The CyberWire Daily Briefing 4.19.17

Summary

By The CyberWire Staff

Industry continues to pore over last Friday's ShadowBrokers' leaks, which the Brokers claim disclose NSA hacking tools. Consensus holds that some of the attack code does indeed represent a threat, as its now open to hacker use in the wild. Some observers think the incident should prompt re-evaluation of the US Intelligence Community's Vulnerabilities Equity Process: if the leaks are genuine, they argue, there's no safe place to keep zero-days. But it would seem quixotic to expect intelligence services anywhere to foreswear productive collection techniques, even in the cause of herd immunity. Rapid7 advises patching, and thinking hard about securing end-of-life systems you can't do without.

Where the ShadowBrokers got their wares remains unknown (the same might be said for WikiLeaks and Vault 7). Presumably investigation is underway.

In cybercrime news, the hoods behind the BankBot financial malware continue to find ways of getting Trojanized apps into Google's PlayStore.

Check Point warns that pixel-tracking, a familiar marketing tool used to track email opens, is being exploited by criminals performing target reconnaissance to improve their phishing success.

Two weeks ago Radware described BrickerBot, a misguided vigilante attempt to permanently kill poorly secured IoT devices. There's now apparently another vigilante working the Internet-of-things, the Hajime botnet, initially seen as simply a Mirai competitor with an obscure purpose. Hajime now looks like more vigilante coding, less destructive than BrickerBot, but arguably still misguided.

Oracle releases 299 patches, a record for the company. Among the problems addressed is the Solaris vulnerability the ShadowBrokers disclosed.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Australia, China, Indonesia, Democratic Peoples Republic of Korea, Nigeria, Russia, Syria, United Kingdom, United States

On the Podcast

In today's podcast, we hear from our partners at Lancaster University, as Awais Rashid describes the challenges of assembling a cyber security body of knowledge. We also speak with a guest, Greg Reber from AsTech, who takes us through the issues surrounding due diligence during mergers and acquisitions.

Sponsored Events

Hacker Secrets Revealed: 5 Security Mistakes to Avoid (Webinar, April 27, 2017) Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

The Shadow Brokers Leaked Exploits Explained (Rapid 7) The Rapid7 team has been busy evaluating the threats posed by last Friday’s Shadow Broker exploit and tool release and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked questions.

Five reasons to worry about the ShadowBrokers hack (TheHill) WikiLeaks is getting headlines with its CIA documents, but leaks from the ShadowBrokers on possible National Security Agency hacking tools may be far more consequential.

Shadow Brokers latest leak a gold mine for both criminals and researchers (Cyberscoop) Security researchers are learning how the NSA operates while criminals are starting to take the tools for a spin on the open web.

How Spy Agency Hackers Pose As – Anybody (The Cipher Brief) A false flag operation – pretending to be someone else while conducting spycraft or warfare – is an age-old tactic. With the advent of cyber espionage and digital warfare, those maneuvering in the virtual domain can use false flags.

BankBot Trojan found lurking on Google Play (Help Net Security) The crooks behind the BankBot Trojan are repeatedly succeeding in making Trojanized apps available for download on Google Play.

Email Tracking Pixels Used for Pre-Hack Info Gathering (BleepingComputer) A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks.

Of Pigs and Malware: Examining a Possible Member of the Winnti Group (TrendLabs Security Intelligence Blog) In one of our previous blog entries, we covered how the threat actor known as Winnti was using GitHub to spread malware – a development that shows how the group is starting to evolve and use new attack methods beyond their previous tactics involving targeted attacks against gaming, pharmaceutical, and telecommunications companies.

Vigilante botnet infects IoT devices before blackhats can hijack them (Ars Technica) Hajime battles with Mirai for control over the Internet of poorly secured things.

Hajime IoT worm infects devices to head off Mirai (Help Net Security) Individuals who should not interfere with IoT devices have taken it upon themselves to do so, in an attempt to secure them before other malware takes hold.

Internet routing weakness could cost Bitcoin users (Naked Security) A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find.

Magento Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) (Defense Code) During the security audit of Magento Community Edition high risk vulnerability was discovered that could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information. The main attack vector uses an additional Cross Site Request Forgery vulnerability.

Code Tutorials Spread Application Flaws Far and Wide (The Security Ledger) In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code…

Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts (BleepingComputer) Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about.

Job seekers on ZipRecruiter being targeted by scams via email and text (CSO Online) Right now, thousands of people are looking for a new job online. Some of them just want a change, but others are looking for a stable income to support themselves and their families. Scammers are targeting job seekers with precision, often making contact instantly after the victim submits and application or receives a notification from a prospective employer.

Beware bogus emails from LinkedIn asking for your CV! (HOTforSecurity) LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trick job seekers into sharing their personal details. Scammers have spammed out email messages posing as communications from LinkedIn...

I'm a Victim of Tax Season Cybercrime (Motherboard) And we are all victims of our unnecessarily convoluted tax system.

Hunting for Malicious Excel Sheets (SANS Internet Storm Center) Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file. The Excel file looked classic, asking the user to enable macros...

Breaking: Voters’ personal data at risk in Cobb theft (Atlanta Journal-Constitution) As voters head to the polls in Georgia's special election, officials are investigating theft of voting equipment from a Cobb County precinct manager's car.

Researchers develop synthetic skeleton keys for fingerprint sensors (Naked Security) Your fingerprint doesn’t match anyone else’s but parts of it might, and that could be enough

Burger King triggers Google Home devices with TV ad (Naked Security) Inventive users took their revenge via Wikipedia

RawPOS: New Behavior Risks Identity Theft - TrendLabs Security Intelligence Blog (TrendLabs Security Intelligence Blog) Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent, new behavior from the malware puts its victims at greater risk via potential identity theft. Specifically, this new behavior involves RawPOS stealing the driver’s license information from the user to aid in the threat group’s malicious activities.

IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels (Threatpost) InterContinental Hotels Group said on Friday that it found malware designed to access payment card data at more than 1,000 of its hotels.

Foodie social network Allrecipes warns that someone stole users' email addresses and passwords (Graham Cluley) Allrecipes, the self-described "food-focused social network", has sent an email out to some of its users warning that their email addresses and passwords may have been intercepted by an unknown third-party.

Cyber attack would leave East Coast dazed, Energy Dept. says (Washington Examiner) Power could be out for three weeks, leading to widespread problems, report says.

Nigeria not immune to cyber threat - CSEAN (The Nation Nigeria) Warns of imminent cyber-attack on banks Cyber Security Experts Association of Nigeria (CSEAN) has warned that the country is currently vulnerable to cyber-attacks. CSEAN President, Remi Afon stated in Abuja that corporate organisations and government establishments have refused to realise and prepare for imminent dangers of cyber threats. He stated that cyber-attacks were becoming moreRead More

At $175, this ransomware service is a boon to cybercriminals (CSO Online) Cybercriminals can engage in more ransomware attacks, thanks to a new variant called Karmen that hackers can buy on the black market for $175.

Advanced, Low-Cost Ransomware Tools on the Rise (Dark Reading) New offerings cost as little as $175 and come with lots of anti-detection bells and whistles.

Report: Cybercriminals prefer Skype, Jabber, and ICQ (CSO Online) The most popular instant messaging platforms with cyber criminals are Skype, Jabber and ICQ, according to a new report released this morning. Meanwhile, consumer-grade platforms like AOL Instant Messenger and Yahoo IM have fallen out of favor, while newer, more secure consumer oriented platforms like Telegram and WhatsApp are also gaining popularity.

Security Patches, Mitigations, and Software Updates

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities (Threatpost) Oracle released a record 299 patches, including a fix for a Solaris vulnerability disclosed by the ShadowBrokers, and another for the recently disclosed Apache Struts 2 flaw.

Oracle drops 299-patch security update - 25 of them rated 10 out of 10 by CVSS (Computing) Shadow Brokers, the NSA and others have kept Oracle busy this year

Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps (Threatpost) At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.

Bitdefender Mobile Security Announces End of Updates for Android 3.0 (Bitdefender) Bitdefender to focus staffing, resources on protecting newer versions

Cyber Trends

Time to Stop the Bad Cybersecurity Advice (Infosecurity Magazine) NCSC's Ian Levy took to the stage at CRESTCon & IISP Congress to discuss cybersecurity advice

SMEs Still Too Complacent About Cyber Attack (Forbes) Still not taking cyber security seriously? If you’re running a small and medium-sized enterprise, it might be tempting to think that attackers have bigger fish to fry – but you fall into this trap at your peril.

Big business and key agencies are now under ‘daily’ cyber attack (The Australian) Australia’s largest companies and key government agencies are under daily cyber attack, with 90 per cent of businesses and departments having been targeted for industrial espionage, hacking or security breaches in the past year.

Marketplace

Crypto-currencies like bitcoin surge in value - threefold increase since last year (Computing) Crypto market now worth same as AirBnB - and rising

Cybersecurity companies to watch (CSO Online) CBInsights created a list of startups that its metrics showed has early-to mid-stage high-momentum companies pioneering technology with the potential to transform cybersecurity.

Oracle acquires Dutch cloud start-up Wercker (Computing) Oracle promises to keep Wercker's community edition free

IBM i Into A Broader Security Web (IT Jungle) In the on-going war between cybercriminals and everybody else, there’s no place for lone wolfs. The strength of any individual company’s security is largely dependent on the collective posture of multiple groups of actors. Luckily for IBM i shops, there are defined paths to plug into the broader shield that’s constantly evolving to keep us

HMRC refuses to reveal how much it paid Capgemini and Accenture for Aspire contract extensions (Computing) Revealing the cost could 'undermine the commercial interests of both parties', claims HMRC

Network security vendor Tenable hires IT veteran Gordon Gakovic to drive ANZ (CRN Australia) Gordon Gakovic brings 25 years of experience to role.

BAE Systems’ Peder Jungck Named President of International Cyber Threat Intelligence Sharing Organization (Yahoo! Finance) BAE Systems’ Peder Jungck has been named president of the Information Technology - Information Sharing and Analysis Center , an influential not-for-profit organization composed of member companies dedicated to enhancing cyber security by sharing threat information and collaborating on effective mitigations

RedOwl names former CIA exec Mark Kelton to board (Bankless Times) Insider risk solutions provider RedOwl has named former Central Intelligence Agency (CIA) executive Mark Kelton to its board of advisors. Mr. Kelton will assist with the detection of insider threat…

Products, Services, and Solutions

LockPath Introduces Keylight Managed Services - LockPath.com (LockPath.com) LockPath, a leading provider of GRC solutions, announced the availability of a new professional services offering, Keylight Managed Services (KMS).

NSS Labs Announces Data Center Firewall Group Test Results (GlobeNewswire News Room) No Vendor Excelled in NSS Labs-Defined Data Center Test Scenarios

Fortinet extends security fabric automation across cloud environments (ETCIO.com) Fortinet launches CASB offering and expands on-demand cloud security solutions with unmatched performance for enterprises and service providers

root9B Announces Release of ORKOS 2.0 - Credential Risk Assessment and Remediation Solution (Yahoo! Finance) root9B, a root9B Holdings Inc. (NASDAQ: RTNB) company and leading provider of advanced cybersecurity products and services, today announced the May ...

Hacker-Based Cyber Defense Increases Healthcare Data Security (HITInfrastructure) New investment in Synack's hacker-based security platform allows the company to expand their offering for better healthcare data security.

CloudCheckr and Allgress Partner to Simplify Compliance for the AWS Cloud (Yahoo! Finance) CloudCheckr, the enterprise cloud management platform, today announced a partnership and integration with Allgress, the AWS-certified compliance platform, which provides compliance controls mapping for NIST 800-53, PCI DSS, HIPAA and other standards.

Guidance Software Selects Lastline to Speed CyberAttack Response Rates (Yahoo! Finance) Lastline, a leader in advanced threat protection, and Guidance Software, the makers of EnCase®, the gold standard in forensic security, today announced a strategic partnership and integration, strengthening ...

Leading Industrial Cyber Security Firm, Red Trident Inc, Named Siemens Solution Partner for Industrial Strength Networks (EIN) Experts in critical infrastructure cyber security, Red Trident becomes one of only six U.S. Solution Partners focused on Siemens Industrial Strength Networks

ThreadFix Platform Provides Application Security at DevOps Speed (Yahoo! Finance) Denim Group, the leading independent application security firm, today announced the release of the latest version of ThreadFix, the company’s application vulnerability resolution platform for developers and security professionals.

Sorting out the conflict between Google Chrome and Malwarebytes (Star Tribune) I frequently recommend the free Malwarebytes security program to clean PCs infected with viruses or other malicious software.

Technologies, Techniques, and Standards

Cylance denies providing fake malware samples (SC Magazine US) Security firm Cylance Tuesday disputed accusations that used fake malware that only its Protect product could detect to gain more favorable results over competitors during testing.

Time to Test for Yourself (Cylance) We believe public testing of anti-malware products is fundamentally flawed. Testing needs to change: we've been saying it for years. We are pushing for reforms that will result in fair testing methods, and true independent testing that will ultimately benefit users.

Cyber risk issues resonating in boardrooms (Help Net Security) The Cyentia Institute used surveys and interviews with corporate board members and CISOs to identify specific cyber risk issues resonating in boardrooms.

Why Brand Trumps Tech in C-Level Conversations (Dark Reading) Brand reputation, not technical tools, should be the focus of the CIO's conversations with board members about the importance of security.

CISO's, Board Members Have Widely Divergent Views on Cybersecurity (Dark Reading) Boards often want a lot more business-relevant reporting than CISOs provide, Focal Point Data Risk study shows.

How Top Security Execs are Doing More with Less (Dark Reading) Even the largest corporations aren't immune to the cybersecurity skills gap - an inside look at how they are coping and adjusting.

How Businesses Should Prepare for Australia’s New Mandatory Data Breach Notification Law (Palo Alto Networks Blog) Palo Alto Networks APAC CSO Sean Duca shares what actions your organization should be taking to prepare for Australia’s new mandatory data breach notification laws.

Venafi Study: Weak Cryptographic Security Controls Epidemic Among DevOps Teams (Venafi) According to Venafi's study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments.

The Need For Agile Risk Management (Cylance) The world of cybersecurity has changed. Today’s risk management leaders need agile defenses that quickly adapt to these new demands and stay ahead of attacks. A simple yet powerful framework, the 9 Box of Controls, allows people to better assess the value and impact of information security controls on an organization.

'Intrusion Suppression:' Transforming Castles into Prisons (Dark Reading) How building cybersecurity structures that decrease adversaries' dwell time can reduce the damage from a cyberattack.

Take Immediate Action to Avoid Infamous Security Breaches (Chargebacks911) Protect your customers—and your business—against hackers with these 9 data security tips and strategies.

To See or Not to See? It Shouldn't be a Question (Security Week) In today’s world, IT professionals may find themselves asking some tough questions about network visibility: How do we see the whole network? What tools do we need? How do we stay compliant? Although not life or death questions, hats off to Hamlet, they are important to ask for an organization’s security posture. This is especially true considering the rise in data and network complexity, coupled with concerns about privacy and security.

Stressing Over Stolen and Abused User Credentials? (Security Week) We live in a world where security operations professionals often find themselves fighting logs, not threats. They constantly worry that their organization’s defenses will be overrun and valuable data stolen or lost. In honor of Stress Awareness Month, we have an opportunity to reflect on ways to lower your operational burden, the chance of a breach and your stress levels by preventing the theft and abuse of valid user credentials.

The 3 ‘B's’ of cybersecurity [Commentary] (Fifth Domain | Cyber) Professor Scott Shackelford, cybersecurity program chair at Indiana University-Bloomington, on how more companies can boost their cybersecurity preparedness without breaking the bank.

The importance of creating a cyber security culture (Information Age) Creating a culture of cyber security is just as important as implementing the latest in security technology to protect an organisation

Network Firewalls: How to Protect Your Network from Unauthorized Access (eSecurity Planet) They lack the buzz of more recent security innovations, so network firewalls can be overlooked. Yet firewalls are an essential aspect of any security strategy. We cover the basics of network firewall technology and look at the latest in next-generation firewalls.

Design and Innovation

Will blockchain liability be similar to Bitcoin liability? (Help Net Security) Bitcoin and Blockchain are not one and the same. Bitcoin is a digital asset and payment system that runs on a public distributed ledger called a blockchain.

Research and Development

Princeton researchers discover why AI become racist and sexist (Ars Technica) Study of language bias has implications for AI as well as human cognition.

Academia

In Afghanistan, girls break cyber walls (Deutsche Welle) In former Taliban-ruled Afghanistan, many still believe a woman's place is in the home. But two Afghan sisters want to bring a digital revolution to their country by teaching girls how to code and use computers.

Legislation, Policy and Regulation

Criticism of Beijing’s North Korea Policy Comes From Unlikely Place: China (New York Times) A rare challenge by a well-known historian shows the renewed debate over China’s longstanding patronage of its unpredictable neighbor.

Meanwhile in China: Surveillance required on public Wi-Fi (Network World) Chinese authorities in Hebei force businesses and places that offer public Wi-Fi to install surveillance tech to record all users’ online activity or face fines and other sanctions.

Government Needs ‘Heavy Artillery’ for Cyberspace, DHS Chief Says (Nextgov) Plodding bureaucracy could leave government outgunned in cyberspace, Gen. John Kelly said in his first major address as secretary.

Trump's cybersecurity mystery: 90 days in, where's the plan? (ITworld) On Jan. 6, Donald Trump said his administration would produce a report on cybersecurity within 90 days after his inaguration. On Wednesday, President Trump marks his 90th day in office with no sign of a report or indication that one is on the way.

Armed forces looking to train more regulars, reservists and civilians in cyber security (Computing) 'We're extremely serious about cyber defence,' says head of training Brigadier Paul Buttery

Rhode Island hires first cybersecurity officer (The State) Gov. Gina Raimondo has appointed Rhode Island's first cybersecurity officer.

Litigation, Investigation, and Enforcement

Indonesian authorities hunt Islamic State operative’s cyber recruits (FDD's Long War Journal) On Mar. 30, the US Treasury Department designated Bahrun Naim, a senior Islamic State figure from Indonesia, as a terrorist. It was the latest in a series of US government designations targeting the self-declared caliphate's network in Southeast Asia. Naim absconded from his home and made his way to the self-declared caliphate's stronghold in northern Syria in either late 2014 or early 2015 -- just months after Abu Bakr al Baghdadi's followers declared him "Caliph Ibrahim." Naim, a computer guru who once worked at an internet café, had spent a short stint in prison after being convicted on illegal weapons charges in 2010. He developed a number of suspicious relationships with extremists, especially in his home city of Solo on the island of Java. Naim was also once a member of Hizbut Tahrir, which seeks to resurrect the Islamic caliphate, but abstains from overt acts of violence. According to Voice of America, a spokesman for Hizbut Tahrir claimed that Naim was expelled from the group

FBI Relied On Dossier To Obtain Surveillance Warrant On Trump Campaign Adviser (The Daily Caller) The FBI relied on information contained in an uncorroborated dossier compiled as part of a political opposition research campaign to obtain a federal surveillance warrant to monitor Carter Page, a for

Trump's claims about Susan Rice start to unravel (MSNBC) Donald Trump repeatedly accused Susan Rice of criminal wrongdoing. Those allegations now appear increasingly ridiculous.

Community Standards and Reporting (Facebook Newsroom) Update on April 18, 2017: Mark Zuckerberg, speaking at F8, Facebook’s developer conference said today, “We have a lot more to do here. We’re reminded of this this week by the tragedy in Cleveland. Our hearts go out to the family and friends of Robert Godwin Sr. We have a lot of work and we […]

Symantec Sues Zscaler For Seven Additional Patent Infringements Around Network Security Technologies (CRN) The lawsuit, disclosed Tuesday, alleges Zscaler infringed on seven of Symantec's patents and builds on an earlier patent infringement lawsuit the company filed in December.

The Latest: Man pleads guilty in cyberattack in Wisconsin (Star Tribune) The Latest on the change-of-plea hearing for an Arizona man accused of hacking into government websites (all times local):

Two members of ATM skimming ring plead guilty to bank fraud (Ars Technica) A total of 13 charged in PNC and Bank of America card-cloning scheme.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

upcoming Events

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail." This special program is designed to spotlight some of Maryland’s diverse and dynamic female cybersecurity professionals with stories of triumph and tribulation, advice and inspiration. Can't join us in person? Host a viewing party with your colleagues or fellow students, or tune in individually.

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront of a global stage. Response to data breaches are often coordinated through Legal departments to protect privilege. Increasing global regulations drives change to Information Security and Privacy practices. Join your Information Security, Legal and Privacy leadership peers to discuss timely issues in these areas.

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the worldwide community’s increasing interconnectivity in this domain.Drawing on the experience of government practitioners, industry representatives and academic scholars, this event brings a multidisciplinary and international approach to the challenges in cyberspace from technical, corporate, legal, and policy perspectives in both the United States domestic and international realms – with several topics targeting private sector interests.

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Houston Cyber Summit (Houston, Texas, USA, April 27, 2017) Cyber security strategy is a term most often associated with the operational levels of an organization – firewalls, encryption, internal assessments and so on. But even the best technology and monitoring processes won’t mean a thing unless the cyber security strategy aligns with the business strategy. How can organizations prioritize cyber security from the top down and the bottom up at the same time? The Houston Cyber Summit is a one-day conference designed for executives to learn how to protect the business through a proactive cyber security strategy.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.