The CyberWire Daily Briefing 4.25.17

Summary

By The CyberWire Staff

As expected, reports of Russian intelligence services working to influence French elections have surfaced. Trend Micro says it's found "Pawn Storm" (a.k.a. APT28, a.k.a Fancy Bear, a.k.a. GRU) phishing Emmanuel Macron's campaign with tactics, techniques, and procedures essentially identical to those used against the US Democratic National Committee during 2016's US presidential election. French security agency ANSSI confirms the phishing and the resemblance to Pawn Storm, but cautiously declines a rush to attribution.

Fancy Bear may have been busy elsewhere, too. Denmark's Minister of Defense says the Russian service has "aggressively" pawed at his networks for the past two years. Bulgaria's President Rosen Plevneliev has also gone public with accusations that an unnamed threat actor based in Russia sought to interfere with Bulgaria's 2015 local elections.

Expect more cyber operations as China and the US tighten the screws on Pyongyang over North Korea's nuclear and long-range missile programs. Perennial concerns about critical infrastructure vulnerabilities are reinforced by Friday's power outages in three major US cities. The failures were accidental and not cyber related, but they do highlight the risks of local points-of-failure.

Trend Micro researchers discover "Milkydoor," a backdoor installed in some two-hundred Trojanized Android apps published to Google's PlayStore.

Security firm Webroot is in the process of fixing its widely used antivirus solution, which yesterday briefly misidentified legitimate Windows files as malicious.

Pyotr Levashov, alleged Kelihos botmaster, has been indicted by the US and faces extradition proceedings in Spain.

Criminal extortionists are again threatening Ashley Madison users with exposure.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Austria, Brazil, Bulgaria, China, Denmark, France, Germany, India, Indonesia, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Macedonia, Malaysia, Myanmar, Nigeria, Philippines, Russia, Serbia, Singapore, South Africa, Spain, Thailand, Turkey, United Arab Emirates, United Kingdom, United States, and and Vietnam.

On the Podcast

In today's podcast, we hear from David Dufour, representing our partners at Webroot, who talks us through the issues of IoT supply chain trust. Our guest, Eric Burger of Georgetown University, offers a preview of the upcoming Borderless Cyber conference.

Sponsored Events

Hacker Secrets Revealed: 5 Security Mistakes to Avoid (Webinar, April 27, 2017) Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russian Hackers Who Targeted Clinton Appear to Attack France’s Macron (New York Times) A report by a cybersecurity firm has heightened concerns that Russia has turned its weapons on France in an effort to bolster Marine Le Pen’s candidacy.

Macron campaign was target of cyber attacks by spy-linked group (Reuters) The campaign of Emmanuel Macron, the favorite to win France's presidential election, has been targeted by a cyber espionage group linked by some experts to the Russian military intelligence agency GRU.

Pawn Storm targets fresh victims to sway public political opinion (ZDNet) The sophisticated attackers are putting more and more pressure on the military, governments, celebrities and media worldwide.

Russian Hackers ‘Fancy Bear’ Targeted French Presidential Candidate Macron (Motherboard) The hacking group who attacked the DNC and was behind the Podesta leaks also went after France’s Presidential frontrunner.

Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks (TrendLabs Security Intelligence Blog) Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phishing...

Denmark says Russia hacked its Defense Ministry emails (The Times of Israel) Copenhagen denounces ‘aggressive’ behavior of same pro-Kremlin group accused of ‘malicious cyber activity’ against US

Digitale angreb fra fremmede magter og kriminelle kræver nyt beredskab (Berlingske) Det digitale indbrud mod dansk forsvar, som Berlingske rapporterer om, er led i en ny international trend, hvor bl.a. Rusland i voldsom grad har intensiveret den digitale spionage og krigsførelse.

Rosen Plevneliev with Report on Russian Cyber Attack During Local Elections in 2015 (Sofia News Agency) President Rosen Plevneliev (2012-2017) has announced to Nova TV, that he had a report from competent institutions stating that during the 2015 local elections a cyberattack came from an organization based in Russia.

A Closer Look at CIA-Linked Malware as Search for Rogue Insider Begins (Dark Reading) Symantec researcher explains the goals behind CIA-linked hacking tools, as the government launches an investigation to discover who gave secret documents to WikiLeaks.

NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide (Threatpost) Scans show tens of thousands of Windows servers infected with the DoublePulsar kernel exploit leaked by the ShadowBrokers two weeks ago.

2016's Most Popular Exploit Was the Vulnerability Used for the Stuxnet Attacks (BleepingComputer) One of the vulnerabilities used to spread the Stuxnet virus was 2016's most popular exploit, according to telemetry data gathered by Russia cyber-security firm Kaspersky Labs.

Has China’s squeeze on North Korea hit its few ATMs? (South China Morning Post) No modern airport terminal is complete without an ATM, and Pyongyang’s now has two. But they don’t work — because of new Chinese sanctions, according to bank employees — and it’s not clear when they will....

Microsoft Edge Vulnerability Allows Cookie and Password Theft (BleepingComputer) A vulnerability in the Microsoft Edge browser can be exploited and allow an attacker to obtain a user's password and cookie files for various online accounts.

MilkyDoor Infests 200 Android Apps (Infosecurity Magazine) MilkyDoor is built to attack an enterprise’s internal networks, private servers, and ultimately, corporate assets and data.

Original XPan Ransomware Returns, Targets Brazilian SMBs (Threatpost) Brazilian cybercriminals are using the original version of the XPan ransomware, targeting small to medium-sized business based in Brazil with the malware.

Locky Ransomware Roars Back to Life Via Necurs Botnet (Threatpost) The first large scale Locky campaign in months has been detected via the Necurs botnet.

Ransomware hidden inside a Word document that’s hidden inside a PDF (Naked Security) Spam campaign delivers Locky ransomware that, like a Russian matryoshka doll, is nested inside not one but two layers

Analysis of the Shadow Z118 PayPal phishing site (SANS Internet Storm Center) Today I got lucky walking around within a phishing site and found some left-over deployment files, containing the complete source code of the site. This gives a unique insight into the inner workings and complexity of the site. I've analyzed many phishing site source codes before, but this one is definitely more sophisticated than usual.

Phishing attacks responsible for three-quarters of all malware (Help Net Security) Phishing attacks were responsible for 73% of all malware delivered to organizations, with government as the industry sector most likely to be attacked.

Hard Target: Fileless Malware (Threatpost) Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend.

Hipchat resets user passwords after possible breach (CSO Online) HipChat has reset all its users' passwords after what it called a security incident that may have exposed their names, email addresses and hashed password information.

Top secret messages sent via Confide might not be so secret after all (Naked Security) Confide, an app used by some Washington insiders, denies claims in lawsuit that it doesn’t prevent screenshots on all platforms

R2Games compromised again, over one million accounts exposed (CSO Online) Online gaming company Reality Squared Games (R2Games) has been compromised for the second time in two years, according to records obtained by the for-profit notification service LeakBase. The hacker who shared the data with LeakBase says the attack happened earlier this month.

Ashley Madison users blackmailed again (Help Net Security) Cyber criminals are still trying to blackmail users of the Ashley Madison dating/cheating online service into sending them money in exchange of silence.

LinkedIn app’s oversharing via Bluetooth sparks alarm (Naked Security) LinkedIn said it was working on a fix for the issue – but it’s always a good idea to keep an eye on what you might be sharing via Bluetooth

Webroot antivirus goes bananas, starts trashing Windows system files (Register) Even automated security tool thinks Redmond's snooping operating system is 'malicious'

AV provider Webroot melts down as update nukes hundreds of legit files (Ars Technica) False positives affect Windows Preview, Facebook, and more.

Northrop Grumman can make a stealth bomber – but can't protect its workers' W-2 tax forms (Register) 'Stolen creds' used to swipe data on aerospace giant's staff

Uber Fingerprinting Users Shows the Danger of Thinking All Technology Is Magic (Motherboard) When "always be hustling" catches up with you.

Unroll.me Apologizes for Not Being Clear It Sells User Data (Infosecurity Magazine) Unroll.me Apologizes for Not Being Clear It Sells User Data. Unsubscribe service promises to be more transparent

Major San Francisco power outage caused by one breaker in one substation – what are the implications (Control Global) At approximately 9am on April 21, 2017, ONE breaker failed in PG&E’s Larkin Street substation. This ONE breaker in ONE substation brought the city of San Francisco to its knees. The implications are numbing, particularly considering all of the promises PG&E has made to the California PUC after the San Bruno natural gas pipeline rupture.

Security Patches, Mitigations, and Software Updates

Hyundai Patches Leaky Blue Link Mobile App (Threatpost) Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information.

What happens when a vendor doesn’t patch its software? (Naked Security) Third-party ‘guerilla’ patching can be a good example of the community stepping up to fix flaws – but it could also compromise security

Securing Docker, One Patch at a Time (eSecurity Planet) The open-source Docker container project integrates many different security approaches, but like every other software project, it still has to deal with reported software vulnerabilities.

Cyber Trends

2017 Varonis Data Risk Report (Varonis) 47% of organizations have at least 1,000 sensitive files open to every employee.

New Mindset Required to Respond to Cyber Threats, CompTIA Study Asserts (PRNewswire) Businesses recognize security as a growing imperative,...

Security skills need to be deep and wide to mitigate critical risks (Help Net Security) Businesses recognize security as a growing imperative, but many remain on the defensive, fighting cyber threats with dated tactics and training.

U.S. Cyber Defense 'Terrible,' Former NSA Director Says (Duke Today) The United States’ cyber defense capability is “terrible … it’s wholly inadequate,” the former head of the National Security Agency said Friday in a speech at Duke.

One in Eight English Adults Have Had Medical Data Stolen (Infosecurity Magazine) One in Eight English Adults Have Had Medical Data Stolen. Pharmacies are the biggest source of healthcare breaches, Accenture says

Marketplace

An engineer’s guide to picking a startup (TechCrunch) One of the questions I often get from engineers I mentor is how do you decide on what early stage startup is worth working for? Often, this is long before you..

Virtru's Gold: 'We've Had Negative Churn' (Channel Partners) Virtru doesn’t stop at Google and Microsoft email encryption, says CMO Charles Gold.

Telos among awardees of Army cloud computing deal (C4ISRNET) Telos has been chosen to be one of the awardees of the $247.7 million Army Cloud Computing Enterprise Transformation Basic Ordering Agreement, otherwise known as ACCENT BOA.

Here's an IRS Contract With a Dark Web Intel Firm (Motherboard) The Internal Revenue Service paid Flashpoint $65,000.

Harris Corp. wins cryptographic and information assurance contract (Military Embedded Systems) ROCHESTER, N.Y. U.S. Air Force officials selected Harris Corp. for cryptographic and information assurance products, including support throughout their life cycles. The five-year, multi-award indefinite delivery/indefinite quantity (IDIQ) contract has a ceiling value $875 million.

Products, Services, and Solutions

Lacework Launches with the Industry's First Zero-Touch Cloud Workload Security Platform (PRNewswire) Recently incubated Lacework™, a new provider of cloud workload...

Lacework Emerges from Stealth with Polygraph Cloud Security (eSecurity Planet) The startup's "zero-touch" cloud workload security platform eliminates the need to fine-tune policies and pore over logs to secure cloud environments.

Cybersecurity Nexus (CSX) Training Platform (ISACA) That’s why we created the Cybersecurity Nexus™ (CSX) Training Platform, the first on-demand, real-world training solution that builds real technical skills to help your staff combat real threats.

The Sixth Flag Unveils Dewdrop.tsf for Standalone and 3rd Party Applications (Sixth Flag) The Sixth Flag, Inc. is excited to announce that dewdrop.tsf™, the patented and acclaimed watermarking technology, will be made available for standalone and third party applications.

Micron and Microsoft Announce Collaboration to Help Improve Internet of Things Security (Yahoo! Finance) Micron Technology and Microsoft today announced a collaboration that aims to address the major challenge of providing trusted computing models for IoT deployments in ...

Kaspersky Lab to provide insurance policy holders with IT forensics in cyber attacks (Deccan Chronicle) As one of the selected IT forensics partners of AGCS, Kaspersky Lab´s services will be available in Germany, Austria and Switzerland.

Russia’s Kaspersky expands partner programme to Africa (CAJ News Africa) KASPERSKY Lab, the Russian multinational cybersecurity and anti-virus provider, has launched a new partner programme in Africa, aimed at managed service providers…

WISeKey Disclosed WISeKeyIoT, Its Public Key Infrastructure Framework Tailored for the Internet of Things (Yahoo! Finance) WISeKey International Holding , a leading Swiss cybersecurity and IoT company, unveiled today its global solution for securing the Internet of Things .

Threat Intelligence As A Service From John Snow Labs Delivers Live, Corroborated, Ranked & Automatically Actionable Cyber Security Threats From 80+ Sources (IT Business Net) Out-of-the-box support for multiple data formats including STIX & TAXII and direct integrations into SIEM, firewall and active blocking tools enable automated prevention, blocking and remediation of the most common cyber attacks.

Vanguard Ramps up Mainframe Vulnerability Assessments (Database Trends and Applications) Vanguard Integrity Professionals said it is shipping a solution for its enterprise cybersecurity software suite intended to deliver expert-level vulnerability assessments of z/OS Security Server configuration controls and security settings with the ability to quickly produce audit results.

Technologies, Techniques, and Standards

DHS preps Cyber Incident Data Repository (GCN) CIDAR aims to identify trends, mitigate threats and calculate risks for enterprise risk managers and cybersecurity insurance companies.

Novetta Expands Support for Biometric Standards Development (Sys-Con Media) Novetta, a leader in advanced analytics technology, today announced that Vice President of Special Projects, Michael Thieme, has been appointed Editor of ISO/IEC 30107-4 – Biometric presentation attack detection – Profile for evaluation of mobile devices.

How can you prepare for a cyber attack? (JAXenter) Keeping your data secure is more important than ever. David Mytton discusses what developers can do to prepare for what’s fast becoming inevitable.

HyTrust’s John De Santis: Agencies Should Adopt Platforms for Security Policy Enforcement (GovCon Wire) John De Santis, chairman and CEO of HyTrust, has said government agencies should adopt a strategic a

Design and Innovation

Five ways that GDPR will help stimulate innovation (Infosecurity Magazine) Although GDPR may pose challenges, it provides opportunities for improving customer trust and fueling innovation reliably and responsibly.

Innovation Advantages Run Afoul of Reality (SIGNAL Magazine) The need for innovation in cybersecurity often is stymied by procurement complications.

Research and Development

Increasing the Flow of Rumors in Social Networks by Spreading Groups (ArXiv.org) The paper addresses a method for spreading messages in social networks through an initial acceleration by Spreading Groups. These groups start the spread which eventually reaches a larger portion of the network. The use of spreading groups creates a final flow which resembles the spread through the nodes with the highest level of influence (opinion leaders). While harnessing opinion leaders to spread messages is generally costly, the formation of spreading groups is merely a technical issue, and can be done by computerized bots. The paper presents an information flow model and inspects the model through a dataset of Nasdaq-related tweets.

Academia

Cardiff University And Airbus To Open Cyber Security Centre Of Excellence (Silicon UK) The Cardiff University School of Computer Science and Informatics will be the home of a Centre of Excellence in Cyber Security Analytics

How These UMBC Students Won Raytheon's National Cyber Tournament (DC Inno) Trying to defend retail giant Walmart from a cyberattack is no easy task. But that's what the University of Maryland, Baltimore County's student-run cyber defense team had to do in its quest to...

FAMU Designated as National Center of Academic Excellence in Cyber Defense Education (Tallahassee News | ABC 27 WTXL) The National Security Agency and the Department of Homeland Security have designated Florida A&M University as a National Center of Academic Excellence in Cyber Defense Education through 2022.

Raytheon highlights cyber security best practices to students from Khalifa University (Arabian Aerospace) Carl Manion, director of Cyber Threat Hunting, Detection and Response at Raytheon, has delivered a lecture to more than 27 students from Khalifa University of Science and Technology's Department of Computer Engineering recently.

Professor Mary Aiken Inducted into Infosecurity Europe’s Hall of Fame (Infosecurity Magazine) Infosecurity Europe has announced Professor Mary Aiken as the latest industry name to be inducted into the event’s Hall of Fame for 2017

Legislation, Policy and Regulation

Israeli security agencies: New cyber authority could 'seriously harm' our activities (Haaretz) In letter to prime minister, agency heads say legislation concerning Cyber Defense Authority would render their cyber units obsolete

US and China Intensify Pressure on North Korea (Voice of America) U.S. naval strike force moves towards Korea as China warns it will cut off oil supplies if North Korea conducts another nuclear test

Did Trump-Xi call reveal shift in China’s North Korea stance? (South China Morning Post) Xi Jinping voices opposition to Pyongyang’s nuclear programme, urges US to show restraint, but leaves out usual statement about solving issue ‘peacefully’

China's Xi urges Trump to use caution in handling North Korea (Los Angeles Times) Trump and Xi spoke again by phone amid concerns North Korea is preparing for a nuclear test as early as this week.

White House opts for aggressive cyber strategy, sources say (Energy Wire) A White House executive order on cybersecurity will emphasize the need for "hunt and destroy" strategies to find and eliminate malware that threatens critical infrastructure and government agencies, according to people familiar with the plans.

Congress returns, but the real cybersecurity action is taking place off the Hill (Washington Examiner) On the congressional front, we expect a lot of activity and discussion, but it's not clear that will result in any legislation in the short...

Trump and the CIA (Foreign Affairs) Although commentators have been quick to point out key similarities between Trump and Nixon, few have yet probed the remarkable parallels in their relationship with America’s premier spy agency.

Cyber Squadron Initiative expands training for airmen (C4ISRNET) The changing nature of warfare is pushing the Air Force to get more proactive on cyber.

Litigation, Investigation, and Enforcement

FBI allays some critics with first use of new mass-hacking warrant (Ars Technica) Judge authorized order allowing US to change data in thousands of infected devices.

Tor node operator arrested in Russia will be held on terrorism charges until June trial (TechCrunch) Earlier this month, a Tor node operator in Russia was arrested in a potential misunderstanding about the nature of the decentralized network. Dmitry Bogatov,..

Assange is vile but don’t try to lock him up (Times (London)) A journalist I know has a favourite prank. He writes about espionage and secrets, and he knows that electronic eyes are always watching. So, when he’s feeling mischievous and when he knows that a...

Interpol Identifies 8,800 C&C Servers Used for Malware, Ransomware, Others (BleepingComputer) Interpol investigators announced today they'd identified over 8,800 servers hosted across eight countries in Southeast Asia used for various cybercrime operations.

Senate Trump-Russia Probe Has No Full-Time Staff, No Key Witnesses (The Daily Beast) Just seven part-time staffers are working on the Senate inquiry. Not one is a trained investigator. And they haven’t interviewed a single player in Trump’s orbit.

Trump faults DNC in Russian email hacks (TheHill) Trump says Democrats had weak defenses that allowed hackers entry.

NSA Kept Watch Over Democratic and Republican Conventions, Snowden Documents Reveal (The Intercept) The NSA provided surveillance support at the Republican and Democratic national conventions in 2004, raising questions about domestic eavesdropping.

The Backstory Behind Carder Kingpin Roman Seleznev’s Record 27 Year Prison Sentence (KrebsOnSecurity) Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record punishment for hacking violations in the United States and by all accounts one designed to send a message to criminal hackers everywhere. But a close review of the case suggests that Seleznev’s record sentence was severe in large part because the evidence against him was substantial and yet he declined to cooperate with prosecutors prior to his trial.

Dockett 2:11-cr-00070: USA v. Seleznev (US Archive) Roman Seleznev Defendant (1) also known as TRACK2 also known as Roman Ivanov also known as Ruben Samvelich also known as nCuX also known as Bulba also known as bandysli64 also known as smaus also known as Zagreb also known as shmak

Alleged Kelihos botmaster indicted (Help Net Security) 36-year-old Pyotr Levashov was charged on Friday in the US with one count of causing intentional damage to a protected computer, one count of conspiracy, o

Teen Hacker with Asperger's Syndrome Ruined Cyber Infrastructure of Tech Giants (HackRead) When Adam Mudd (goes by the online handle of themuddfamily) was 15, he developed a Distributed Denial of Service (DDoS) attack tool called Titanium Stresse

Collaboration is key to fighting cyber crime, say UK police (ComputerWeekly) Cyber crime will be defeated only through collaboration, according to UK police, the Global Cyber Alliance, Cyber Defence Alliance and Verizon.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

ISKMI IPT 2017 (Honolulu, Hawaii, USA, April 24 - 28, 2017) The purpose of the Information Sharing Key Management Infrastructure (ISKMI) Information Process of Technology (IPT) is to provide spectrum management subject matter experts throughout Department of Defense (DoD), Five Eyes and Allied Community an opportunity to brief related topics as they pertain to emerging technologies, international and domestic Controlling Authority (CONAUTH), Electronic Key Management System (EKMS), Communication Security (COMSEC) and Key Management Infrastructure National and Central Office of Record (COR) policy, procedures and regulation changes, challenges, and CONAUTH/EKMS/COMSEC/KMI management tools, tactics and techniques

NLIT Summit (Chicago, Illinois, USA, April 30 - May 3, 2017) The NLIT Summit is sponsored by the NLIT Society, a professional society founded to facilitate the exchange of best practices and ideas between IT professionals within the DOE complex, strengthen the IT infrastructure, and reduce costs within the DOE laboratory system.

Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

CyberMaryland (Baltimore, Maryland, USA, October 11 - 12, 2017) Maryland is recognized as a cybersecurity leader - nationally and internationally. The state has developed cybersecurity experts, education and training programs, technology, products, systems and infrastructure. With over 10 million cyber hacks a day resulting in an annual worldwide cost of over $100 billion, the United States is at risk. Ensuring that our nation has the workforce, technology and resources to protect our citizens, businesses, infrastructure, intellectual property and more is of paramount importance. Maryland continues to be a leader on this front.

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department of Homeland Security and U.S. Chamber of Commerce. This two-day event, a first of its kind, will convene practitioners from small businesses to multi-national corporations, and from information sharing newcomers to well-established cybersecurity organizations. This unique conference will go beyond discussing current cyber information sharing topics, and will provide opportunities to see competing approaches and innovations in platforms and services.

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing, but the talent pool of cybersecurity workers is not yet able to keep up. The NICE 2017 Conference and Expo features thought leaders from education, government, industry and non-profits who are addressing the cybersecurity education, training, and workforce needs of the nation.

upcoming Events

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Houston Cyber Summit (Houston, Texas, USA, April 27, 2017) Cyber security strategy is a term most often associated with the operational levels of an organization – firewalls, encryption, internal assessments and so on. But even the best technology and monitoring processes won’t mean a thing unless the cyber security strategy aligns with the business strategy. How can organizations prioritize cyber security from the top down and the bottom up at the same time? The Houston Cyber Summit is a one-day conference designed for executives to learn how to protect the business through a proactive cyber security strategy.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Fancy Bear's spoor seen in French election, Denmark's Ministry of Defense. "Milkydoor" backdoor found in 200 Trojanized PlayStore apps. AV solution mistakes legitimate Windows files for malware. Kelihos indictment. Another Ashley Madison extortion caper.