Thanks to our fans, sponsors, and supporters like you, we've grown from a small cyber security market intelligence briefing into a news service with readers and listeners in more than 120 countries. We'd like to say "thanks," and to invite you to help us continue to move forward by becoming part of our story as we bring the stories to you. Become a patron today and help us deliver the news you’ve come to rely on every day.
More Signal. Less Noise.
Last-minute email hack and the French election. (UK and Germany brace for similar operations.) Intel authentication bypass vulnerability scheduled to be fixed this week. HandBrake download server compromised.
Announcements
Patrons help the CyberWire deliver the news
Summary
Emmanuel Macron was elected President of France yesterday, despite eleventh-hour leaks of hacked emails. French election law (for the most part followed by the press) prohibits distribution of such material within forty hours of voting. Macron's En Marche movement disclosed that it had been breached shortly before the legally mandated blackout began. A variety of social and alternative media (several based in the US) did push the material (with some magnet linking by WikiLeaks). En Marche says most of the material is genuine, but that it's also been salted with fabricated content aimed at disinformation. The dump is very large and will take time to sort out, but preliminary looks suggest most of the material is anodyne, routine, not particularly scandalous.
French authorities, of course, are investigating, and early speculation about attribution looks toward Russia, since the incident resembles influence operations Russian intelligence services are generally (and officially) regarded as having conducted during the last US campaign cycle. Before the last-minute tranche of leaks, President-elect Macron had called for closer ties between French and US intelligence services.
British and German officials prepare for cyberattacks and influence operations against their own upcoming elections. German officials engage in public musing about hacking back at offending servers. (Predictable "Germany attacks" alarmism ensues.)
In more ordinary security news, the Intel chip authentication bypass flaw set to be fixed later this week seems more dangerous than initially thought. And a mirror download server for video-conversion app HandBrake has been compromised to serve the Proton RAT.
Notes.
Today's issue includes events affecting France, Georgia, Germany, Russia, Slovakia, United Kingdom, United States
On the Podcast
In today's podcast we talk with our partners at Terbium Labs: dark web expert Emily Wilson looks back at the annual Anonymous fizzle that is OpIsrael.
Sponsored Events
Who's in Your Cloud? Gaining Visibility Into Your Network and Critical Assets (Webinar, May 11, 2017) Since cloud services are accessible from anywhere, at any time, getting visibility into your cloud activity is critical. Delta Risk experts examine the increasing importance of cloud monitoring and how it can protect your organization.
Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June.
Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Macron hackers linked to Russian-affiliated group behind US attack (Guardian) Cybersecurity firms think group with ties to Russian intelligence was behind leak of emails and other documents belonging to French election winner’s campaign team
#MacronLeaks : à 24h du vote, des opposants au candidat En Marche jouent leurs dernières cartes (Numerama) Des utilisateurs de 4chan viennent de publier 9 Go de documents et emails qui appartiennent à l'entourage du candidat Macron. 24 heures avant le vote, cette publication semble être une volonté de déstabiliser plus que de révéler.
Analysis | Macron’s emails got hacked. Here’s why French voters won’t hear much about them before Sunday’s election. (Washington Post) A pre-election blackout has kept most French journalists quiet.
VIDEO. Macronleaks : le responsable de la campagne numérique d'En marche ! accuse les "supports" du Front national (Franceinfo) Interrogé par franceinfo, dimanche soir, Mounir Mahjoubi, le responsable de la campagne numérique d'Emmanuel Macron, accuse des "supports" du Front national d'avoir organisé la diffusion de documents piratés issus de la campagne Macron.
Hackers Hit Macron With Huge Email Leak Ahead of French Election (WIRED) The campaign of French presidential candidate Emmanuel Macron confirms it's been the target of a successful hacking operation.
Macron emails leaked online after huge hack (Times (London)) Emmanuel Macron’s campaign team said last night that it had fallen victim to a huge hacking operation designed to influence tomorrow’s French presidential election. The announcement comes after...
French candidate Macron claims massive hack as emails leaked (Reuters) Leading French presidential candidate Emmanuel Macron's campaign said on Friday it had been the target of a "massive" computer hack that dumped its campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival, Marine Le Pen.
Macron Hacking Attack: What We Know and Don’t Know (New York Times) The French presidential candidate Emmanuel Macron was targeted in a large dump of leaked emails and other documents, raising fears of Russian interference.
U.S. far-right activists, WikiLeaks and bots help amplify Macron leaks: researchers (Reuters) U.S. far-right activists helped amplify a leak of hacked emails belonging to leading French presidential candidate Emmanuel Macron's campaign, some researchers said on Saturday, with automated bots and the Twitter account of WikiLeaks also propelling a leak that came two days before France's presidential vote.
French media ordered not to publish Macron's hacked emails (The Independent) France's electoral commission has ordered media not to publish contents of Emmanuel Macron's leaked campaign emails to avoid influencing the election. It warned news outlets in France that journalists could face criminal charges for publishing or republishing the material, under laws that came into effect at midnight forbidding any commentary liable to affect the presidential race.
Media blackout ahead of unpredictable French election with four front-runners (The Sydney Morning Herald) Rules dating back more than half a century impose a 44-hour timeout ahead of the polls' closure on Sunday.
France is nothing like the US: An email hack isn't enough to vote into power a far-right nationalist (The Independent) Despite the silence of the French media’s legally imposed blackout, just days before the country’s 2017 elections, the news has been reverberating clear as a bell.
Emmanuel Macron and how political campaigns will never be the same (TechCrunch) Every major campaign brings its set of changes. Barack Obama used big data and micro-targeting in his 2008 campaign. Then social networks became a great way..
Why Accuracy About WikiLeaks Matters (Empty Wheel) Let me preface this post by saying that I’m perfectly willing to accept that Julian Assange is a narcissist, accused rapist, destructive hypocrite serving as a willful tool of Russia. I’m also happy to concede that his role in publishing the DNC and Podesta emails may have played a significant part in getting Donald Trump elected (though I think it’s down the list behind Comey and Hillary’s own (in)actions). Please loathe Julian Assange–that is your right. But please, also, try to be accurate about him and Wikileaks.
Hacker dumps, magnet links, and you (Errata Security) In an excellent post pointing out Wikileaks deserves none of the credit given them in the #MacronLeaks, the author erroneously stated that ...
Did Macron Outsmart Campaign Hackers? (The Daily Beast) While it's still too early to tell, so far the big document dump by hackers of the Macron campaign has not been damaging.
French officials launch probe into Emmanuel Macron's hacked e-mails (Express) French officials have launched a probe into the hacking of Emmanuel Macron's campaign e-mails just days after the scandal threatened to eclipse the presidential elections.
Putin congratulates Macron, wishing him ‘strong health’ (Financial Times) Russian president Vladimir Putin congratulated Emmanuel Macron on his victory in the French presidential election and wished him “strong health” in his tasks ahead, the Kremlin said Monday morning.
French election: Are Russian hackers to blame for Emmanuel Macron's leaked emails - and could they target UK election? (The Telegraph) The huge trove of hacked emails from Emmanuel Macron's campaign had barely been released online when the spotlight immediately fell on Russia hackers.
Britain, Germany brace for pre-election cyber attacks (The Straits Times) Britain and Germany were already beefing up cyber security ahead of key elections even before the hacking attack on France's Emmanuel Macron, months after Hillary Clinton was caught in the online crosshairs.. Read more at straitstimes.com.
From Russia, with Panic (The Baffler) The more I’ve looked at the hysteria surrounding Russia’s supposed hacking of our elections, the more I’ve come to see it as a case study of the cyber-attribution business.
Cyber-Espionage Malware Is So Advanced It Has Its Own API (BleepingComputer) Russian cyberspies have developed a new breed of backdoor trojan that features several novel techniques, including an API that allows attackers to reverse the C&C communications flow when needed.
New Fatboy Ransomware-as-a-Service Advertised on Russian Hacking Forum (BleepingComputer) A new Ransomware-as-a-Service (RaaS) portal is being advertised on an underground hacking forum, primarily used by Russian-speaking criminals.
'Fatboy' ransomware uses a location-based charging model (BetaNews) A new ransomware-as-a-service product named 'Fatboy' has been advertised on Russian language forums. What makes it different is the way it uses a sliding scale to charge its victims.
FrozrLock Ransomware Advertised on the Dark Web As "Great Security Tool" (BleepingComputer) A new Ransomware-as-a-Service has become available on the Dark Web, named FrozrLock, available for only $220, and advertised under the tagline of "great security tool that encrypts most of your files in several minutes."
If you downloaded HandBrake for Mac, you could be infected with Proton RAT (Help Net Security) A mirror download server of HandBrake has been compromised, and the legitimate app .dmg file switched with a Trojanized version containing the Proton RAT.
Website of HandBrake App Hacked to Spread Proton RAT for Mac Users (BleepingComputer) The website of the HandBrake app has been compromised, and one of its download mirrors modified to host a version of the Proton RAT embedded in the app's Mac client.
Malware warning for Mac users, after HandBrake mirror download server hacked (WeLiveSecurity) A mirror download server for the popular tool HandBrake video file-transcoding app has been compromised by hackers, who replaced its Mac edition with malware.
The hijacking flaw that lurked in Intel chips is worse than anyone thought (Ars Technica) Patch for severe authentication bypass bug won’t be available until next week.
Intel chip vulnerability found to be far worse than thought (SiliconANGLE) Intel chip vulnerability found to be far worse than thought
Vulnerability Spotlight: Power Software PowerISO ISO Code Execution Vulnerabilities (Talos Blog) A blog about the world class Intelligence Group, Talos, Cisco's Intelligence Group
Exploring a P2P Transient Botnet - From Discovery to Enumeration (SANS Internet Storm Center) We recently deployed a high interaction honeypots expecting it to be compromised by a specific malware. But in the first few days, instead of getting infected by the expected malware, it received a variety of attacks ranging from SSH port forwarding to "Viagra and Cialis" SPAM to XORDDoS failed deployment attempts. By the third day, it was insistently hit and compromised by Rakos, a Linux/Trojan.
Anti Public Combo List with Billions of Accounts Leaked (HackRead) There are so many data breaches these days that it's almost impossible to keep a track of them. From billions of Yahoo accounts to millions of LinkedIn and
The Google-phish-that-was-also-a-worm – what happened and what to do (Naked Security) More on that Google-phish-and-worm saga, with some tips on what to do now, and how to avoid this sort of thing in the future.
Bank accounts raided after crooks exploit huge flaw in mobile networks (Naked Security) The SS7 protocol has always been vulnerable – and now the carriers’ complacency has come home to roost
Malware framework using legitimate utilities lobbed at government agencies (Help Net Security) Bitdefender researchers have unearthed the Netrepser malware framework. Unlike those used by most APTs, this framework contains mostly legitimate utilities.
Microsoft's Windows warning: Hackers hijacked software updater with in-memory malware (ZDNet) Advanced attackers are using a blend of in-memory malware, legitimate pen-testing tools and a compromised updater to attack banks and tech firms, warns Microsoft.
SharePoint houses sensitive data, but organizations are not keeping it safe (Help Net Security) SharePoint houses sensitive data, yet 49% had at least one data breach in the SharePoint environment in the past two years.
These are some of the apps for iOS that filter personal data of its users (CydiaPlus) These are some of the apps for iOS that filter personal data of its users
Homeland Security Issues Warning on Cyberattack Campaign (BankInfo Security) The Department of Homeland Security is warning IT service providers, healthcare organizations and three other business sectors about a sophisticated cyberattack
Hackers Find Celebrities’ Weak Links in Their Vendor Chains (New York Times) Big entertainment companies have toughened the security of their computer networks. But often, their suppliers and collaborators are vulnerable.
WWE Divas Charlotte Flair, Victoria Latest Victims of Leaked Photos (HackRead) Earlier this week, private photos and video clip of the famous WWE Divas Lisa Marie Varon known by her WWE name Victoria and Charlotte Flair were leaked on
Cyber attack hits 26,000 Debenhams customers (Sky News) Payment details, names and addresses have been accessed or stolen in the attack on Debenhams Flowers, the retailer has confirmed.
Security Patches, Mitigations, and Software Updates
Patch to fix Intel-based PCs with enterprise bug rolls out next week (CSO Online) Starting next week, PC makers will roll out a patch that fixes a severe vulnerability found in certain Intel-based business systems making them easier to hack.
Google Patches 17 Critical Vulnerabilities in Android May Security Update (eSecurity Planet) Google is out with its fifth patch update of 2017, with mediaserver flaws once again topping the list.
Cyber Trends
Cybersecurity expert Richard Clarke talks about the “sentinel personalities” who will save us all (TechCrunch) Richard Clarke has been watching the world for decades. The cybersecurity czar for the Bush and Clinton administrations, Clarke has been thinking and writing..
Government Joins the Finance Sector at the Top of the Cyber Attack List (BusinessWire) New research: cyber attacks on the government sector doubled from 7% of all attacks in 2015 to 14% in 2016. Attacks on the finance sector also hiked f
Americans Think Russia is More Dangerous Now than During the Cold War (Endgame) In 2012, when then-presidential candidate Mitt Romney suggested that Russia was one of the U.S.’s top geopolitical adversary, most scoffed at the idea, including then-president Barack Obama who noted that the Cold War had been over for more than two decades.
From financial advisers to cybersecurity advocates (Financial Standard) Financial advisers must arm themselves with serious cybersecurity knowhow as more cybercrime networks turn their focus to financial services companies at an alarming rate.
The "Cybersecurity Marketing Scams" worse than Cyber-attacks (PRUrgent) "Self-proclaimed instant 'Cyber Experts' are the new 'Cyber-scammers' Cybersecurity experts warn. Words like "Artificial Intelligence", "Neural Networks", "Cognitive Computing", "Cyber Neurons" are a sign.
Marketplace
Cybersecurity spend to top $101bn by 2020 (Trade Arabia) Global organisations worldwide will spend $101.6 billion annually on cybersecurity software, hardware and services by 2020 compared with spending of $73.7 billion in 2016, according to research from the International Data Corporation (IDC).
Microsoft Invests In Two More Artificial Intelligence Startups (Silicon UK) Microsoft has been bullish on AI lately and that zeal is extending beyond its own product portfolio and into its investment strategy
Watson won ‘Jeopardy,’ but IBM is not winning with artificial intelligence (MarketWatch) With IBM sales at a 15-year low, the company’s sluggish turnaround is haunting the company.
Visibility With A Human Touch: Splunk's Take On Balancing Your Cybersecurity Portfolio (Forbes) Wherever machine data appears that has high value signal, you can be sure that Splunk will show up, understand the use case, and create products.
Confide CEO Jon Brod on the White House, bad press, and what’s next for his secure messaging app (TechCrunch) Thursday night, at a StrictlyVC event in San Francisco, I sat down with Confide cofounder and president Jon Brod to talk with him about his decidedly topsy..
LookingGlass seeks greenfield growth in threat intelligence via partner program (LookingGlass Cyber Solutions Inc.) There are an excessive number of security tools and services on the market today, but threat intelligence services are arguably one of the top tools that enterprises of all sizes can leverage to stay one step ahead of cybercrime, prevent data loss, and reduce their overall security risk. Beyond the traditional security tools, an outside-in threat intelligence approach to cybersecurity efforts is increasingly being looked at by enterprises, in order to proactively track enemies and attackers, hunt threats, and address impending business risk.
Forcepoint expects revenue share from govt biz to rise by 10% (Business Standard) Cyber security firm Forcepoint expects its revenue from government business to go up by 10 per cent in the next 1-2 years.
How Will 'New Collar' Skills Impact the Cybersecurity Skills Gap? (Security Intelligence) One way to close the skills gap is to recruit new collar professionals who possess the requisite skills, if not the degrees, to work in cybersecurity.
Former RSA executive chairman and CEO Art Coviello joins Gigamon board of directors (CSO Online) Coviello is expected to help guide the company's security strategy and growth.
Products, Services, and Solutions
With Krypt.co, Not Even Superman Could Steal Your Password (BostInno) The fact that Krypt.co is somehow the buzz of the tech scene in Boston is ironic since this company's name sounds almost like the ancient Greek prefix for "hidden" or "secret." In reality, the...
Practical Threat Intelligence (Peta.ai) Peta Ai is a research & reconnaissance project designed to showcase how different organizations in terms of cyber security may appear to an external attacker.
Verizon Hides User Apps With New SDP Service (Light Reading) Verizon offers a new SDP service to enhance customer application security.
SailPoint Launches “The Identity University” to Fuel Customer Success (BusinessWire) SailPoint, the leader in enterprise identity management, has launched The Identity University™, a comprehensive online curriculum for identity m
Technologies, Techniques, and Standards
Beyond Plan B: Army Embraces Broad Cyber Program (SIGNAL Magazine) The U.S. Defense Department's research arm skipped from Plan B for cyber defense solutions to Plan X, advancing platforms to conduct cyber warfare like kinetic warfare.
The Probability of Loss: How Threat Intelligence Quantifies Risk for the Business (Recorded Future) It can be argued that cyber threat intelligence (CTI) is most valuable to a business when it continuously informs a quantitative risk assessment model that contains specific probabilities for loss from a specific threat type.
Where to start with threat intelligence sharing (C-Suite) Threat intelligence is becoming a more ubiquitous feature in information security programs.
Building a Holistic Cyberhealth Immune System (Security Intelligence) The health care security immune system maps to integrated services and products, addressing specific health care concerns and preventing cyberattacks.
How to Build a Secure Wordpress Environment (The State of Security) In this blog post, I will share with you what to look for in a Webhost provider, how to secure and harden your WordPress environment
Securing Devices Without Invading Privacy (Infosecurity Magazine) Some mobile security policies are at odds with the culture of productivity, freedom, and flexibility that organizations work to enable.
Design and Innovation
Listen up: is this really who you think it is talking? (Naked Security) Lyrebird, an AI startup, can produce uncannily good versions of real people’s voices. What does it mean for identity fraud?
What is a Hashed Timelock Contract? (The Merkle) There are a lot of aspects about cryptocurrency most people have never heard of. One of these technological features goes by the name of Hashed Timelock Contracts. This feature can prove to be quite p
Research and Development
Teaching Machines to Detect Fake News Is Really Hard (Motherboard) Researchers combined meta-data with over 10,000 examples of IRL fake news in a dataset to train machine learning algorithms how to automatically detect fake news.
In Op-Ed, Eric Schmidt Argues for Government Role in Basic Research (Motherboard) "While investing in basic research typically doesn’t make sense for a business, it has been a winning strategy for our nation."
Legislation, Policy and Regulation
German intel chief looks to 'wipe out' Russian servers used in cyber attacks (Mashable) The government is looking into reworking laws to allow German cyber squads to find and eradicate stolen information.
Sweeping surveillance powers will ban complete encryption (Times (London)) The government has secretly drawn up detailed plans for increased surveillance powers, including the authority to monitor anyone in real time and a ban on unbreakable encryption. The draft...
Winning the Cyberwar Against ISIS (Foreign Affairs) To defeat ISIS in cyberspace, an entirely new strategic approach is needed: one that emphasizes close coordination, flexibility, and adaptability.
Extreme hoarders: Zero-day edition (SC Magazine US) Nation-states are stockpiling software exploits to compromise and spy on their rivals. But do their gains represent a loss for manufacturers, developers and the public? Bradley Barth reports.
Intel act highlights cyber, STEM and Russia (FCW) Prioritizing STEM education, improving cybersecurity, reviewing the ODNI and countering Russian influence are among the priorities Congress has spelled out in the 2017 Intelligence Authorization Act.
Five key players for Trump on cybersecurity (TheHill) President Trump’s cyber agenda is largely up in the air, with a hotly anticipated cybersecurity executive order yet to emerge from the White House.
Efficiency and effectiveness, being risk aware part of DoD acting CIO's cyber priorities (FederalNewsRadio.com) Acting Defense Department CIO John Zangardi said he's taking a "risk aware" approach when it comes to meeting his cyber and IT priorities.
NSA stops one abuse, but many remain (Pasadena Star News) The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.The NSA said last week that it will no longer engage in warrantless...
Column: Fighting cybercrime creates a dilemma in America (Fredericksburg.com) Americans want their cyber data to be safe from prying eyes. They also want the government to be able to catch criminals. Can they have both?
Litigation, Investigation, and Enforcement
Boko Haram plan to kidnap foreigners in Nigeria: US, UK (AFP via Terrorism Watch) Britain and the United States on Friday said Boko Haram was preparing to kidnap foreigners in remote northeast Nigeria, which...
Rand Paul requests info on whether Obama surveilled him (TheHill) Sen. Rand Paul (R-Ky.) says he has asked the intelligence community and White House for any evidence that he was surveilled by former President Barack Obama.
Flynn was warned by Trump transition officials about contacts with Russian ambassador (Washington Post) The former national security adviser was told weeks before a phone call that led to his resignation that the Russian’s communications were sure to be monitored.
Dark Web Marketplace Shut Down in Slovakia (BleepingComputer) Law enforcement in Slovakia has arrested two individuals for their involvement in drugs and weapons trafficking, among which, one is suspected of operating the Dark Web marketplace known as Bloomsfield.
Oxygen Forensic Detective Helps Prove Guilt in Underage Sex Civil Case (PRNewswire) Oxygen Forensics, a worldwide developer and provider of advanced...
Computer forensics follows the bread crumbs left by perpetrators (CSO Online) As investigators, these security pros let the clues lead them. See in a few examples how commercial software helps these techies solve the crime.
Florida Man May Serve 1,140 Years in Prison Over Child-porn Content (HackRead) Just yesterday it was reported that Steven W. Chase, a 58-year-old man from Naples, Florida and the owner of PlayPen, a Dark Web website hosting child porn
Man Who Ran Dark Web Child Porn Site Sent to 30 Years in Prison (HackRead) Playpen, an illegally operated website that distributed child pornography in different parts of the world, had its founder sentenced to 30 years of impriso
Parents lose custody of kids after YouTube pranks (HackRead) “DaddyOFive,” is a verified YouTube channel with 763,595 subscribers who apparently have been using their kids to make online prank videos. In one of the v
Man: border agents threatened to “be dicks,” take my phone if I didn’t unlock it (Ars Technica) “I believe strongly in the Constitution and in my right to privacy.”
Lawyer: Cops “deliberately misled” judge who seemingly signed off on stingray (Ars Technica) “Any system that is not transparent is inherently corrupt.”
Industry Events
newly Noted Events
EDGE2017 Security Conference (Knoxville, Tennessee, USA, October 17 - 18, 2017) The EDGE2017 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2017 is where complex business security problems meet real-world solutions.
upcoming Events
OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference (Thursday 11th & Friday 12th May) offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.
Law Enforcement and Public Safety Technology Forum (Washington, DC, USA, May 9 - 10, 2017) For the ninth year, AFCEA Bethesda is gathering the law enforcement and public safety IT community. The Law Enforcement and Public Safety Technology Forum will bring together more than 300 executives, IT professionals and operators from across federal, state and local law enforcement, homeland security and public safety agencies to have a critical conversation on Strengthening Operational Impact.
SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result, cybersecurity is more vital to the growth of your organization than ever before. Now is the perfect time to take the next step to protect your organization and advance your career. Join us at SANS Security West 2017 (May 9-18) to gain the skills and knowledge needed to help your organization succeed. Choose from over 30 information security courses taught by SANS’ world-class instructors. At SANS Security West 2017, you will get the best hands-on, immersion training and learn what it takes to stop cyber threats.
OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.
EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.
K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.
Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.
Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.
PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.
2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.
SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.
Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.
2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.
Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.
AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.
AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.
SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.
Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.
SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.
Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.
Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.
Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.