The CyberWire Daily Briefing 5.1.17

Summary

By The CyberWire Staff

Concerns over influence operations continue to roil governments on both sides of the Atlantic. The Sunday Times revealed that GCHQ has gone on "high alert" (a journalistic characterization, not necessarily an operational one) to prevent cyberattacks during the run-up to the UK's June 8^th general election. France's presidential run-off is in its last week of campaigning as voters prepare to go to the polls on May 8^th and 9^th; the campaign of Emmanuel Macron's En Marche! has received the ministrations of Fancy Bear (Russia's GRU). And the US Congress received testimony about information operations last week: the RAND Corporation has published its testimony in the form of an overview of the current state of the art. In sum, that state indicates that marketing in battledress now effectively targets group fears, desires, and insecurities; that barriers to entry have fallen deeply; and that Russia maintains a lead in this form of conflict.

Facebook has noted that its platform is susceptible to use by information operators ("malicious actors"). Various political leaders, prominently in the UK, excoriate Facebook and other social media providers for "not doing enough to tackle hatred," although how they might do so without full-scale censorship remains unclear. (Turkey's government, at least, as opted for full-scale censorship, blocking Wikipedia and censoring Twitter.)

WikiLeaks on Friday released another tranche of its Vault7 leaks, these purporting to reveal a CIA document-tracking tool.

A change in NSA collection: “NSA will no longer collect certain internet communications that merely mention a foreign intelligence target.”

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Argentina, China, Estonia, Finland, France, Germany, India, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Latvia, Lithuania, New Zealand, Pakistan, Russia, Spain, Sweden, Turkey, Ukraine, United Kingdom, United States

On the Podcast

In today's podcast, we hear from our partners at Lancaster University, as Awais Rashid discusses the risks of putting data in the cloud.

Sponsored Events

Who's in Your Cloud? Gaining Visibility Into Your Network and Critical Assets (Webinar, May 11, 2017) Since cloud services are accessible from anywhere, at any time, getting visibility into your cloud activity is critical. Delta Risk experts examine the increasing importance of cloud monitoring and how it can protect your organization.

Selected Reading

Dateline

Insecurity (but not the neurotic kind) (The CyberWire) Information security is, at bottom, human conflict conducted by technical means. The discussions at Jailbreak, however deeply technical they became, all described people doing things to other people with code, with all the intensionality that implies.

Cyber Attacks, Threats, and Vulnerabilities

WikiLeaks Reveals CIA Tool ‘Scribbles’ For Document Tracking (Threatpost) The CIA is planting web beacons inside Microsoft Word documents to track whistleblowers, journalists and informants, according to WikiLeaks.

Threat of election hack puts GCHQ on high alert (Times (London)) Staff working at GCHQ were placed on high alert last week to prevent a cyber-attack during the general election, The Sunday Times can reveal. Intelligence chiefs at the National Cyber Security...

Russian Hackers Target French Presidential Campaign (eSecurity Planet) The attacks are the invisible side of a Russian campaign against Emmanuel Macron, his digital director said.

Panel to Senate: Cyber Operations Influence Political Processes Worldwide (USNI News) Russia used "useful idiots" to meddle in the U.S. presidential election and "fellow travelers" opposed to European Union and NATO to influence elections in France and Germany, while Islamic terrorists used "agent provocateurs" to topple Spain's government in 2004 and cast another pall over French voting, a cyber security expert told a congressional subcommittee Thursday.

The Weaponization of Information: The Need for Cognitive Security (RAND) Dimitry Kiselev, director general of Russia’s state-controlled Rossiya Segodnya media conglomerate, has said: “Objectivity is a myth which is proposed and imposed on us.”

Inside Russia’s Fake News Playbook (The Daily Beast) Clint Watts is testifying Thursday before the Senate’s armed services committee on how Russia became the kings of black propaganda. Here’s what he told the senators.

How the State of Russian Media Becomes the State of International Media (Foreign Policy) There’s a connection between violence against journalists and violence against journalism.

Turkey Has Blocked Wikipedia and Is Censoring Twitter (Motherboard) President Erdoğan's crackdown on voices of dissent is expanding to the internet.

Facebook admits it is being used as propaganda tool by ‘malicious actors’ (Naked Security) Facebook’s soul-searching report sets itself the challenge of knowing itself

Facebook, for the first time, acknowledges election manipulation (CBS News) Without saying the words "Russia," "Hillary Clinton," or "Donald Trump," Facebook acknowledged Thursday for the first time what others have been saying for months.

Social media giants fail to tackle hatred, say MPs (Times (London)) Google, Twitter and Facebook have shamefully failed to tackle terrorism, violence and hatred online, MPs say. The social media giants are labelled a disgrace in a report that accuses them of...

Facebook helped advertisers target teens who feel “worthless” (Ars Technica) Leaked 2017 document reveals FB Australia's intent to exploit teens' words, images.

What is an online troll? What do you need to know about it? (Panda Security Mediacenter) You’ve probably heard about online trolls – but what are they? Learn what an online troll is, and what to do if you become a victim.

PFLP launches cyber attacks against Israelis (Maan News Agency) The armed wing of the Popular Front for the Liberation of Palestine (PFLP), the Abu Ali Mustafa Brigades, said Sunday it has hacked scores of Israeli phones as part of a wider cyber attack operation in solidarity with Palestinian prisoners on hunger strike in Israeli custody.

Network management vulnerability exposes cable modems to hacking (CSO Online) Hundreds of thousands of internet gateway devices from around the world, primarily cable modems, are vulnerable to hacking because of a serious weakness in their implementation of the Simple Network Management Protocol.

Stealthy Mac malware spies on encrypted browser traffic (CSO Online) A new malware program that targets macOS users is capable of spying on encrypted browser traffic and stealing sensitive information.

Open Ports Create Backdoors in Millions of Smartphones (BleepingComputer) Mobile applications that open ports on Android smartphones are opening those phones to remote hacking, claims a team of researchers from the University of Michigan.

Millions of Android Devices Vulnerable to Network Scan Attack (HackRead) Researchers have recently discovered hundreds of vulnerable apps on Google Play Store which are allowing hackers to inject them with malicious code which,

IT service providers, many other orgs targeted in long-standing attack campaign (Help Net Security) US-CERT warns about an attack campaign using multiple malware implants and targeting organizations in the IT, Energy, Healthcare, and other sectors.

South Korean Bitcoin Exchange Yapizon Hacked; $5 Million Stolen (HackRead) Yapizon, a South Korean Bitcoin exchange suffered a massive data breach earlier this week when hackers stole 3816.2028 Bitcoin (US$5 million) which is 37%

Hacker Leaks "Orange Is the New Black" Season 5 Episodes After Netflix Extortion Attempt Fails (BleepingComputer) A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the "Orange Is The New Black" show after two failed blackmail attempts, against Larson Studios and Netflix.

TheDarkOverlord leaks upcoming episode of Orange is the New Black after Netflix doesn’t pay extortion demand (Data Breaches) After a two-month hiatus, and with pixels to spare, TheDarkOverlord let it be known today that they are still hacking and attempting to extort their victims:

Netflix Hackers Could Have Three Dozen Additional TV Shows, Films From Other Networks and Studios (Variety) The group of hackers that leaked the upcoming fifth season of “Orange Is the New Black” this weekend may have also secured access to some three dozen other shows and movies. TheDarkOverlords…

No, Netflix is not a victim of Ransomware (CSO Online) A security firm has claimed the recent issues facing Netflix and their series "Orange is the New Black" are Ransomware, and a recent report from NBC News states the same. While no company wants to be held under the threat of ransom demands, Ransomware and extortion are two different types of problems.

Americans No.1 Ransomware Target & Most Likely To Pay Up (HackRead) Symantec, an IT security and software company, has released the latest volume of Internet security threat report and some of the facts written in the repor

Bitcoin Value Rises to Over $1300 (Infosecurity Magazine) As the Bitcoin Value Rises to Over $1300, will this pay more to ransomware wielding cybercrminals?

Professor: ‘10 concerts' Facebook meme may reveal answer to security questions (WFXT) If you’ve opened your Facebook app recently, your feed has likely been flooded with statuses of your friends posting “10 Concerts I’ve Been To, One is a Lie.”

Malware Blocks Virginia State Police From Updating Sex Offender Registry (BleepingComputer) A malware infection affecting servers belonging to the Virginia State Police (VSP) has shut down the department's email system, along with its ability to update the Virginia Sex Offender and Crimes Against Children Registry (SOR).

Vt. Law School Preps Against Cyberattacks (Valley News) Vermont Law School has spent the past several weeks beefing up its digital defense system after a massive cyber-attack temporarily shut down the Internet and computer systems at the school.“We continue adapting,” Sean Lee, the general...

Winery, vineyard cyber attack risk grows with web-connected systems (The North Bay Business Journal) If a device in your winery or vineyard connects to the internet, it is vulnerable. Farella Braun + Martel attorney partner Tyler Gerking explains the risks and protections.

Additional information concerning the April 21st San Francisco outage (Control Global) The April 21, 2017, San Francisco outage should raise red flags at DOE, FERC and NERC about how they classify Critical Infrastructure and Key Resources (CIKR) and Bulk Electric System (BES) assets. This outage emphatically points out that system reliability, the definition of key facilities, and economic impact should be considered during CIKR classification. The outage also demonstrates the limitations of several key NERC reliability and cyber security standards.

Sonia disowns Rahul video virus? It's a hoax (Graham Cluley) At least ask some questions before you forward virus warnings to your friends.

Eugene Kaspersky opens up about Russia, hacking and the frontlines of cyberwar (International Business Times UK) The Kaspersky Lab expert on crime, espionage and why the best hackers speak Russian.

Cyber Trends

Industry reactions to the Verizon 2017 Data Breach Investigations Report (Help Net Security) Industry leaders offer their opinion on the Verizon 2017 Data Breach Investigations Report, which offers a global view of the modern threat landscape.

Mega Data Breaches Could Drive the Blockchain Revolution (Infosecurity Magazine) Blockchain is the ideal candidate for a variety of data security applications, and the information security world has already begun to take notice.

Forrester - Vendor Landscape: Vulnerability Management, 2017 (Tenable) This report from Forrester provides security and risk professionals an overview of the vulnerability management vendor landscape, as well as information on trends that directly affect and enable business operations.

Do you work in the financial sector? Time to step up your cybersecurity habits (TechRepublic) A report from IBM Security revealed a 937% increase in records stolen from the financial sector in 2016. Here's what you need to know and do to protect your sensitive data.

New SentinelOne Enterprise Risk Index Provides Evidence of Growing Use of In-Memory Attacks; Renders Traditional Antivirus Protection Methods Redundant (SenitnelOne) Data analysis shows attackers continuing to shift away from file-based attack techniques

10 Cybercrime Myths that Could Cost You Millions (Dark Reading) Don't let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.

Marketplace

Going commercial a challenge for government contractors (Baltimore Sun) KEYW's founder was so confident in the company's cybersecurity services for the federal intelligence community that he decided in 2013 to branch out into the

The Government Wants a Thriving Cyber Insurance Market. Here’s How It’s Getting Started (Nextgov) The Homeland Security Department wants to build a massive repository of cybersecurity and breach data that insurers can learn from.

Artificial Intelligence Pushes the Antitrust Envelope (Bloomberg BNA) If machines collude when no one’s watching, would any antitrust alarm bells sound?

Appian files for $86.25 million IPO (Washington Business Journal) Reston-based software developer Appian Corp. has filed for an initial public offering and is looking to raise up to $86.25 million, according to Securities and Exchange Commission filings.

Dimension Data Australia writes off Oakton investment by $73 million (CRN Australia) Australian subsidiary has received $300m from parent company in two years.

CyberTycoons.com Acquires SEO BAM (Digital Journal) A cornerstone of Internet history, SEO BAM has been providing SEO (Search Engine Optimization) services for more than 2 decades. Because of its longevity in the market, SEO BAM has primarily operated as a referral-based, or word of mouth business for most of its existence.

Why A10 Networks Stock Plunged Today (The Motley Fool) Investors weren't impressed by first-quarter results.

2 Reasons Check Point Software Technologies Should Continue Growing (Pantagraph) Check Point Software Technologies (NASDAQ: CHKP) stock has enjoyed a terrific run this year, rising over 20%, sparked by a solid fiscal fourth-quarter earnings report in January. The cybersecurity specialist's

root9B Holdings Sells IPSA's Investigative Due Diligence Practice (PRNewswire) root9B Holdings, Inc. (Nasdaq: RTNB) ("RTNB") today announced...

Why Did Intel Spin Off Its Security Business? (Market Realist) As Intel (INTC) is becoming a data-centric company, its security has become key. Despite this, Intel recently spun off its security business by selling 51% of it to investment firm TPG for $3.1 billion. Intel acquired McAfee in 2010 for $7.7 billion, which means a 51% stake equates to $3.9 billion. It sold its stake in McAfee at a loss of $800 million. Fiscal 1Q17 is the last quarter in which Intel will report security earnings.

A Security Company Just Hacked The Marketing World (Forbes) For nine seasons, everybody loved Raymond. Now, founders and CEOs have discovered a new darling: Duo Security.

Bremerton tech firm helps businesses respond to cyber attack (Kitsap Sun) Critical Informatics poised for expansion

Mobily signs MoU with Palo Alto Networks on future security offerings (Eye of Rihadh) Mobily has signed a memorandum of understanding with Palo Alto Networks, the next-generation security company.

RSA Security Inks Cyber Threat Data Sharing Agreement With NATO (ExecutiveBiz) Dell Technologies’ RSA Security business and the NATO Communications and Information Agency have agreed to exchange cyber threat data in an effort to build up situational awareness and safeguard networks from vulnerabilities. RSA signed Tuesday the industry partnership agreement with NCI during the NITEC17 conference in Ottawa, Canada, the agency said Tuesday. “RSA is thrilled to be...

Mosaic451 Awarded Contract by the Charlotte Cooperative Purchasing Alliance to Provide Security Services (PRNewswire) Mosaic451, a bespoke cybersecurity services provider and consultancy, announced...

Gil Shwed's salary cost was $35.6m in 2016 (Globes) Almost all of the Check Point CEO's remuneration was in shares.

Microsoft appoints former FTC commissioner to lead its regulatory & privacy efforts | The Tech Portal (The Tech Portal) In her position at Microsoft, Julie Brill & her team will closely work with external stakeholders – policy makers, regulators, customers and civil society

Endace hires new VP Product Management (Yahoo! Finance) Endace, a world leader in high-speed network recording and network history playback, announced today that Cary Wright will join Endace as the company's new VP of Product Management. Wright comes to Endace from Ixia, where he held the role of

Products, Services, and Solutions

Facebook launches its bloat-free Messenger Lite app in over 100 new countries (Neowin) Facebook's 'lightweight' Messenger app - designed primarily for older, less powerful devices, in countries with slow, unstable mobile networks - is now available in over 100 new markets worldwide.

Behavioral Biometrics Offers Considerable ROI: BioCatch (Find Biometrics) Security based on behavioral biometrics can offer a considerable return on investment, BioCatch says. And to prove it, the company has launched an ROI calculator for organizations considering implementing the technology.

John McAfee is preparing an "antispyware" smartphone with buttons that allow physically to disconnect the battery and Wi-Fi antennas (Startler Tech) John McAfee's personality hardly needs a separate presentation, even for those who did not use the antivirus software developed by his company.

Cloudflare Nukes IoT Security Threats from 'Orbit' (eSecurity Planet) The company's new service keeps IoT devices, even ones riddled with vulnerabilities, out of a hacker's grasp.

ERPScan Introduces First High-level SAP Cybersecurity Framework (Yahoo! Finance) EAS-SEC, a non-profit organization focused on enterprise application security, with the support of ERPScan , a leading provider of business application security ...

Technologies, Techniques, and Standards

The US Takes On the World in NATO’s Cyber War Games (WIRED) Last year, the US finished last in Locked Shields, NATO's cyber war games. This year, it had its eye on redemption.

The Air Force bolsters its Cyberspace weapons systems (Defense Systems) The Air Force’s latest cyber space weapons system increases control of cyberspace data for more versatile operational command.

CTIC Synchronizes Service (SIGNAL Magazine) A new defensive cyberspace operations facility will boost the 35th Intelligence Squadron’s ability to meet growing demands.

The Complexity of Public-Key Cryptography (IACR) We survey the computational foundations for public-key cryptography. We discuss the computational assumptions that have been used as bases for public-key encryption schemes, and the types of evidence we have for the veracity of these assumptions.

Carbon Black: How to set up a threat hunting program (Security Brief Asia) We know the attackers are out there – they are perpetually trying to break in, and many are succeeding.

A Day in the Life of a Security Avenger (Dark Reading) Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks

Criminals on a mission of ambition and disruption, says Symantec (Security Brief) Ransomware attackers are increasing their ransoms; more emails are containing malicious links; and disruption is the word of the day.

Knowing Versus Doing: Using Stories To Build A Culture Of IT Security Awareness (Forbes) If you were to recall past experiences in your life, one in which you were watching a movie, and another in which you were sitting through a lecture, which slice do you think you would be more likely to remember? Most people would say a movie.

10 Types of Computer Viruses Dangerous And How To Overcome them (Almaftuchin Tech) 10 Types of Computer Viruses Dangerous And How To Overcome them

Indian CIOs and CISOs need to adopt certain crucial practices: Dell EMC (DATAQUEST) Dell EMC shares his views on data protection challenges faced by Indian enterprises. He points out at Dell EMC’s role in the whole ecosystem

Design and Innovation

So many elections, so little tech (IDG Connect) While some politicians know how to use emerging technologies to get their message across – President Donald Trump’s Tweets or Jean-Luc Mélenchon’s use of holograms to appear at multiple rallies at the same time – technology policy never seems to be a strong suit or priority.

DHS Commercializes Malware Detection Technology (SIGNAL Magazine) The Department of Homeland Security’s S&T Directorate announced the transition of Hyperion, a malware detection technology, to the commercial marketplace.

With AI investments, Taser could use its body camera division for predictive policing (TechCrunch) After announcing that it would shift some of its emphasis away from non-lethal weapons to police body cameras, for a fleeting moment it felt like the company..

Imagining five retro technologies as startup pitches (TechCrunch) Silicon Valley is a bubble. Go into any SoMa coffee shop and you’ll hear founders and investors alike singing the praises of Hyperloop and flying cars —..

Academia

Master’s degree to arm future cyber security pros (Acumin Recruitment, London) If the plan is successful, we can expect to see a high-level talent pool applying for cyber security jobs in the UK for years to come.

Harford Community College shows off new cybersecurity labs (The Aegis) Harford Community College hosted a grand opening ceremony Friday for its Cybersecurity Labs in Joppa Hall. The labs allow students to experience hands-on learning in executing and defending against cyberattacks.

University of Utah hires Randall Arvay as CISO (CSO Online) Arvay brings a strong cybersecurity, military and educational background to the chief information security officer role.

Legislation, Policy and Regulation

National Security Agency ends controversial email collection program (KSRO) The National Security Agency will cease collecting internet communications that merely mention an individual who is considered to be a “foreign intelligence target.” The move is being welcomed by privacy advocates who have

A Big Change in NSA Spying Marks a Win for American Privacy (WIRED) The NSA won't collect the emails of US citizens just because they mention a foreign target. That's a big deal.

With the war far from over, privacy activists cautiously celebrate a battle won (TechCrunch) After the NSA's surprise announcement that it would pull back on a contentious surveillance tactic, privacy advocates found themselves in a strange place in..

Finland launches national security initiatives defending against hybrid threats (Defense News) Finland’s military and national security agencies will receive more expansive powers to conduct intelligence gathering inside and outside Finland’s borders.

US, Argentina agree to ‘Cyber Working Group’ (Normangee Star) President Donald Trump and first lady Melania Trump greet Argentine President Mauricio Macri and his wife Juliana Awada at the White House in Washington.

The utter uselessness of banning social media in Kashmir (http://www.hindustantimes.com/) Banning social media websites such as WhatsApp, Facebook, and Twitter will not help stem discontent in the valley. By restricting access to these websites, the government is...

Getting Tough on North Korea (Foreign Affairs) A quarter-century of negotiations and sanctions have failed to change North Korea’s behavior. It’s time to crack down on Pyongyang’s foreign financial dealings—and the states that abet it.

Kim Jong Un Is a Survivor, Not a Madman (Foreign Policy) North Korea's behavior might seem irrational to outsiders, but the Kim regime is just taking logical actions to survive.

Trump’s Only Playing the Madman With North Korea (The Daily Beast) Trump’s tweeted threats may sound unhinged. But the crazy talk is carefully planned, administration officials insist.

Interest in cyber deterrence policy grows, but actual legislation will prove difficult (Washington Examiner) "We will not allow other states to hold us at risk. We must be able to sustain our infrastructures during times of stress."

Dan Geer: Cybersecurity is 'paramount national security risk' (CSO Online) Cybersecurity and the future of humanity “are conjoined now,” according to In-Q-Tel’s Dan Geer. The cybersecurity futurist, in the closing keynote at SOURCE Boston 2017, gave a sobering look at what is likely to come in a world where change and growing interdependence is happening faster than anyone’s ability to manage it

White House Cyber Chief Outlines Challenges and Next Steps for Trump Administration - Billington CyberSecurity (Billington CyberSecurity) Robert Joyce, the new Cybersecurity Coordinator and Special Assistant to the President at the White House, said the release of the Executive Order is due …

Intelligence and the Presidency (Foreign Affairs) The relationship between Trump and the intelligence community needs to be recalibrated. The president must understand that “alternative facts” have no place in the work of intelligence professionals.

Lawmaker calls on ISPs to stop customers being hit by viruses (Naked Security) Australian minister says government is considering moving towards ‘active defence … blocking or diverting malicious traffic’

FCC: net neutrality is ‘politically motivated government overreach’ (Naked Security) FCC chief signals assault on rules from the days of Ma Bell used by Obama to guarantee net neutrality

Power ministers' meet adds cyber security, digital payment to agenda (Business Standard) Move is in line with the BJP-led Centre government pushing for digitisation in several departments

Litigation, Investigation, and Enforcement

For Russia And U.S., Uneasy Cooperation On Cybercrime Now A Mess (RadioFreeEurope/RadioLiberty) A widening U.S. dragnet is picking up more and more Russian computer hackers. Russia's own dragnet is picking up FSB cyberofficers, including some who once helped the Americans.

Shot suspect arrested as police track two more terror plots (Times (London)) The woman shot by police in a counter terrorism raid in northwest London last week has been discharged from hospital and taken into police custody. The 21-year-old was admitted for her injuries...

Italian Botnet Operator Who Made Over $325,000 Extradited to the US (BleepingComputer) US officials successfully extradited a 30-year-old Italian man for his role in creating and running a botnet of hacked servers.

Users can withdraw if they find WhatsApp policy unacceptable: Facebook counsel in SC (The Times of India) “Those who find the new privacy policy irksome or violative of their fundamental rights, can quit. We’ve given full freedom to users to withdraw from Facebook and WhatsApp,” counsel for Facebook said during a hearing in the Supreme Court.

Facebook and Google Were Victims of $100M Payment Scam (Fortune) Mystery solved

FTC Offers ID Theft Victims Online Crime Reporting Tool (Dark Reading) ID theft victims can report their cybercrime attack to the Federal Trade Commission, without having to file a police report in most cases.

Is it ethical to do constant criminal background checks on employees? (CSO Online) Companies hire a third party to scour public databases to make sure employees are not getting into legal trouble that would impact their jobs. But is it ethical? Experts explain.

Carrie Goldberg Is Fighting Revenge Porn One Court Case at a Time (Motherboard) “I am one of my clients.”

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look at automotive assembly, industry suppliers, embedded systems, and safeguarding extended customer and product data. The Summit will include two-days of in-depth presentations from top security experts and seasoned practitioners, hands-on learning exercises, and exclusive networking opportunities.

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended to improve network security and performance by exerting much greater control over how ARP traffic flows through the network as well as over what actually delivers the ARP service. Presented by Mark Alan Matties, PhD of The Johns Hopkins University Applied Physics Lab.

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.