The CyberWire Daily Briefing 4.12.17

Summary

By The CyberWire Staff

Several NATO and EU partners—specifically the UK, the US, France, Germany, Sweden, Poland, Finland, Latvia, and Lithuania—have agreed to establish a joint information operations center in Finland. The Helsinki center is aimed against Russian influence operations especially against the prospect that such operations will play a malign role in future elections.

The new center recognizes the seriousness of propaganda, especially given its technology-enabled increased reach and rapid spread. It also suggests recognition that aggressive information operations (see, for example, RT's coverage of the alleged Kelihos botmaster, in which the Russian state-aligned service claims the suspect was behind last year's DNC hacks) are usually best addressed by informational means. Former US DCI and DirNSA Hayden cautioned members of Congress against calling election hacking an "act of war." Not all hostile acts necessarily constitute casus belli.

Researchers continue to pick over WikiLeaks' last Vault 7 round, connecting the tools noted therein to the Longhorn campaigns.

Hacker House looks at the ShadowBrokers' latest leaks and concludes they suggest the existence of tools to root- Oracle/Sun Solaris Unix servers.

Microsoft yesterday issued fixes for the Office zero days that have been much discussed over the past week. At least three of the bugs are being actively exploited in the wild, which should lend urgency to the patching. Netskope reports that one of the vulnerabilities is being exploited by the Godzilla botnet, and the resurgence of Dridex via Word zero-days has been widely reported as well.

Adobe and SAP have also published patches.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Azerbaijan, Brazil, Canada, China, European Union, Finland, France, Germany, Iraq, Latvia, Lithuania, NATO/OTAN, Netherlands, New Zealand, Nigeria, Poland, Russia, Sweden, Syria, United Kingdom, and United States.

A note to our readers: You may find Recorded Future's new weekly podcast on threat intelligence (produced in partnership with the CyberWire) worth subscribing to; you'll find it here.

On the Podcast

In today's podcast we again hear from our partners at Terbium Labs, as Director of Analysis Emily Wilson shares insights into the Dark Web ecosystem. [Correction, 4.12.17: there will be no additional guest in today's podcast.]

Sponsored Events

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Hear stories of triumph and tribulation, advice and inspiration from some of Maryland’s diverse and dynamic female cybersecurity professionals. Join us in-person for this free event or register to view the live stream online.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Shadow Brokers' malware release includes Oracle Solaris administrator-access security flaw (Computing) US National Security Agency had 'skeleton keys' to any Oracle/Sun Solaris system for decades

Hacking tools in Vault 7 data dump linked to prolific cyber espionage group (Help Net Security) Symantec has tied hacking tools from WikiLeaks' Vault 7 documents to "Longhorn," a cyber espionage group whose activity they have been following for years.

Symantec claims first evidence of Vault 7 tools being used in the wild by cyber-espionage group (V3) US-based group Longhorn using spying tools in cyber attacks against targets in at least 16 countries

Security firm links CIA leaks to series of past attacks (TheHill) The security firm Symantec believes it observed one of the hacking tools described in the CIA WikiLeaks files in attacks dating back to 2011.

Suspected CIA malware references 'Star Trek,' anime (TheHill) A new report from a cybersecurity firm provides new insights into malware linked to the CIA, including an odd list of internal references to pop culture ranging from carnival foods to obscure video games.

Latest Microsoft Office Zero-day Served via Godzilla Botnet (Netskope) Netskope Threat Research Labs has discovered that the latest Microsoft Office zero-day vulnerability is linked to the Godzilla botnet loader discussed in our recent blog.

Brazilian Malware Never Sleeps: Meet EmbusteBot (Security Intelligence) IBM Research — Haifa Labs detected yet another malware campaign, dubbed EmbusteBot, designed to target dozens of financial institutions in Brazil.

Pwned at the factory: attackers think outside the box (Naked Security) There are steps you can take to avoid ending up with a device that’s been compromised even before you’ve started up your new phone, but nothing can guarantee you’ll get a clean de…

Critical Vulnerability Puts ICS Security at Risk (Security Intelligence) A new potential problem for ICS security stems from CODESYS, a hardware-independent middleware layer for programming IIoT and ICS devices.

Tired: Stealing Data. Wired: Holding a Dam for Ransom (Defense One) The spread of ransomware means government and critical infrastructure providers need to start gaming out responses, cyber watchers say.

New report examines the weaknesses of industrial environments (CSO Online) A new report from FireEye examines the attack surfaces shared by a number of industrial enterprise operations, including electric utilities, petroleum companies, and manufacturing organizations. The six weaknesses outlined by FireEye center on protocols, hardware, authentication, relationships, fine integrity, and operating systems.

Exploit revealed for remote root access vulnerability affecting many router models (Help Net Security) It's difficult to tell how many devices are still vulnerable, but users rarely update their router's firmware, so there are bound to be still many of them.

2.5 Million IoT Devices Affected by Mirai Botnet in Q4 2016: McAfee (NDTV Gadgets360.com) Two and a half million Internet of Things (IoT) devices were infected by Mirai botnet by the end of fourth quarter last year, a new report by cyber-security company McAfee said on Tuesday.

New malware gives CCTV DVRs amnesia (iTWire) Palo Alto's Unit 42 has identified a new variant of the IoT/Linux botnet "Tsunami" dubbed "Amnesia" that targets commercial...

New malware targets IoT devices running Linux (Internet of Business) IT security researchers have uncovered a new strain of malware that targets digital video recorders, turning them into part of a botnet.

Hacked Dallas sirens get extra encryption to fend off future attacks (CSO Online) Dallas city officials have added extra encryption to bolster the security of outdoor warning sirens hacked early Saturday.

How fraudsters stole millions with the help of a legitimate online tool (Help Net Security) Identity thieves have managed to steal $30 million from the US IRS by using an online tool designed to help students fill out financial aid applications.

Malspam on 2017-04-11 pushes yet another ransomware variant (SANS Internet Storm Center) I ran across some interesting malicious spam (malspam) on Tuesday morning 2017-04-11. At first, I thought it had limited distribution. Later I found several other examples, and they were distributing yet another ransomware variant. I personally haven't run across this paricular ransomware until now.

Unsecured database exposed diabetics’ sensitive data (Naked Security) Close to a million records belonging to senior citizens in the US were exposed – and since deleted – but included details such as health insurance providers and medical issues

Patient files so far okay after ECMC cyber attack (WIVB) With the medical center’s computer network still offline, ECMC is conducting business the old fashioned way, on paper—no website, no email

Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware (Healthcare Informatics) Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware, according to security researchers at Forcepoint Security Labs.

Personal info at risk as cyber crooks target school districts (Beaumont Enterprise) School districts across the country have become frequent targets of ransomware attacks. At least two Southeast Texas districts have been hit in the past year. Educational networks are often vulnerable because they have so many entry points, store large amounts of personal data and often can't afford to build a strong enough security system, said Michael Kaiser, executive director for the National Cyber Security Alliance.

Insider hacks Marriott hotel reservation system; slashes rates up to 95% (HackRead) You may have heard about the Robinhood hacker “Hack Back!” who stole $10,000 in Bitcoins and donated it to a Kurdish Group last year. He claimed he did it

Inmates hid self-built PCs in the ceiling and connected them to prison network (The State of Security) Inmates in built computers from PCs they were supposed to be dismantling for recycling, hid them in the ceiling, and connected them to the prison network.

Security Patches, Mitigations, and Software Updates

Microsoft’s New Look Patch Tuesday Fixes 46 Bugs (Infosecurity Magazine) Microsoft’s New Look Patch Tuesday Fixes 46 Bugs. Fourteen critical CVEs are patched, including two zero-days

Critical Word 0-day is only 1 of 3 Microsoft bugs under attack (Ars Technica) In-the-wild exploits bring additional urgency to this month's update routine.

Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop (Threatpost) Adobe patched 59 vulnerabilities across five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App on Tuesday.

SAP releases 27 Security Notes with most severe security flaw rated at 9.4 (Computing) Five SAP Security Notes rated high priority by ERPScan

Goodbye Windows Vista: Microsoft's unloved operating system finally reaches the end of the road (ZDNet) It's time to move on, says Microsoft.

Cyber Trends

How to manage the computer-security threat (The Economist) The incentives for software firms to take security seriously are too weak

InfoSec pros feel less external pressure, take security more personally (CSO Online) Security professionals are feeling less pressure from management, less pressure to approve IT projects early, and are less worried about emerging technologies, according to a survey released this morning. But they are also putting more pressures on themselves.

2017 Security Pressures Report (Trustwave) Virtually all workers face some level of adversity and affliction at their jobs. But IT and security professionals experience it on a whole different level thanks to the rapidly evolving and consequential nature of their occupation.

Adoption and Validation of BRI Increases in Q1 2017 (Flashpoint) At the close of 2016, I stated that 2017 will be the Year of Business Risk Intelligence. I’m pleased that our Q1 progress has demonstrated this to be true.

Cybersecurity: To automate or not to automate? (Help Net Security) The automated processes will aid IT security functions that range from assisting security personnel to streamlining security alerts to system optimization.

Marketplace

Share Price Tumbles 1.8% After Serious Breach – Report (Infosecurity Magazine) Share Price Tumbles 1.8% After Serious Breach – Report. CGI claims FTSE100 firms could be down £120m on average

Why the Pentagon wants people to hack it (CNNMoney) New bug bounty programs are finding flaws in mission-critical systems.

HackerOne To Reward Nintendo Switch Security Exploit Discovery - Nintendo Insider (Nintendo Insider) It was late last year that Nintendo had first teamed up with HackerOne, a vulnerability coordination and bug bounty platform created by security leaders fr

HackerEarth raises $4.5M to bring ‘hacker culture’ into corporate companies (TechCrunch) HackerEarth, an Indian startup that grew from arranging hackthon to offering corporate innovation services, has closed a $4.5 million Series A funding round...

Cisco: More Upsides For The Right Reasons (Seeking Alpha) Gains from IoT-driven tech are set to rewrite the narrative of Cisco's long-term valuation. The Street will gain from holding on to elevated valuation multiples

Security is the holy grail for partners says Cisco exec (Computer Dealer News) Channel partners have an opportunity to see very good profits because they are needed more than ever in security, said Cisco Systems

Why Google is Tough on Symantec (Market Realist) Google has problems with the manner in which Symantec (SYMC), an Internet security provider, handles website security certifications.

Products, Services, and Solutions

NSS Labs Announces Web Application Firewall Group Test Results (NSS Labs) NSS Labs, Inc., the global leader in operationalizing cybersecurity, today announced the results of its second Web Application Firewall (WAF) Group Test. A growing segment of the security market, WAFs employ a wide range of functions to work in conjunction with perimeter firewalls and intrusion prevention system (IPS) technologies to provide protection specifically for web applications. Of the five market-leading WAF vendors whose products had results published today, four products received a Recommended rating, while one product received a Caution rating.

NSS Labs 2017 WAF Group Test (NSS Labs) NSS' 2017 Web Application Firewall (WAF) Group Test evaluated five market-leading WAF products on security effectiveness, performance, and total cost of ownership (TCO). Four of the five tested products achieved NSS Recommended ratings and one received a Caution rating.

Venafi Announces Venafi Technology Network (Venafi) The Venafi Technology Partner Network brings together the leading machine identity protection platform with security, application performance, DevOps, and cloud technologies.

SparkPost Achieves SOC 2 Type 1 Certification (PRNewswire) SparkPost, the most performant cloud email delivery service available,...

VMware's new vSAN 6.6 first to include native hyperconverged infrastructure security (CRN Australia) Increased security and performance.

RapidScale Launches Unified Security Management as Part of Its CloudSecurity Offerings (IT Business Net) RapidScale, a leader in managed cloud services, has launched a new CloudSecurity offering powered by AlienVault® Unified Security Management.

Rapid7 Defines Next-Generation Analytics Platform for Security and IT Professionals (GlobeNewswire News Room) Rapid7 Insight platform is the first cloud-based platform to combine vulnerability management, user behavior analytics-powered SIEM, IT log analytics, and application security data

Imperva PartnerSphere Channel Program Awarded 5-Star Rating in CRN’s 2017 Partner Program Guide (BusinessWire) Imperva announced that CRN has given it a 5-Star rating in the CRN 2017 Partner Program Guide while its leaders were honored as Channel Chiefs.

Hacker-Based Cyber Defense Increases Healthcare Data Security (HITInfrastructure) New investment in Synack's hacker-based security platform allows the company to expand their offering for better healthcare data security.

Fight firewall sprawl with AlgoSec, Tufin, Skybox suites (Network World) These three security policy management toolsets deliver orchestration and automation.

Connect Financial Software Solutions and SnoopWall Partner to Secure Credit Unions and Their Mobile Apps Against the Latest Threats (PRNewswire) SnoopWall, Inc., the global leader in breach prevention, in partnership...

Technologies, Techniques, and Standards

Global Regulatory Outlook 2017 (Duff & Phelps) Opinions on global financial services regulation and industry developments for the year ahead

FCA opens investigation into the potential for blockchain in financial services (Computing) FCA looking for answers over the question of blockchain and distributed ledger technology in financial services

DP17/3: Discussion Paper on distributed ledger technology (FCA) We are launching a discussion to start a dialogue on the potential for future development of distributed ledger technology (DLT) in the markets we regulate. We are particularly interested to explore where the balance of risk and opportunities may lie in relation to DLT.

OWASP Top 10 Update: Long Overdue Or Same-Old, Same-Old? (Dark Reading) The industry benchmark list is about to change for the first time in four years, but barring a few important changes, it looks a lot like it always has.

WhiteSpace Alliance Publishes Testing Format for Wi-FAR Certification (PRWeb) Specification defines compliance testing for TV white space interoperability

Overcoming the Rise of IoT-Based Botnets (Infosecurity Magazine) Mirai turned out to be the perfect catalyst for harnessing more CPU and bandwidth from the most unassuming devices on a massive scale.

Understanding the actor in the cyber threat landscape (Information Age) In an increasingly vulnerable world the need for a proactive approach to cyber security - focusing on the actor - is required

Detecting insider threats is easier than you think (CSO Online) Security experts weigh in on stopping the danger from your own employees. Access and security awareness training are the main themes to finding the danger that is within your own walls.

Blanket Deployment of Intelligence is Counterproductive (ThreatQuotient) The ThreatQ platform offers a two-step resolution through our new scoring feature. It starts by properly scoring intelligence for your environment, which I’ve discussed in detail in multiple blogs and in a new whitepaper.

Website owners urged to adopt new HTTPS certificate checking options (Computing) Certificate authorities and browser makers vote to make new certification checks mandator

Lockheed Holds Classified War Game To Test Multi-Domain Concepts (Breaking Defense) Lockheed Martin views the multi-domain warfare concept as so important it is funding and holding a series of classified war games to explore strategies, Concepts of Operation and weapons to see how they might perform taking on an A2/AD opponent. The second game begins today and ends Thursday.

Pasadena’s Parsons Hosts Cyber Defense Exercise Supporting the National Security Agency (Pasadena Business Now) Parsons — a major national technology-driven engineering services firm with expertise in physical and cybersecurity, intelligence, infrastructure and environment, and logistics and training based in Old Pasadena — has announced it will host a 5-day (April 10 – 14) “information assurance exercise” at its cyber center.

La. National Guard trains with local power company on cyber defense (KALB) Disaster Response Exercise includes cyber operations

Legislation, Policy and Regulation

Johnson stung over sanctions against Russia (Times (London)) Boris Johnson was left embarrassed last night after his demands for fresh sanctions against Russia over its backing for President Assad of Syria were publicly rebuffed by European allies. The final...

US, Europe partner to counter 'fake news' and cyberattacks (ZDNet) The center will be headquartered in Finland next to neighboring Russia, which stands accused of launching so-called "hybrid" attacks, such as the spreading of fake news.

EU, NATO countries kick off center to counter 'hybrid' threats (Defense News) The center will be based in Helsinki and will form a network of experts for the participating countries.

Europe and U.S. Move to Fight Russian Hybrid Warfare (Foreign Policy) A new center to counter hybrid threats inches Finland and Sweden closer to NATO in everything but name.

Former CIA director: Don’t call Russian election hacking ‘act of war’ (TheHill) Former CIA director Michael Hayden says Democrats and others are wrong to describe Russia’s hacking campaign to influence the presidential election as an “act of war.”

Trump's intelligence doubts parroted by Russia (Military Times) President Donald Trump's frequent questioning about the integrity of his spy agencies is coming back to haunt him.

To Defeat ISIS, Cooperation Is Key (Foreign Affairs) Despite politically driven rhetoric touting the virtues of “going it alone” in foreign policy, cooperation with other nations remains essential to countering ISIS and the greater problem of terrorism.

Azerbaijan: State and Dissidents Acquire New Weapons for Cyber War (EurasiaNet.org) The Azerbaijani government appears to have taken yet another step to quash online opposition media in the country, who have responded by using a technique borrowed from Chinese dissidents in their esc

Govt cyber attack unit launched (Radio New Zealand) The government has launched its new $22 million unit to help New Zealanders who fall victim to cyber attacks.

Budget woes hinder US cybersecurity buildup (TheHill) Experts and officials are warning of the negative effects that another stopgap funding bill would have.

Senate panel advances small business cybersecurity bill (TheHill) Bill would require federal institute to give cyber resources to small businesses.

"Cyber-Ninja Force" Being Developed to Protect Energy, Gas Grid (RealClearEnergy) Protecting the U.S. electrical grid and the gas pipeline system from cyberattacks has drawn increased attention from Congress as the threats to infrastructure become more prevalent...

Is it time for a U.S. (cyber) health service? (GCN) IT managers can improve data security by taking a page from how the health care community prevents, tracks down and resolves public health problems.

“Unenforceable”: How voluntary net neutrality lets ISPs call the shots (Ars Technica) Pai's plan would "tilt everything in favor of the incumbents," regulator says.

How an Airline Tragedy Brought GPS to the Masses (Motherboard) The Soviet shootdown of Korean Air Lines Flight 007 in 1983 spurred Ronald Reagan to open the US military’s satellite-based Global Positioning System for civilian use.

Litigation, Investigation, and Enforcement

Brexit voter registration website crash could have been a DDoS, says report (TechCrunch) A government voter registration website in the UK that crashed in the hours before the deadline for registering to vote ahead of last year's Brexit referendum..

FBI obtained FISA warrant to monitor Trump adviser Carter Page (Washington Post) The Justice Department and the FBI convinced a judge of probable cause to believe Page was suspected of acting on Russia’s behalf.

Record ZTE fine spotlights weak links in supply chain (FCW) The record $1.19 billion fine imposed on a Chinese telecommunications firm in March for violating U.S. sanctions against Iran and North Korea is worth keeping in mind as dangers to supply chain security mount, said top U.S. counterintelligence official.

U.S. Lawmakers Push to Widen Iran Sanctions Probe Beyond China's ZTE (Yahoo! Finance) A group of Republican lawmakers is pushing the Trump administration to investigate and unmask a company that may have violated Iran sanctions laws in the same way as Chinese mobile-phone maker ZTE Corp....

Spion soll Informationen an Chinesen verkauft haben (Wirtschafts Woche) Ein Siemens-Mitarbeiter soll Informationen aus der Energiesparte des Unternehmens an Chinesen verkauft haben. Den Hinweis dazu erhielt das Unternehmen über das interne Whistleblower-System.

Europol and Brazil agree co-operation on cyber crime (ComputerWeekly) Brazil, which has a significant and growing cyber crime problem both as the target of international attacks and the source of regional attacks, is set to work more closely with Europol to fight cross-border crime

Alleged Yahoo Email Hacker Denied Bail in Canada (Dark Reading) Karim Baratov awaits extradition hearing, likely on June 12.

EU to release findings of investigations into Yahoo security breaches 'soon' (Computing) Findings of investigation by data protection authorities due imminently

Fake News at Work in Spam Kingpin’s Arrest? (KrebsOnSecurity) Over the past several days, many Western news media outlets have predictably devoured thinly-sourced reporting from a Russian publication that the arrest last week of a Russian spam kingpin in Spain was related to hacking attacks linked to last year’s U.S. election.

Kelihos/Waledac: US law enforcement hits botnet with major takedown (Symantec Security Response) Alleged botnet operator arrested in Spain, faces multiple charges in the US.

How the FBI Took Down Russia’s Spam King—And His Massive Botnet (WIRED) The arrest of Peter Yuryevich Levashov notches another win for the FBI's top cyber talent.

Operation Casper Shuts Down Massive Premier League Piracy Ring (Infosecurity Magazine) Europol arrested eight people for the illegal distribution of 1,000 pay-TV channels across two ISPs.

Nigerian Citizen Arrested for Alleged Tax Fraud (Dark Reading) Olusola Luke and accomplices allegedly committed identity theft to steal over $734,000 in tax refunds.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security Chicago (Chicago, Illinois, US, October 18 - 19, 2017) Cyber Security Chicago offers invaluable security insight for both IT managers & security decision makers. Hear from industry experts on how you can build stronger defenses against cyber-attacks & how to recover if your systems are breached.

upcoming Events

cybergamut Technical Tuesday – 18 April 2017 – Operationalizing Deception for Advanced Breach Detection by Joe Carson of TrapX Security (Elkridge, Maryland, USA, April 18, 2017) Organizations continue to struggle with visibility of lateral movement inside their networks. When prevention technologies fail to stop the initial breach, an independent network based technology is needed to provide this visibility. Operationalizing deception as part of an organization’s overall cyber defense provides exemplary early breach detection when preventative controls fail. It is a well-known adage that the defender must be right 100% of the time and the attacker must be right only once. When deception is deployed throughout an organization, now the attacker must be right 100% of the time. This session will discuss the different aspects of deception, and how they are applied. It will show the value of establishing a deception strategy that approaches it holistically. The event will be available at Elkridge and Calverton, Maryland, Middletown, New Jersey, and other cybergamut nodes.

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront of a global stage. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security and Privacy practices. Join your Information Security, Legal and Privacy leadership peers to discuss timely issues in these areas.

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the worldwide community’s increasing interconnectivity in this domain.Drawing on the experience of government practitioners, industry representatives and academic scholars, this event brings a multidisciplinary and international approach to the challenges in cyberspace from technical, corporate, legal, and policy perspectives in both the United States domestic and international realms – with several topics targeting private sector interests.

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

NATO members and non-NATO European partners establish info ops center in Helsinki to counter Russian influence ops. Researchers review Vault 7 and ShadowBrokers' dumps. Microsoft, SAP, and Adobe patch.