo, and Lunch-and-Learn sessions. You will hear about the latest and most important issues in talks led by SANS practitioners who are leading the global conversation on cybersecurity.
Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence Executive (NCIX) Bill Evanina. The presentation of a new paper from INSA’s Security Policy Reform Council, “Assessing the Mind of the Malicious Insider,” which discusses the psychological traits and stressors that lead to malicious behavior and identifies continuous evaluation methodologies that can provide early warning of destructive acts. A review of best practices in implementing insider threat programs in the public and private sectors. An assessment of the risks to key supply chains and the prospects of delivering goods uncompromised. A discussion of the greatly overlooked long-term impacts of the 2015 theft of OPM personnel data.
Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture the Flag competition, technology exhibition with hackerspaces, lock picking villages and hardware related exhibits plus a free-to-attend track of 30 and 60 minute talks!
Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.
SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.
Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances
Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.
SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.