The CyberWire Daily Briefing 4.26.17

Summary

By The CyberWire Staff

Observers continue to digest Trend Micro's report that Pawn Storm—that is, Fancy Bear, in all probability Russia's GRU military intelligence service—intruded into networks associated with French presidential candidate Emmanuel Macron. Trend Micro points out that the phishing approach used involved 0Auth abuse, a technique many normally security-aware victims might not easily recognize. Some bogus news stories have suggested Macron was bought-and-paid-for by the Saudis, but what if anything Fancy Bear got from the campaign's emails is unknown, since none of the take appears to have been used so far. Experts commenting on this and other election hacks point out that what's important here are the influence operations and not so much the technical "hacking." Effective counter-messaging would be the right response.

Recorded Future sees signs that both Russian and Chinese criminal gangs are busily at work on the ShadowBrokers' recent dump.

AlienVault has been working through the sophisticated Felismus remote-access Trojan discovered earlier by Forcepoint researchers. Felismus ("catmouse," in not particularly good Latin, so-called because of an homage to Tom and Jerry cartoons in the encryption key) is modular and evasive. It's also probably not written by a native speaker of English. But what the authors are up to remains obscure.

The cyber conflict that gutters continually in South Asia has flared again, as the Pakistan Haxors Crew defaces Indian university websites with pro-Pakistani messages promising "Kashmir will become Pakistan!" The vandalism is said to be a response to an Indian hacktivist attack against the Pakistani Railways website.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, France, Germany, India, Iran, Japan, New Zealand, Pakistan, Russia, Saudi Arabia, Ukraine, United Kingdom, and United States.

On the Podcast

In today's podcast, we hear from Jonathan Katz from our partners at the University of Maryland's Cybersecurity Center; he speaks about JSON encryption vulnerabilities. Our guest, Stan Black from Citrix, discusses the security challenges of the Internet-of-Things.

Sponsored Events

Hacker Secrets Revealed: 5 Security Mistakes to Avoid (Webinar, April 27, 2017) Delta Risk research has identified the attack vectors bad actors most commonly use to get initial access to a network and spread across the rest of the organization.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russia-Linked Hackers Targeted Macron Campaign, Cyber-Researchers Say (RadioFreeEurope/RadioLiberty) French presidential front-runner Emmanuel Macron's campaign says that it was targeted by Russia-linked hackers.

Macron Victim of Cyber Attack Similar to U.S. Democratic Party’s (Bloomberg) French presidential front-runner Emmanuel Macron has been hit repeatedly in recent weeks by cyber attacks closely resembling those used to infiltrate Democratic Party organizations in the U.S. last year, according to a report by cyber-security consultant Trend Micro.

Trend Micro breaks down Pawn Storm tactics, methods and goals (SC Magazine US) An in depth look at the cyberespionage gang Pawn Storm by Trend Micro reveals an incredibly complicated and capable group that has penetrated several important political and government organization and for the most part has done so on the back of one of the most basic attack methodologies available. Phishing.

Russian hackers use OAuth, fake Google apps to phish users (ITworld) The Russian hacking group blamed for targeting U.S. and European elections has been tricking victims into handing over login credentials with fake Google security applications.

Chinese and Russian Cyber Communities Dig Into Malware From April Shadow Brokers Release (Recorded Future) As of April 15, the Chinese cyber community had begun to investigate the most recent release of malware from the Shadow Brokers group. Here's a closer look.

Flashpoint - "xDedic" Dataset Suggest Government, Corporate RDP Targets (Flashpoint) xDedic is a predominant dark web marketplace known for hosting sales of access to compromised Remote Desktop Protocol (RDP) servers.

xDedic Market Spilling Over With School Servers, PCs (Threatpost) Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States.

Symantec : Alarming Increase in Targeted Attacks Aimed at Politically Motivated Sabotage and Subversion (4-Traders) Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR), Volume 22, released today

2017 Symantec Internet Security Threat Report, Vol 22 (Symantec) Learn about the latest threats and security trends covered in the 2017 Symantec Internet Security Threat Report (ISTR), a comprehensive source of Internet threat data that provides an overview and analysis of the year in global Internet threat activity.

The State of Shamoon: Same Actor, Different Lines (McAfee Blogs) Naming the recent data-wiping attacks in Saudi Arabia as a continuation of the Shamoon campaign suggests that we are dealing with identical malware and pro

'Pakistan Haxors Crew' hacks DU, AMU, IIT websites; posts pro-Pakistan messages (The Times of India) Websites of Delhi University, IIT-D and Aligarh Muslim University were hacked today, allegedly by Pakistani hackers as a response to a hack by an Indian hacker on the Pakistani Railways website and “in solidarity with the innocent Kashmiri people being killed by the Indian Army!” However the messages was removed after later access to the websites.

Dawn Media group is under cyber attack (TechJuice) Dawn Media Group, through a message posted on their website and on Facebook, has claimed that it has been under read more

FalseGuide malware victim count jumps to 2 million (ZDNet) With five additional apps found containing FalseGuide, Check Point has estimated 2 million Android users have unknowingly downloaded malware.

N-day Nvidia, Android driver security flaw details revealed (ZDNet) Zimperium has revealed the details of two N-day vulnerabilities submitted through its exploit acquisition scheme.

New IoT Botnet Rises Feeding on Vulnerable Security Cameras (BleepingComputer) A new botnet is slowly building critical mass on the back of unsecured webcams and IP cameras, currently mass-scanning the Internet for vulnerable devices.

US ISP Goes Down as Two Malware Families Go to War Over Its Modems (BleepingComputer) Two malware families battling for turf are most likely the cause of an outage suffered by Californian ISP Sierra Tel at the beginning of the month.

Healthcare CERT warns about ‘Mole’ ransomware – what you need to know (Naked Security) More ransomware: this one changes your flile extensions to .MOLE, thus the name.

Hackers explain how they "owned" FlexiSpy (Help Net Security) How did the hacker group that goes by the name Decepticons breach "stalkerware" manufacturer FlexiSpy? They say it was easy.

SquirrelMail opens users to remote code execution (Help Net Security) Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered by two researchers.

Apple threatened to oust Uber from App Store for ‘fingerprinting’ iPhones (Naked Security) Questions remain over if and how Uber still tracks devices after chief exec Kalanick was summoned to Apple for a roasting

Uber Didn’t Track Users Who Deleted the App, But It Still Broke the Rules (WIRED) Uber took a known industry practice and managed to turn it into something deeply suspicious.

NoTrove threat actor delivering millions of scam ads (Help Net Security) Researchers at RiskIQ have identified NoTrove, a threat actor that is delivering millions of scam ads that threaten consumers and further undermine the dig

Chipotle Says Its Payments System Was Hacked (Fortune) It can't catch a break.

Point-of-Sale Malware Steals Driver's License Information (BleepingComputer) Malware specialized in infecting Point of Sale (PoS) software has gained the ability to search and steal driver's license information, according to a report published by US cyber-security firm Trend Micro.

Auto Lender Exposes Loan Data For Up To 1 Million Applicants (Threatpost) A trove of consumer auto loan data—some 1 million records—has been locked down after a researcher found an exposed and accessible database online.

Forcepoint Confirm AET Tool Relaunch, Say Evasions Still Matter (Infosecurity Magazine) Forcepoint say the conversation around advanced evasion techniques (AET) needs to continue “as they work

You Can Now Buy Revenge Services on Dark Web (HackRead) Usually, the dark web marketplaces are famous for selling illegal drugs, weapons or in some cases renting hacking tools. But now, we have identified a list

Just Two of These $11 Gadgets Can Steal a Car (WIRED) A technique that allows thieves to silently unlock and drive away cars is getting cheaper and easier than ever.

Security Patches, Mitigations, and Software Updates

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs (Threatpost) Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning.

Atlassian Resets HipChat Passwords Following Breach (Threatpost) Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service.

Motorola sends out security patch to fix Moto G5 Plus "911" bug affecting Verizon VoLTE users (Phone Arena) Last week, we told you about a potentially serious problem that was preventing Moto G5 Plus users rockin' Verizon's VoLTE service from connecting to a 911 emergency dispatcher. The problem was apparently a software related issue and has now been fixed. We received word from Motorola late Monday stating that a security patch was sent out starting this past Friday (April 21st) that exterminates the bug that caused this issue.

Users tell Microsoft to scrap 'pain in butt' Security Update Guide, bring back old bulletins (ZDNet) They're not happy that Microsoft's replaced Patch Tuesday security bulletins with the searchable Security Update Guide.

Yes, Windows patches are a mess, but you should still install them (InfoWorld) March and April patches had their share of bugs, but with a Word zero-day threatening now's the time to update your Windows PCs. Here's how to navigate the minefields

Security improvements primary reason for Windows 10 migration (Help Net Security) Between September and December of 2016, Gartner conducted a survey in six countries of 1,014 respondents who were involved in Windows 10 migration.

Symantec certificate authority issues, answered (SearchSecurity) Some answers, but still more questions as Symantec certificate authority faces Google's wrath over patterns of issues with CA practices.

Cyber Trends

Cyberwarfare and information warfare must be distinguished [Commentary] (C4ISRNET) The distinction between the two is important, and it may help uncover the root cause of the problem.

Cyber only a small component of information operations, official says (C4ISRNET) While cyber has been a main focus of the Russian meddling in the 2016 presidential election, the State Department's cyber coordinator believes it is only a small component to the larger information operations problem.

#GailForce: Has the U.S. experienced the long predicted Cyber Pearl Harbor? (Lima Charlie News) Capt. Gail Harris examines whether the U.S. is in an undeclared cyber war, and if the DNC hack was part of a Russian strategy to destabilize the West.

Are Small Business Owners Protecting Themselves from Cyber Attack? (Manta) Hackers are increasingly targeting small businesses, but less than 15% of owners protect their business from cyber attack.

Buying fraud right off the virtual rack (CSO Online) Report finds fraud running rampant, especially in the retail sector.

Cyberthreats Inevitable but can be Mitigated, Experts Say (Bloomberg BNA) Cyberthreats are inevitable and growing fast, but better coordination between the government and private sector could pay big dividends, a panel of cybersecurity professionals said April 24.

Embedded designers not paying enough attention (New Electronics) The Barr Group’s third annual survey of embedded systems safety and security has concluded there remains ‘much work to be done’ by the embedded systems design community in order to achieve a safer and more secure world.

LogRhythm report casts damning eye on enterprise security tactics (Security Brief) LogRhythm’s latest cyber resiliency report casts a damning look into the state of Asia Pacific organisations in Asia Pacific.

Legacy Cultures Inhibit Cybersecurity (SIGNAL Magazine) The evolution of cyber created ideal conditions for hackers. Now, managers must tamper with nature and reverse the consequences.

Dell: End user data security on LOB minds (Channelnomics) Dell exec discusses impact on channel partners

"Fast and Furious 8: Fate of the Furious" (Errata Security Blog) So "Fast and Furious 8" opened this weekend to world-wide box office totals of $500,000,000. I thought I'd write up some notes on the "hacking...

Marketplace

Top 10 big IT outsourcing and consulting disasters (Computing) When outsourcing goes wrong, it can go very expensively wrong...

Security-as-a-Service: How mid-market companies achieve network security (Help Net Security) Mid-tier companies are battling a black hole of time, security expertise, and budget to procure, implement, and manage a variety of security products, acco

Spotify acquires blockchain startup Mediachain to solve music’s attribution problem (TechCrunch) Spotify has acquired the Brooklyn-based blockchain startup Mediachain Labs, whose team will join the company's office in New York where they will work on..

Container-security startup Twistlock secures $17M in new funding for Portland expansion (GeekWire) New funding paves way for sales and marketing hiring in Pacific Northwest for container security experts.

SS8 Networks Achieves Record Revenues and Profitability (Businesswire) SS8 reported record revenues/profitability in its 2016 fiscal year as demand spiked for its network intelligence technology which uncovers indicators

McAfee Showcases Increased Commitment to Cyber Threat Research with Shamoon Revelations (Global Security Mag Online) A few weeks after launching as a standalone company, McAfee LLC announced it will increase investments and resources in cyber threat research. As a proof point of this commitment, McAfee released evidence that a series of Shamoon malware campaigns targeting Saudi Arabia are the work of one coordinated force of attackers, rather than that of multiple independent renegade hacker groups.

U.S. Air Force invests millions this month on cyberweapons projects (Cyberscoop) Three of the United States’ largest military contractors each won multimillion-dollar projects in the last month to boost American offensive power in the cyber domain. Raytheon, Northrop Grunman and Booz Allen Hamilton have all seen their stock prices rise 10 to 20 percent since the November 2016 U.S. election.

Defense Intelligence Agency’s ‘Shark Tank’ Helps Startups Pitch Spy Apps (Defense One) DIA analysts who like a product can launch a partnership on the spot.

General Dynamics IT unit wins $94M Indian Health Service contract -- Washington Technology (Washington Technology) General Dynamics' IT unit wins a potential five-year, $94 million contract for software and application services to the Indian Health Service.

CrowdStrike Expands into Latin America, Opens Office in Mexico City (Businesswire) CrowdStrike® Inc., the leader in cloud-delivered next-generation endpoint protection, today announced the launch of its operations in Latin America

Wynyard Focuses on Partnership With System Integrators to Expand US Operations (PRNewswire) The Wynyard Group, market leader in innovating Advanced Crime...

Contrast Security responds to OWASP Top 10 controversy (CSO Online) Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor pushing their agenda on the OWASP Top 10 project.

MOVES-Deloitte hires former FBI agent in cyber risk services unit | 04/25/17 | Markets Insider (Business Insider) Deloitte Risk and Financial Advisory, a unit of audit and tax services firm Deloitte & Touche LLP, named former FBI agent Linda Walsh as managing director for its cyber risk services.

PhishMe CEO Rohyt Belani Selected as Finalist for the EY Entrepreneur Of The Year 2017 Award Mid-Atlantic Region (Businesswire) PhishMe today announced that EY has named CEO and co-founder Rohyt Belani as a finalist for the Entrepreneur Of The Year® 2017

Products, Services, and Solutions

Guidance Software and kCura Expand Strategic Partnership (Businesswire) New agreements build on technical integration between EnCase eDiscovery and kCura’s RelativityOne

Magnet Forensics and Passware Partner to Provide Full Disk Decryption in Magnet AXIOM (Yahoo! Finance) Magnet Forensics, a global leader in developing forensic software for smartphone and computer examinations, and Passware, a world leader in password recovery, decryption, and electronic evidence discovery software,

LockPath and SailPoint Partner to Increase Security Risk Visibility (LockPath) LockPath, a leading provider of GRC solutions, today announced a new partnership with SailPoint, a leader in identity management.

Fortinet, Leidos Form Managed Security Service Partnership (ExecutiveBiz) Leidos has agreed to be a managed service provider of Fortinet‘s security products to federal government and commercial customers under a partnership agreement. Leidos said Tuesday its distribution of Fortinet offerings such as FortiSIEM will expand the former’s current pool of managed security services for clients. FortiSIEM combines the capacities of security operations centers and network operations centers into a single...

Gigamon Delivers Intelligent Visibility for Securing 40Gb and 100Gb Networks (Sys-Con Media) New flagship appliance GigaVUE-HC3 delivers pervasive visibility for the highest performance networks to improve infrastructure security efficiency and effectiveness

Dragos Adds Unmatched Threat Intelligence to the Industry's Only ICS Security Ecosystem (Yahoo! Finance) Dragos, Inc., a cybersecurity company specializing in protecting industrial control systems (ICS) around the world, today announced a new threat intelligence ...

IBM to develop industrial IoT devices with ABB (Computing) Suite of products will focus on areas such as manufacturing and smart grids

Micron and Microsoft collaborate on IoT security (evertiq) Micron Technology and Microsoft collaborate to address major challenges of providing trusted computing models for IoT deployments in industrial, automotive and consumer environments.

Optensity’s >rapid response for Splunk Now Available on Carahsoft GSA Schedule (GlobeNewswire News Room) Splunk App Provides Government Users with Agile Response and Recovery Measures to Resolve Infrastructure and System Issues

Skyhigh Becomes First Cloud Access Security Broker in Cooperative Purchasing Program (Government Technology) CIS CyberMarket is now offering cloud access security brokering to its state and local government members.

Franz's Allegro Common Lisp Meets Demand for High Performance Artificial Intelligence and IoT Applications (PRWeb) Allegro CL 10.1 gains ARM processor support for IoT applications

Exclusive: NSP taking LogRhythm SIEM to SMB market with security-as-a-service offering (Channel Life) Network and system integrator NSP is gearing up to launch a new security-as-a-service offering, which takes LogRhythm's SIEM to the SMB market.

Technologies, Techniques, and Standards

Old Windows Server machines can still fend off hacks. Here's how (CSO Online) Keeping a computer up-to-date, with the latest OS and software patch, is one of the best things you can do to stay safe from cyber threats.

Carbon Black asks: So what exactly is threat hunting? (Security Brief) Information security professionals used to put all of their chips towards incident prevention. This didn’t work out very well.

5 things marketers should do today to reduce their cybersecurity risk (CMO) Marketers must not only be in the business of IT today, they need to be in the business of IT security.

Banking trojans are on the rise: here’s how to avoid being robbed | Check Point Blog (Check Point Blog) Banking trojans are helping cybercriminals to commit the perfect crime: stealing money from the accounts of unsuspecting victims, almost untraceably and at minimal risk. As such it’s no surprise that from June to December 2016, banking trojans were only fractionally behind ransomware in being the most prevalent type of malware, and in Asia-Pacific countries they …

CrowdStrike VP Q&A on cybercrime and financial services (bobsguide) Who or what currently poses the greatest threat to the digital security of a financial services company?

Protecting Your Data and Networks From Ransomware (Financial Executives International Daily) Ransomware is the fastest-growing cyber security threat targeted at businesses today, but some basic digital hygiene can help reduce your company’s risk significantly.

Behavioural profiling: Spotting the signs of cyber attacks and misuse (Help Net Security) Behavioural profiling is recognised as a new level of protection against cyber attacks and systems abuse, offering the potential to pick out new attacks.

If Malwarebytes blocks legitimate processes, do this (gHacks Technology News) If the Malwarebytes security software blocks legitimate processes or files on Windows PCs, adding those to the exclusions list may resolve the issue.

NSA backdoor detected on >55,000 Windows boxes can now be remotely removed (Ars Technica) Microsoft dismisses DoublePulsar infection estimates, but otherwise remains silent.

Research and Development

DIUx expects to transition programs in next two months (Defense News) As of the end of March, DIUx has awarded 25 agreements for a total of $48.4 million.

DARPA wants more secure hardware (C4ISRNET) The Defense Advanced Research Projects Agency wants to test the proposition that more secure software starts with more secure hardware.

Academia

City University of London unveils new undergraduate course for budding data scientists (Computing) MSci data science course will begin in 2018

San Juan College cybercon kicks off Thursday (Albuquerque Journal) With the second edition of San Juan College's cyber security conference approaching, Lorenzo Reyes Jr., the director of the college's Center for Workforce Development, already has some lofty ideas in mind for the…

Legislation, Policy and Regulation

New Zealand has a new defense minister (Defense News) Mark Mitchell replaces Gerry Brownlee, who will be the new foreign affairs minister.

Tokyo evasive on report of secret deal with NSA over mass surveillance program (The Japan Times) The government's top spokesman on Tuesday declined to comment on — but did not deny — a report alleging that Tokyo has secretly and closely coo

White House Wants to Bake Security Into New IT Projects (Defense One) Trump’s top cybersecurity advisor has been tapped to help son-in-law Kushner ensure security is built into any new government tools from the beginning.

Trump’s promise on cybersecurity: what’s been happening? (Naked Security) Work behind the scenes suggests that an executive order on cybersecurity could be signed by the end of the week

8 Ways Governments Can Improve Their Cybersecurity (Harvard Business Review) Ensuring greater privacy and increased trust online.

Disclosing Zero Days (The State of Security) Eric Jardine writes about the need for governments to disclose zero days and begin to collaborate to make digital disarmament more than just ‘a thing’.

Why we need the FTC to police ISP privacy practices (CSO Online) The move to scrap the FCC's rules for ISPs leaves the industry without any federal oversight and puts internet privacy at risk.

What Role Should ISPs Play in Cybersecurity? (Dark Reading) There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.

Australian government plan to force ISPs to block malware (Computing) Australian government plan to push ISPs to do more to tackle cyber security

Lords drop 30Mbps minimum broadband speed demand as Tories rush Digital Economy Bill through parliament prior to general election (Computing) Enjoy your 10Mbps universal service obligation, citizens

Litigation, Investigation, and Enforcement

Fired acting Attorney General Sally Yates to testify before the Senate on Russian interference (Washington Examiner) Former acting Attorney General Sally Yates will testify in front of Congress next month as a part of the Senate Judiciary Committee's investigation into Russian interference in the presidential election.

Leaked Documents Reveal the NSA Spying on Scientists to Find 'Nefarious' Genetic Research (Gizmodo) A new document made public this week via Edward Snowden’s leak of NSA documents reveals a fascinating aim of signals intelligence program: The agency, it turns out, monitored international scientific developments in hopes of detecting “nefarious” genetic engineering projects more than a decade ago.

Kaspersky won’t sue Microsoft for anti-trust, for now anyway (On MSFT) Last November, David Kaspersky of cyber security suite makers Kaspersky Labs threw down the gauntlet so to speak against Microsoft. The "Goliath" of cyber security, as he called them in his blog post, is accused of making the world safer for cyber criminals by forcing out competition. The center of this anti-competitive behavior? Windows Defender.

Palantir settles U.S. lawsuit charging bias against Asians (WSAU) The data analytics and security company Palantir Technologies Inc has agreed to pay nearly $1.7 million to resolve charges it discriminated against Asian applicants for engineering jobs at its Palo Alto, California, office, the U.S. Labor Department said on Tuesday.

Teenage Hacker Arrested For Multiple Sony And Microsoft Security Breaches | SegmentNext (SegmentNext) A teenage hacker has been arrested, being responsible for multiple hacks and security breaches between 2013 and 2015 and making a business from it.

UK Man Gets Two Years in Jail for Running ‘Titanium Stresser’ Attack-for-Hire Service (KrebsOnSecurity) A 20-year-old man from the United Kingdom was sentenced to two years in prison today after admitting to operating and selling access to “Titanium Stresser,” a simple-to-use service that let paying customers launch crippling online attacks against Web sites and individual Internet users.

Northern Ireland boy held over TalkTalk cyber attack to fight identification ruling (Belfast Telegraph) A Co Antrim schoolboy arrested over the TalkTalk cyber attack is to appeal his failed High Court bid to secure legislative protection from media identification.

Former Expedia IT support worker gets prison time for hacking execs' emails, insider trading (Help Net Security) Jonathan Ly used his position to access emails of Expedia execs so that he could trade in Expedia stock and illegally profit from non-public information.

Man Fined $500 for Crime of Writing 'I Am An Engineer' in an Email to the Government (Motherboard) An electronics engineer says he found a flaw in traffic lights. The Oregon engineering board fined him for it.

Five years later, legal Megaupload data is still trapped on dead servers (Ars Technica) EFF lawyers head to appeals court to demand one man's data.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded professionals will gather for the 1-day congress in Calgary, Alberta, Canada where cyber security experts and industry leaders will share their knowledge, experience and best practices through presentations and interactive panel discussions.

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and Support. Our DI’17 Event examines some of the ‘people, process and technology’ issues critical to Team Defence being able to adopt, embed and exploit new (and often disruptive) Information and Communications Technology (ICT) capabilities and associated new ways of working - to productive effect.

Houston Cyber Summit (Houston, Texas, USA, April 27, 2017) Cyber security strategy is a term most often associated with the operational levels of an organization – firewalls, encryption, internal assessments and so on. But even the best technology and monitoring processes won’t mean a thing unless the cyber security strategy aligns with the business strategy. How can organizations prioritize cyber security from the top down and the bottom up at the same time? The Houston Cyber Summit is a one-day conference designed for executives to learn how to protect the business through a proactive cyber security strategy.

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of cyber crime is preventable and just a few key security steps can help avoid damaging your business reputation and finances

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together with one common goal – to expand the pool of IT Security knowledge beyond its typical confines. AtlSecCon provides an unmatched opportunity for IT Professionals and Managers to collaborate with their peers and learn from their mentors.

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Pawn Storm and France's election. Influence operations and how they relate to hacking. No one's sure what the Felismus RAT is up to. Patriotic cyber-rioting in South Asia.