We're happy to announce that you can now become a CyberWire Patron. People ask us (a lot) how they can support what we do, and now there's a new and affordable way to become part of the CyberWire story. You can help us deliver the news by becoming a patron today. As always, thanks for reading and listening.
More Signal. Less Noise.
The Cybersecurity Canon. Election influence operations continue unabated. The curious story of Google Docs phishing. Snake slithers toward Mac OS. Extortionists can now hire Fatboy.
Announcements
Now Patrons can become part of the CyberWire story
Summary
French voters will elect their next President this weekend, and the election's final week has been roiled by accusations that Marine LePen's campaign "colluded" with Russia. In Germany, which will hold its federal elections on September 24, Hans-Georg Maassen, director of the domestic intelligence service Bundesamt für Verfassungsschutz (BfV), warns that his agency has seen a marked increase in Russian cyberespionage directed at influencing the elections. WIRED takes a look at what US sanctions did to slow down election-focused Russian cyberespionage and concludes that they accomplished essentially nothing.
Those interested in the historical continuity of Cold War espionage and propaganda with current cyber and influence operations will find the National Security Archive's Cyber Vault Highlights, just published by George Washington University, worth consulting.
The Google Docs worm phishing campaign takes an odd turn. Someone claiming to be a student at Coventry University (Bleeping Computer calls him "some Twitter dude") says he was responsible, and that it wasn't really an attack, just a test. He identifies himself as "Eugene Pupov," but Coventry University says they've never heard of him. There are other grounds for skepticism—the Twitter account @EugenePupov was registered simultaneously with the attacks, and the picture associated with it was of another Pupov entirely. Whoever's behind the incident, observers think OAuth abuse likely to continue.
Snake malware (a.k.a. Turla, Agent.BTZ, Uroburous) is getting an upgrade: FoxIT thinks it's being prepared for use against Mac OS targets.
Recorded Future describes "Fatboy," a new ransomware-as-a-service offering on a Russian-language criminal forum.
Notes.
Today's issue includes events affecting China, European Union, France, Germany, Republic of Korea, Russia, Taiwan, Ukraine, United Kingdom, United States
On the Podcast
In today's podcast, we hear from our new partners at the SANS Institute, as Johannes Ullrich talks about SANS and its work. Our guest, Allan Liska from Recorded Future, talks about the book about ransomware he wrote with co-author Timothy Gallo.
Sponsored Events
Who's in Your Cloud? Gaining Visibility Into Your Network and Critical Assets (Webinar, May 11, 2017) Since cloud services are accessible from anywhere, at any time, getting visibility into your cloud activity is critical. Delta Risk experts examine the increasing importance of cloud monitoring and how it can protect your organization.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
German spy chief issues fresh warning about Russia cyber attacks (The Independent) Germany’s domestic intelligence agency expects new cyber attacks targeting politicians and government officials ahead of federal elections. Hans-Georg Maassen, head of the BfV agency, said spies are keeping a “very close watch” on threats as the country gears up for September’s vote.
Le Pen on the ropes over ‘collusion’ with Kremlin (Times (London)) Today is the final day of campaigning by Marine Le Pen and Emmanuel Macron in the French election but the far-right leader already appears defeated after a bad-tempered TV debate. National Front...
US Sanctions Didn’t Stop Russia’s Election Hacking—Or Even Slow It Down (WIRED) The Fancy Bear group's continued attacks on electoral campaigns shows how easily the Kremlin brushed off Obama's sanctions.
Cyber Vault Highlights (National Security Archive) The National Security Archive posts a sampling of 40+ documents on all aspects of cyber activity taken from its growing collection of key materials every student and expert should have
China tried to hack THAAD system: CNN (Korea Times) “China uses cyber espionage pretty regularly when Chinese interests are at stake to better understand facts on the ground,” John Hultquist, the director of cyber espionage analysis at FireEye, told CNN. “We have evidence that they targeted at least one party that has been associated with the missile placements.”
Update: Google Doc phishing story takes some bizarre turns (Naked Security) Since news began circulating last night of a phishing campaign parading around as Google Doc access links, the tale has taken strange twists and turns. A self-described graduate student claims he w…
Some Twitter Dude Is Trying to Take Credit for the Google Docs Phishing Attack (BleepingComputer) A Twitter user by the name @EugenePupov is trying to take credit for the massive phishing attack that hit Gmail users last night, but currently available evidence isn't lining up with his statements.
Google Doc CloudPhishing Worm Attack Technical Analysis (Netskope) Introduction The Internet was buzzing yesterday over a rapidly spreading attack involving malicious apps masquerading as Google Docs which gained permission to victims’ Google Gmail accounts and...
Google Docs Account Take-Over Worm (Agari) On May 3rd, 2017, cybercriminals launched a large scale phishing worm that executed account takeovers to compromise Google Gmail and G Suite email accounts. The attack enticed users to authorize a malicious application appearing to be Google Docs to take over the victim’s email account. This attack was only successful if all of the following apply to you or your organization:
1 Million Gmail Users Impacted by Google Docs Phishing Attack (Threatpost) Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.
Google Was Warned About This Week’s Mass Phishing Email Attack Six Years Ago (Motherboard) Six years ago, a researcher warned about the exact same "dynamite phishing" technique used to phish around one million Gmail users this week.
Google Docs phishing attack underscores OAuth security risks (ITworld) Google has stopped Wednesday’s clever email phishing scheme, but the attack may very well make a comeback.
Google Docs Phishing Scam a Game Changer (Dark Reading) Experts expect copycats that take advantage of passive authentication from third-party applications using standards such as OAuth.
Bondnet botnet goes after vulnerable Windows servers (Help Net Security) A botnet consisting of some 2,000 compromised Windows servers has been mining cryptocurrency for its master since December 2016.
Snake Malware Modified; OS X The Next Target (HackRead) The security researchers at Fox-IT have discovered a modified version of the previously known snake malware. A version specifically designed to target MacO
Fatboy Ransomware-as-a-Service Emerges on Russian-Language Forum (Recorded Future) Recently a member of a top-tier Russian cyber criminal forum posted an advertisement for “Fatboy,” a new ransomware-as-a-service (RaaS) product. Learn more.
WordPress Zero-Day Could Expose Password Reset Emails (BleepingComputer) Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
Unpatched WordPress Password Reset Vulnerability Lingers (Threatpost) A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account.
Microsoft says: Lock down your software supply chain before the malware scum get in (Register) Stealthy attack code spotted going after payment systems
Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack (Microsoft Malware Protection Center Blog) Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised...
Bank robbers exploited SS7 weaknesses to drain 2SV-protected accounts (Graham Cluley) A group of thieves exploited weaknesses in Signaling System 7 (SS7) to drain users' bank accounts, including those protected by two-step verification (2SV).
We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed. (Motherboard) Financially-motivated hackers are using SS7 attacks to break into bank accounts.
Exploit Kits Surge Worldwide as Rig makes list of 'Most Wanted' Malware in Africa (bobsguide) After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point
Critical RCE flaw in ATM security software found (Help Net Security) Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by GMV Innovating Solutions.
HTTP Headers... the Achilles' heel of many applications (SANS Internet Storm Center) When browsing a target web application, a pentester is looking for all “entry” or “injection” points present in the pages.
iPhone Phishing Scam Crosses Over Physical Crime (TrendLabs Security Intelligence Blog) Traditional crime and cybercrimes are not mutually exclusive and can, in fact, work together in seemingly bigger attacks or malicious schemes.
Don't believe the social media rumors: Camp Pendleton's 'Darkhorse Marines' aren't dying in Afghanistan (San Diego Union-Tribune) People Twitter, Facebook and other sites keep asking people to pray for combat-plagued 3rd Battalion, 5th Marines, but the grunts aren't in combat or even in Afghanistan.
Payroll shutdown: company denies insolvency as IT contractors pray for payment (CRN Australia) Plutus Payroll speaks out as IT contractors pray for payment.
NYPD: Fraud Ring Recruited Mules Via Social Media (Infosecurity Magazine) NYPD: Fraud Ring Recruited Mules Via Social Media. Sophisticated operation resulted in $2.5m counterfeit check deposits
Barts Health NHS Trust has cancelled 136 operations and hundreds of chemotherapy appointments due to IT failure (Computing) Pathology and image viewing applications have finally been restored across the Trust after two-week outage
DHS warns Congress of security threats to phones (TheHill) Department sends report to lawmakers on mobile device security.
Security Patches, Mitigations, and Software Updates
Microsoft pulls botched Office 2010 nonsecurity patch KB 3128031 (InfoWorld) Mysterious VBA error apparently to blame -- but no confirmation from Microsoft
Verizon brings April security patch for Android to Samsung Galaxy Note5 and Galaxy S6 edge+ (Neowin) After updating its Galaxy Note 5 and Galaxy S6 edge+ to Android 7.0 Nougat last month, Verizon is now rolling out the Android security patches for April to both of the high-end handsets.
Intel Patches Security Threat On Enterprise PCs (PYMNTS.com) Intel has reportedly been operating with what reports called a “critical vulnerability” in its firmware that could allow hackers to infiltrate company systems via Intel’s Active Management Technology, Small Business Technology or Standard Manageability. Reports Wednesday (May 3) said a researcher at IoT startup Embedi identified the vulnerability that has existed within Intel systems since […]
Cyber Trends
Rudimentary Attacks Pose Greatest Risk to Midsized Organizations According to New Threat Report (Marketwired) eSentire SOC analyzes nearly 5 million attacks across hundreds of midmarket organizations in 2016
IT Managers Say Price Most Important When Buying Endpoint Security (Yahoo! Finance) More than 70 percent of SMB IT managers say budget considerations have forced them to compromise on security features when purchasing endpoint security according to a new, exclusive survey by VIPRE®. Overall, price was the top factor in endpoint security
Business Email Compromise Losses Up 2,370 Percent Since 2015 (Threatpost) The FBI says Business Email Compromise scams are growing at astronomical rates, and businesses have lost $5.3 billion since 2013; $346 million in the U.S. alone in the second half of 2016.
Three cybersecurity threat trends that organizations should address today (Help Net Security) The cybersecurity landscape grows seemingly more complex – and dangerous – by the day: Hackers and other bad actors unleash increasingly intricate and form
One in Two Organizations Have Had a SharePoint Data Breach, According to New Study (Yahoo! Finance) The Ponemon Institute and Metalogix, today released results of a report focused on how organizations are keeping sensitive or confidential data safe in collaboration and file sharing environments such as SharePoint, Dropbox, and file sync and share applications
Who's responsible for secure Internet access? (Help Net Security) For those that say Internet access is a human right, 41 percent hold the government responsible for safe and secure Internet access.
India Inc unprepared to deal with cyber attack (Deccan Chronicle) Survey reveals most participants think social media as a potential risk.
Marketplace
What's the key to surviving as a cyber-security start-up? (CSO Online) It’s always a gamble to establish a start-up, but if you were to choose any sector where you’d fancy your chances of success, it would surely be cyber-security.
Signifyd raises $56 million for e-commerce fraud protection (TechCrunch) E-commerce fraud is a growing problem, but Signifyd thinks it has a solution to save businesses money. Their company is growing fast and has closed a $56..
Why Cisco Systems, Inc. Shareholders Have Something to Worry About (The Motley Fool) Will the networking giant be left behind as customers shift towards cloud-based solutions?
HackerOne says 'no' to FlexiSpy stalkerware bug bounty program (Register) Creepy app seller is going to have to QA its own buggy software
Kimberly-Clark Recognized by CSO50 for Excellence in Cybersecurity Awareness (PRNewswire) Kimberly-Clark Corporation has been recognized for its excellence in cybersecurity...
Nehemiah Security Named One of Greater Washington’s Best Places to Work (BusinessWire) Nehemiah Security, an internationally recognized supplier of cybersecurity software and services to enterprise and government organizations, today ann
Digital Shadows Expands Executive Leadership to Support Rapid Growth of the Company (BusinessWire) Digital Shadows announced new appointments to its management team today: Dan Lowden as Chief Marketing Officer, Schwark Satyavolu to the company's boa
Products, Services, and Solutions
New infosec products of the week: May 5, 2017 (Help Net Security) Here's an overview of new products from vendors including: Code42, Crossmatch, CyberArk, EclecticIQ, ThreatQuotient, and Netwrix.
Gemalto’s secure smart chip to be integrated in the Galaxy S8 in selected markets (Deccan Chronicle) The chip has been embedded in other Samsung smartphones including the Galaxy A series globally and the Galaxy C series in China.
Gemini Data Helps Organizations Build Intelligent, Hybrid Infrastructure with SBOX Appliance 2.2 (Gemini Data) Latest version offers integration across cloud, hardware, and software-based offerings, Cloudera support
Ram Group Announces World's First Full-Body Biometric Authentication Technology (PRNewswire) RAM Group, Singaporean based technology firm, has just announced a new...
Verizon Secures The Perimeter With New Cloud-Based Security Service For Business Customers (CRN) Verizon introduced a cloud-based managed security service, Software-Defined Perimeter. The latest service, which lets enterprises ID and block breaches at the network border, is not immediately available through channel partners.
Verizon Open Source White Box ‘Coming Soon,’ VP Says (SDxCentral) A Verizon open source white box solution that runs services from multiple vendors will launch soon, according to Verizon VP Shawn Hakl.
Thycotic Launches Free Browser Stored Password Discovery Tool (Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today announced its Browser Stored Password Discovery Tool - a free tool that detects and informs IT professionals if passwords are being stored within
Mocana to Demo Its Industrial IoT Security Platform Integrated with Dell's IoT Gateway at Dell EMC World 2017 (Marketwired) IoT security leader delivers strong security solution on purpose-built Dell Industrial Gateways
CA Technologies Uses AI Tech to Combat Online Fraud (eSecurity Planet) The company's new CA Risk Analytics Network uses machine learning and neural network technologies to curb online credit card fraud.
Technologies, Techniques, and Standards
GDPR: Some organisations are looking forward to it; for others it's a 'pain in the bum' (Computing) Some IT leaders believe GDPR will make their lives easier by forcing their supply chain to tighten up, but others are more concerned about their own organisation's compliance.
How "adversarial engineering" of red teams is strengthening security practitioners (ZDNet) Want to make enterprise security and up-and-coming security leaders stronger? Put a red team on it.
Third parties leave your network open to attacks (CSO Online) With the Target example as the high-water mark, enterprises need to worry about the lack of security on a third parties’ part. How do you tighten things up?
The pitfalls of cybersecurity shopping: hype and shoddy products (CSO Online) Today's cybersecurity market is beset by vaporware, exaggerated marketing claims and shady sales tactics, security managers say.
Top tips for finding the right cybersecurity products (CSO Online) Having trouble finding the right security products for your business? You’re not the only one. We asked experienced buyers for their tips.
Taming the Open Source Beast With an Effective Application Security Testing Program (Security Intelligence) Application security testing is the only way to prevent open source vulnerabilities from becoming a huge problem in the enterprise.
Pitfalls of identity access management (CSO Online) Whether dealing with a third parties access or tracking an insider through your network, action needs to be take to see who goes where. Too few organizations treat IAM as the crucial, secure connective tissue between businesses' multiplying employees, contractors, apps, business partners and service providers.
Going travelling? Don’t drop your guard when you’re on the road (Naked Security) Cybercriminals don’t take holidays, as recent breaches show: here are some tips to keep your data safe while you travel
What's Up with Your Mobile Apps? Identifying and Mitigating Digital Risk (Security Week) I’ll venture to guess you’re using a mobile device to read this. In the most recent Ericsson Mobility Report (PDF), the total number of mobile subscriptions at the end of 2016 was approximately 7.5 billion and growing around 4 percent year-on-year. Greater speed, power and storage capabilities of mobile devices means they are used more frequently for activities previously reserved for laptops or PCs.
How to Stop a Hacker: Disincentivizing Cybercriminals (Security Week) As long as computers have been in existence, there have been people trying to hack them. As technology has evolved and improved, so has the advancements for keeping cyberattacks at bay.
Shifting Left on Security and Software Delivery (Infosecurity Magazine) Under the term ‘shift left testing’, IT teams have learned to collaborate in order to deliver software faster, with fewer flaws.
How to Integrate Threat Intel & DevOps (Dark Reading) Automating intelligence can help your organization in myriad ways.
Threat intelligence today (CSO Online) Fast, accurate threat intelligence is vital in staying ahead of threats from bad actors. Find out how threat intelligence can help your IT security team protect your valuable data today and grow with your organization into the future.
Board members are main targets in a cyber attack (The Economic Times) The best defence against ransomware is to have a back-up which is not connected to the system. Now, when we got the mainframe computers, we were already talking about back-ups.
Design and Innovation
Biometric ID gets a security boost from the blockchain (ATM Marketplace) BitCAD, a cryptographic smart platform, has developed a decentralized blockchain-based system for biometric identification of users.
In the Know: Present and Future of Artificial Intelligence in Security (SentinelOne) You’ve seen that movie, the one where humans fabricate robots that are so human-like they end up taking over the world. What was once the plot line for every other sci-fi film is now leaking into reality of our everyday lives.
There's No Safe Way to Keep Child Porn and Murder Off Facebook (Motherboard) Facebook is hiring 3,000 more people to do what experts say is one of the most psychologically traumatizing jobs in tech.
Academia
IBM and Boston College Host Cybersecurity Day for Local High Schoolers (PRNewswire) IBM (NYSE: IBM) Security is collaborating with Boston College to bring...
Legislation, Policy and Regulation
New proposals for encryption 'back doors' planned by UK government in extension to internet surveillance (Computing) Plans for encryption back door keys to be held by telcos and ISPs and real-time web surveillance.
UK govt wants real-time communication surveillance powers, courtesy of telcos (Help Net Security) The UK government wants greater communication surveillance powers, and in order to get them, it wants UK telecoms to provide the technical capabilities.
French presidential candidate pushes for stronger intel links with US (Defense News) Emmanuel Macron will launch a strategic review of French defense and security, if the centrist independent candidate wins the presidential election Sunday, his military adviser Jean-Paul Palomeros said May 4.
US, Japan deepen cyber information sharing (TheHill) Japan signs on to join DHS cyber information-sharing program.
Democrats press OPM on cyber hiring (TheHill) Lawmakers say OPM should explore streamlining hiring, offering new training resources to cyber personnel.
New cyber order draft keeps focus on critical grid companies (EnergyWire) A new draft White House executive order on cybersecurity would concentrate federal defenses on a classified list of infrastructure companies that are at greatest risk of a damaging attack.
Implications of IoT Security & Regulation (CyberX) Bruce Schneier's Security and the Internet of things is case for why government needs to regulate IoT security. This article summarizes his points and raises key questions. Read the full post.
Who needs the FCC? Seattle writes its own broadband privacy rule (TechCrunch) Hardly anyone was pleased by the rollback of the broadband privacy rule last month, opening up the possibility of ISPs collecting and selling your browsing..
Litigation, Investigation, and Enforcement
350 returning jihadists pose terror threat to UK (Times (London)) The security services have identified 350 people who have returned to Britain from Syria and pose a potential terrorist threat, Whitehall sources have told The Times. The disclosure of a precise...
NSA collected records of 151m Americans – but wait, didn’t bulk collection stop three years ago? (Naked Security) How did the NSA end up collecting the records of so many people on 2015 when it was only authorized to go after 42 suspected terrorists?
President Obama's team sought NSA intel on thousands of Americans during the 2016 election (Circa) The Obama administration distributed thousands of intelligence reports with the unredacted names of U.S. residents during the 2016 election.
Lawyers: How can we scrutinize surveillance records that remain sealed? (Ars Technica) Stanford attorneys make unusual request to a federal court itself, DOJ opposes.
FBI, NSA Directors Testify in Closed House Committee Session (US News & World Report) The directors of the FBI and National Security Agency met for more than two hours behind closed doors with members of a House committee investigating Russian meddling in the presidential election.
Intelligence Panel Takes Another Shot at Creating Committee to Counter Russian Influence (Foreign Policy) But President Trump will get to choose its members and agenda.
Can Trump fire FBI Director James Comey? (Newsweek) The president has hinted at the possibility of dismissing the man whose bureau is investigating possible ties between his campaign and the Russian government.
‘Yes, It’s a Crime’: Dem Senator Calls For ‘Special Prosecutor’ to Investigate Huma Abedin (Mediaite) Over the course of hours of testimony, James Comey confirmed yesterday that top Clinton aid Huma Abedin forwarded classified emails to Anthony Weiner, her twice disgraced sexting husband currently under federal investigation.
Charges of espionage against Navy officer dropped, plea deal reached (Navy Times) Military spying charges against Lt. Cmdr. Edward Lin have been dropped as part of a plea bargain with government.
With a plea deal in hand, disgraced Navy flight officer Edward Lin expresses remorse in court (Navy Times) "I was arrogant," Lin said.
U.S. Department of Justice is reportedly investigating Uber’s controversial ‘Greyball’ program (TechCrunch) It looks like there's more trouble round the corner for Uber. Reuters is reporting that the U.S. Department of Justice has opened a criminal investigation..
Report: Uber faces federal criminal probe over regulator-evading software (Ars Technica) Uber refuses comment but does provide recent letters sent to Portland officials.
Hundreds of suspected paedophiles held after dark net forum hacked (Times (London)) More than 280 suspected British paedophiles have been arrested as part of a huge global operation against child abuse on the dark net.
Cop fakes body cam footage, prosecutors drop drug charges (Ars Technica) Officer said he searched car, then turned on body cam to recreate it for "the courts."
Manchester Police in the Dock After Losing Interview Footage (Infosecurity Magazine) Manchester Police in the Dock After Losing Interview Footage. ICO fines GMP £150,000 after unencrypted DVDs got lost in the post
Europe Pumps Out 50% More Cybercrime Attacks Than US (Dark Reading) Cyberattacks originating from Europe were substantially higher than nefarious activity launched from the US during the first quarter.
The Changing Face of Criminal Behavior (CJOnline) The Internet enables criminals to operate in anonymity and access vast amounts of personal information...
Industry Events
newly Noted Events
ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital world. The cybersecurity community will come together at ETSI to network and exchange on the state of standardization for cybersecurity.
Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes distinguished speakers from all corners of the world, representing a rich consortium of thought leaders who are advancing cybersecurity in various sectors. Learn first-hand from top government officials, industry leaders, and researchers during the Main Plenary at Cyber Week with access to the most recent updates and predictions.
upcoming Events
Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)
OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.
Law Enforcement and Public Safety Technology Forum (Washington, DC, USA, May 9 - 10, 2017) For the ninth year, AFCEA Bethesda is gathering the law enforcement and public safety IT community. The Law Enforcement and Public Safety Technology Forum will bring together more than 300 executives, IT professionals and operators from across federal, state and local law enforcement, homeland security and public safety agencies to have a critical conversation on Strengthening Operational Impact.
SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.
OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.
EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.
K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.
Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.
Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.
PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.
2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.
SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.
Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.
2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.
Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.
AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.
AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.
SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.
Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.
SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.
Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.
Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.