The CyberWire Daily Briefing 4.21.17

Summary

By The CyberWire Staff

Cybercriminal gangs are busily at work reverse-engineering the tools alluded to in last week's ShadowBrokers' document dump, according to what SenseCy and Recorded Future tell CyberScoop they're observing in the dark web. These gangs are for the most part Russian, but with a significant fraction hailing from China.

How much serious labor the gangs will have to put in is a matter for speculation, but it may be less for the Russians than for the Chinese, given the degree to which Russian security and intelligence services have systematically interpenetrated and coopted criminal organizations. US authorities show signs (BuzzFeed has a long report on the topic) of pursuing the gangs as a matter of both law enforcement and national security.

The sources of the ShadowBrokers' leaks remain under investigation, but as the Daily Beast notes, signs in the latest set of leaks may point to an insider, which could set off a mole hunt as likely to be disruptive as productive.

Cooler heads now think the rumor that the US hacked North Korean missile tests last weekend is both wishful and wayward.

Hack Forums is an underground community known for Davey-Crockettesque exaggeration and braggadocio, but the self-proclaimed author of BrickerBot—someone calling himself "Janit0r"—seems to be the real thing, according to Bleeping Computer. He says he wants to force better IoT security and won't shut down BrickerBot regardless of the damage it's causing. (He's also a wanted man.)

Drupal patches core engine vulnerabilities. Linksys offers stopgap mitigations for router vulnerabilities.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, Belgium, France, New Zealand, Nigeria, Russia, Syria, United Kingdom, United States

On the Podcast

In today's podcast, we speak with Ben Yelin from our partners at the University of Maryland's Center for Health and Homeland Security. He'll talk about the unusual case of a weaponized animated GIF. Our guest is Carson Sweet from CloudPassage, who'll discuss government requests that providers turn over emails, and how legislation on the matter continues to lag.

Sponsored Events

Hacker Secrets Revealed: 5 Security Mistakes to Avoid (Webinar, April 27, 2017) Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Leaked NSA hacking tools are a hit on the dark web (Cyberscoop) A shadowy cast of random hackers are now sharing, promoting and working to reverse engineer the tools in the latest Shadow Brokers dump.

Is There a Russian Mole Inside the NSA? The CIA? Both? (The Daily Beast) The latest Shadow Brokers hack exposed classified intel that could only have come from within the NSA, setting the stage for a Cold War ritual—the mole hunt.

Inside The Hunt For Russia’s Hackers (BuzzFeed) Russia’s cyberwarfare operations are built on the back of their cybercriminal networks. Can the US and their allies take them down?

Is the United States Really Blowing Up North Korea’s Missiles? (Foreign Policy) There’s just no evidence to support the fantasy that Kim Jong Un’s rockets are falling prey to a super-secret U.S. cyberprogram.

SPECIAL ANALYSIS: The Dangerous Speculation Over Cyber Warfare Behind The Alleged Failures Of North Korean Missile Launches (Homeland Security Today) In recent days, there has been a lot of speculation on the Internet -- and even among the mainstream media -- over the true cause of the many failures of North Korea’s missile tests. Some people are suggesting the Trump Administration is behind the failures by somehow introducing a virus into the missile systems to make them fail.

The IoT malware that plays cat and mouse with Mirai (Naked Security) A botnet dubbed Hajime uses much the same tactics as Mirai – but to neutralise the damage done. Is this a good thing, though?

BrickerBot Author Claims He Bricked Two Million Devices (BleepingComputer) Just like Wifatch and Hajime, the BrickerBot malware is also the work of a vigilante grey-hat, who goes online by the name of Janit0r, a nickname he chose on the Hack Forums discussion boards.

Stuxnet LNK Exploits Still Widely Circulated (Threatpost) Endpoints are still encountering exploits for the LNK vulnerability, one of the principal infection mechanisms used by the Stuxnet worm.

Hackers use old Stuxnet-related bug to carry out attacks (ITworld) Users that run unpatched software beware. Hackers have been relying on an old software bug connected to the Stuxnet worm to carry out their attacks.

DressCode Android Malware Finds Apparent Successor in MilkyDoor (TrendLabs Security Intelligence Blog) We recently found 200 unique Android apps—with installs ranging between 500,000 and a million on Google Play—embedded with a backdoor: MilkyDoor.

Spyware Disguised as System Update Survived on Play Store for Almost Three Years (BleepingComputer) An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official Google Play Store for at least three years, since 2014, when it was updated the last time.

Microsoft shrugs off report that Edge can expose user identities from JS Fetch requests (Register) La la la nothing to patch here la la la

The History of Fileless Malware – Looking Beyond the Buzzword (Lenny Zeltser) What’s the deal with “fileless malware”? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use it today.

Ambient Light Sensors Can Be Used to Steal Browser Data (BleepingComputer) Sensors used to detect the level of ambient light can be used to steal browser data, according to privacy expert Lukasz Olejnik.

YouTubers Are Hawking Powerful Phone Malware to Illegally Spy on Lovers (Motherboard) Check the link in the description below!

Malwarebytes Detail The Evolving Threat And Rise Of Cerber Cyber Ransomware (FileHippo) Report details the worrying rise and continued growth of Cerber based ransomware, but the almost total disappearance of Locky…

Why are typosquats a risk to your organization? (SecurityScorecard Insights & News) Find out how to protect your organization from typosquats.

Analysis of a Maldoc with Multiple Layers of Obfuscation (SANS Internet Storm Center) Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called "Invoice_6083.doc" (which was delivered in a zip archive). I had a quick look at it and it was interesting enough for a quick diary.

Security Alert: Fake Delta Airlines Receipt Spreads Financial Malware - Heimdal Security Blog (Heimdal Security Blog) Scammers want to steal your financial & banking data using a fake Delta Airlines receipt. Read our security alert to learn how they do it.

Cyber Attack Drill Exposes How Unprepared City Is For Grave Threat (CBS) The exercise, led by the Department of Energy, saw oil refineries in greater Philadelphia shut down by the fictitious attack.

Holiday Inn, Crowne Plaza Part of 1,200 InterContinental Hotels Cyber Attack (Fox Business) Global hotel chain InterContinental Hotels Group Plc said 1,200 of its franchised hotels in the United States, including Holiday Inn and Crowne Plaza, were victims of a three-month cyber attack that sought to steal customer payment card data.

Dozen hotels in Eastern Carolina victims of lengthy cyber attack (WTN) InterContinental Hotels Group says customer credit card information was stolen from franchised locations that include Holiday Inn, Holiday Inn Express, Candlewood Suites and Staybridge Suites.

Five insider threat profiles to look out for. (Infosecurity Magazine) Identifying five insider threat profiles to show the complexity of the problem.

Security Pros: People Are the Biggest Problem (Infosecurity Magazine) Security Pros: People Are the Biggest Problem. IISP report warns of growing skills shortages

Security Patches, Mitigations, and Software Updates

Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Standing Pat (Threatpost) Google fixed a vulnerability that could’ve let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off – for now.

Linksys Smart Wi-Fi routers full of flaws, but temporary fix is available (Help Net Security) Over 20 models of Linksys Smart Wi-Fi routers have vulnerabilities that, if exploited, could allow attackers to mess with and take over the devices.

Drupal Patches Three Vulnerabilities in Core Engine (Threatpost) Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.

Cyber Trends

Netskope Cloud Report (Netskope) More than half of Microsoft Office 365 usage comprised of services other than OneDrive for Business

5 Facts Every Executive Should Know About Mobile Security (Zimperium) Today, employee mobility is critical for enterprise productivity. Mobile devices, the networks they use and apps have become critical success factors for organizations who want to reach and satisfy customers, collaborate more effectively with suppliers, and keep employees productive anytime and anywhere.

Why encryption has become a boardroom issue (Computing) Thales e-Security survey shows how corporate decision-making on encryption has shifted from the IT department to the boardroom, writes John Grimm

Going digital: The changing context of cybersecurity in retail (CyberInt) As digital businesses continue to grow, the push for online channels means that retailers have something new to worry about: digital and cyber risks.

WiCyS 2017: Building a Diverse Pipeline Into Cybersecurity - Palo Alto Networks Blog (Palo Alto Networks Blog) At Palo Alto Networks, the more we can build teams of people with different educational or professional backgrounds, from different cultures, who speak different languages, the better we are equipped to build creative solutions to the toughest cybersecurity problems.

Banks say Cyber Security is Biggest Threat to Innovation (Acumin Recruitment, London) A vast percentage of the largest financial institutions and banks in the world have labelled cyber security as financial innovation's number one enemy.

A third of employees say it's common to take corporate data with them when leaving a company (Help Net Security) Many pros that work with confidential information lack understanding regarding how that data should be shared and corporate data security policies.

6 Times Hollywood Got Security Right (Dark Reading) Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.

Marketplace

Secure card maker Plastc Inc. considering Chapter 7 bankruptcy, halts operations (CSO Online) Early supporters of Plastc, the E-Ink and touchscreen smart card that offered a number of security features, got some bad news on Thursday. Plastc Inc. is exploring options for Chapter 7 Bankruptcy protection, and none of the pre-orders will ship.

Denver cybersecurity startup CyberGRX hits a nerve, attracts $20 million in round led by Silicon Valley VC (The Denver Post) A year after publicly launching in Denver, the fast-growing CyberGRX plans to announce Tuesday that it received $20 million in an investment round led by Silicon Valley’s Bessemer Venture Par…

IBM’s security business up 10 percent, powered by Watson (CSO Online) CSO checked in with Marc van Zadelhoff, general manager at IBM Security - one of IBM’s four strategic areas (cloud, analytics, and mobile being the other three) - for a deeper dive into its security initiatives.

The IBM Story, In 5 Easy Charts (Seeking Alpha) Big Blue doesn't have any growth engines. Cognitive computing presents high-margin opportunity if IBM can grow it. The stock's technical breakdown alone could j

Shlomo Kramer's Cato Networks Out To Redefine Networks And Security, Again (Forbes) When Shlomo Kramer speaks people listen--at least when it comes to networks and security. He's earned his reputation by founding two successful, publicly-traded security companies--Check Point and Imperva. Check Point, which Kramer founded in his grandmother's apartment in the early 90's, now has a market cap of more than $18 billion, with Imperva close to $1.5 billion.

SYNNEX Corporation Selected to Carry Symantec's Complete Product Portfolio (Yahoo! Finance) SYNNEX Corporation (NYSE: SNX), a leading Technology Solutions distributor, today announced that it now offers the full portfolio of Symantec enterprise ...

Oliver Rochford Joins RiskSense as Security and Product Evangelist (Yahoo! Finance) RiskSense® Inc., the pioneer and market leader in pro-active cyber risk management, today announced that Oliver Rochford, former research director at Gartner, Inc., has joined the company as security and product evangelist. The

Paul Hastings Picks Up Homeland Security’s Cyber Lawyer (Bloomberg Law: Big Law Business) Paul Hastings announced it has hired Robert Silvers, the outgoing assistant secretary for cyber policy at the U.S. Department of Homeland Security. Silvers joined the Washington, D.C. office this week as a partner in the firm’s privacy and cybersecurity group and its white collar group. It’s not Silvers’ first stint in private practice, but his specialty has shifted:...

Contact center service provider hires Stuart Clark as its first CISO (CSO Online) Serenova looks to Clark to standardize and scale security best practices as the company grows.

Products, Services, and Solutions

New infosec products of the week: April 21, 2017 (Help Net Security) ThreadFix integrates application security into DevOps pipelines Denim Group release of the latest version of ThreadFix, the company’s application vulnerabi

New WatchGuard Access Point Brings Secure, High-Performance Wi-Fi Outdoors (Yahoo! Finance) WatchGuard® Technologies , a leader in advanced network security solutions, today announced the AP322 , a new high-performance cloud-ready outdoor access point ...

CircleBack for Android is Back and Better Than Ever (CircleBack) CircleBack for Android is Back and Better Than Ever Let’s start with an apology—Android users, we’ve heard your frustration over the last few months. We’re sorry we weren’t able to get to this moment sooner. But if you’ll let us make it up to you, we’d love to try. We think we’ve created just the …

FireEye Announces General Availability of Helix – The First Intelligence-Led Platform to Simplify, Integrate, and Automate Security Operations (Yahoo! Finance) FireEye, Inc. , the intelligence-led security company, today announced that FireEye® Helix™ is now generally available around the world. Helix is a first-of-its-kind security platform built for customers and partners who want a simplified, integrated, and automated platform as the center of their security

FireEye Announces Continuous Guidance from FireEye as a Service – Managed Detection That Offers Unmatched Response Speed and Emerging Threat Protection (Yahoo! Finance) FireEye, Inc. , the intelligence-led security company, today announced Continuous Guidance™, a new service tier from FireEye as a Service™ . The FireEye® Continuous Guidance offering leverages the world-renowned expertise of FireEye analysts to detect the undetectable and respond to threats faster, minimizing

Verizon boosts security effort with new threat research advisory centre (ITWire) Giant US telco Verizon has unveiled its new Threat Research Advisory Centre which it says is designed to help customers recognise and react to more sophisticated cyber threats faster and more effectively – and ultimately stop cyber attacks.

Whitewood Introduces netRandom Free, a Cloud-Based Entropy Service to Enable True Random Number Generation (Yahoo! Finance) Whitewood, a developer of crypto-security solutions, today launched netRandom Free, a cloud-based entropy service. netRandom Free is specifically designed to supplement and strengthen security systems in traditional data centers, virtualized cloud environments and embedded systems, such as the Internet

()

ForgeRock Edge Security Offers Complete End-to-End Security for Internet of Things Deployments (Yahoo! Finance) ForgeRock®, the leading platform provider of digital identity management solutions, today announced ForgeRock Edge Security, offering complete end-to-end security for internet of things deployments. These ...

Siemens Launches New Business to Digitalize the U.S. Rail Industry (Businesswire) Siemens is launching Digital Rail Services in the U.S., a new business that will use intelligent sensors and advanced software platforms to put intell

ObserveIT Accelerates Insider Threat Detection and Prevention with New Actionable Analytics and Instant Prevention of Breaches (Yahoo! Finance) ObserveIT, the leading insider threat monitoring and analytics solution provider with more than 1,500 customers worldwide, today unveiled new actionable analytics and the ability to proactively block risky, out-of-policy activities by insiders, giving security and IT teams powerful weapons in the fight

Dimension Data to provide scalable cloud solution for Ultrafast Fibre (Digital News Asia) Dimension Data will host all of Ultrafast Fibre’s data assets and applications within their Managed Cloud Platform (MCP) in Hamilton.

Splunk Cloud Launches on AWS Marketplace (Yahoo! Finance) Splunk Inc. , provider of the leading software platform for real-time Operational Intelligence, today announced support for SaaS Contracts in AWS Marketplace.

Threatstream App for Splunk: Introducing Seamless Integration with Enterprise Security (Anomali) Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful way to integrate Threatstream capabilities within the Enterprise Security workflow using the Adaptive Response framework.An Introduction to Adaptive ResponseSplunk's

Blue Ridge Networks announces contribution of its AppGuard® line of business to new Japanese joint venture company Blue Planet-works. (PRNewswire) An investor Group led by ANA Holdings [TYO:9202], Dentsu [TYO:4324]...

Gemini Simplifies Complexity of Big Data for Security Analysts and IT (Yahoo! Finance) Gemini Data, a provider of a security analyst platform to rapidly deploy, manage and achieve situational awareness across leading data and security solutions, today announced that it is expanding its use of Dell EMC technology, and going forward, will continue to offer the quality and reliability of

How Docker Swarm Uses Transparent Root Rotation to Improve Security (eSecurity Planet) Docker's swarmkit integrates multiple secure mechansims including one known as Transparent Root Rotation.

Technologies, Techniques, and Standards

Money spent on cyber-security wasted if firewalls don't work properly (SC Magazine UK) Most IT professionals say firewalls are a core security component and that third-party management of multi-vendor environments is crucial.

As Cyber Attacks Get Serious, IT and Security Teams Need to Break Down Siloes (Computer Business Review) Ivanti's CEO discusses the importance of IT and Security teams tasked with tackling security within the business in the IoT era.

Hospital network security: Recursive DNS lookups yield threat insight (SearchHealthIT) One health system uses recursive DNS lookups and deep insight into threat intelligence to ensure hospital network security.

Kill Chain & the Internet of Things (Dark Reading) IoT things such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.

An untold cost of ransomware: It will change how you operate (Help Net Security) Ransomware is not going away anytime soon. You need to change how your organization operates to protect the data critical for maintaining operations.

Why You Must Build Cybersecurity Into Your Applications (Forbes) One of the largest changes underway in the way we create software is that cybersecurity is no longer an afterthought, but instead is being built into every application. The challenge many companies face is how to keep up and make sure the software they create is just as safe as the products they buy. That’s what we will cover today.

Cutting through the Noise: Is It AI or Pattern Matching? (Dark Reading) Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.

10 interview questions for hiring cloud-literate security staff (CSO Online) The answers will paint a picture of whether this candidate understands cloud security.

From Cultural Intelligence to Cultural Understanding: A Modest Proposal (Small Wars Journal) One of the critical areas in recent operations that has been identified as a major shortfall for the Army has been that of understanding the cultures and societies in which it has been operating. Virtually every report that has analyzed problems in Iraq and Afghanistan has noted a lack of cultural understanding, leading to difficulties in conducting operations.

Design and Innovation

Ambient noise could be your next multi-factor authentication token (TechCrunch) We're all pretty used to two-factor authentication now, and it isn't much of an inconvenience to have to type in a four-digit code when you log in from a new..

Locked out of your accounts? Facebook wants to hold the key (Naked Security) Facebook’s planned password recovery process might make some uncomfortable, but the good news is that it won’t involve giving the social media giant access to everything

Quantum Cryptography Is Unbreakable. So Is Human Ingenuity (Singularity Hub) Two basic types of encryption schemes are used on the internet today. One, known as symmetric-key cryptography, follows the same pattern that people have been using to send secret messages for thousands of years. If Alice wants to send Bob a secret message, they start by getting together somewhere they can’t be overheard and agree …

Research and Development

Raytheon secures $10M computing contract for DARPA (C4ISRNET) The work is scheduled for completion in April 2021.

Cryptanalysis of Physically Unclonable Functions (Freie Universität Berlin) We study the implementation and security of Physically Unclonable Functions (PUFs) by means of cryptanalysis. To that end, we look for upper and lower bounds for attacker effort depending on the PUF design.

Guidance Software Announces Forensic Security Research Program (Yahoo! Finance) Guidance Software, the makers of EnCase®, the gold standard in forensic security, today announced the launch of its Forensic Artifact Research Program. The program was created as a forum for digital forensic security researchers to share information and be recognized for the critical work they do to investigate cybercrime and stop cyber threats.

Academia

Students Inspired By Women in Cybersecurity Conference (Southern New Hampshire University) Five women pursuing cyber security careers left Arizona, feeling exhilarated and inspired after attending the Women in Cybersecurity conference.

Legislation, Policy and Regulation

CIA, FBI directors heading to secret spy alliance meeting in New Zealand: Report (Washington Examiner) CIA Director Mike Pompeo and FBI Director James Comey are reportedly attending a secret gathering of the Five Eyes spying alliance.

An Intro to International Oversight Bodies (Infosecurity Magazine) A panel of privacy commission representatives discussed the role of their organizations amid heightened public concern over state surveillance activities

Trump's cybersecurity review misses deadline (Military Times) After a receiving a U.S. intelligence assessment on Russian's interference in last year's elections, President Donald Trump vowed that he would have a team present him with a review of America's cybersecurity efforts within 90 days of taking office.

'Culture Shift' Driving NSA, CIA, FBI To Be More Open (Law360) The National Security Agency, Central Intelligence Agency and FBI are working to buck a longstanding culture of secrecy and are striving to share more information with the public about their data surveillance practices and accompanying privacy safeguards, agency officials said Thursday.

FBI Tightens Restrictions On Contact With Media To Clampdown On Leaks (Shadowproof) The FBI’s effort to crackdown on leaks fits a larger trend in national security agencies, since WikiLeaks, Chelsea Manning, and Edward Snowden

Litigation, Investigation, and Enforcement

Islamic State claims attack on French police officers that left 1 dead, 2 injured (Chicago Tribune) A gunman opened fire on police on Paris' iconic Champs-Elysees boulevard Thursday, killing one officer and wounding three people before police fatally shot him.

Arresting Julian Assange is a priority, says US attorney general Jeff Sessions (Guardian) Justice department ‘stepping up’ efforts to prosecute Wikileaks founder as CNN reports that charges have been drawn up

Confide sued over ephemerality and screenshot protection claims (TechCrunch) Confide, the encrypted chat app that's reportedly popular among Trump staffers, is facing a class action lawsuit that claims Confide misled consumers about..

Man sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed (Ars Technica) Confide: "The accusations set forth in the complaint are unfounded and without merit."

Tesla owners sue: “Enhanced Autopilot Features… simply too dangerous to be used” (Ars Technica) Tesla fires back, calling lawsuit a "disingenuous attempt to secure attorney’s fees."

Nigerian Spy Chief Caught With $43 Million in Cash Is Suspended (Foreign Policy) Just slightly suspicious.

How Nigeria's Suspended Intelligence Agency Director Tried To Explain Away $43m Cash Found In Lagos Apartment (Sahara Reporters) SaharaReporters has learned that Ayodele Oke, the suspended Director-General of the National Intelligence Agency (NIA), facilitated the agency’s acquisition of the swanky Ikoyi apartment where agents of the Economic and Financial Crimes Commission (EFCC) recently discovered more than $43 million in cash.

NCA: Young Cyber-Criminals Looking for Sense of Achievement (Infosecurity Magazine) NCA: Young Cyber-Criminals Looking for Sense of Achievement. New report claims many are simply motivated by peer respect

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong focus on networking, strengthening existing alliances and forming new ones. Get acquainted with the products and people leading the industry and creating new technological solutions to tackle today’s cyber challenges.

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, June 13 - 15, 2017) Cyber operations are a challenging mission for the U.S. Defense Department and government community that builds, operates and defends networks. Cyber leaders and warriors must continually evolve to adapt to future innovations and develop and leverage cutting-edge tools and technologies. AFCEA’s Defensive Cyber Operations Symposium provides an ethical forum where government and industry will focus on “Connect and Protect.” Participants will discuss requirements and solutions to ensure that the networks within DoD are adaptive, resilient and effective across a range of uses and against diverse threats. Speakers will include leaders in the Defense Information Systems Agency, Joint Force Headquarters-DoD Information Network and DoD Chief Information Office.

upcoming Events

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the worldwide community’s increasing interconnectivity in this domain.Drawing on the experience of government practitioners, industry representatives and academic scholars, this event brings a multidisciplinary and international approach to the challenges in cyberspace from technical, corporate, legal, and policy perspectives in both the United States domestic and international realms – with several topics targeting private sector interests.

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are open to civilians and veterans. Included among the course line-up are several master's degree and graduate certificate courses that are eligible for GI Bill benefits through the SANS Technology Institute graduate school.

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Houston Cyber Summit (Houston, Texas, USA, April 27, 2017) Cyber security strategy is a term most often associated with the operational levels of an organization – firewalls, encryption, internal assessments and so on. But even the best technology and monitoring processes won’t mean a thing unless the cyber security strategy aligns with the business strategy. How can organizations prioritize cyber security from the top down and the bottom up at the same time? The Houston Cyber Summit is a one-day conference designed for executives to learn how to protect the business through a proactive cyber security strategy.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.