We're pleased to announce that it's now possible to become a CyberWire Patron. Your support will help us continue to provide our free cyber security news service, the briefings and podcasts so many have come to use and enjoy. Thanks for your consideration, and as always, thanks for reading and listening. Become a patron today.
More Signal. Less Noise.
DDoS hits French media outlets. Skids engage in bot-enabled telephonic harassment. XavirAd described. Recent use of now-patched Microsoft zero-days in the wild. NSA isn't where it would like to be in info ops.
Announcements
Now Patrons are invited to become part of the CyberWire story
Summary
Cedexis, a Paris-based provider of cloud and network services that operates internationally, was taken offline by a large distributed denial-of-service (DDoS) attack yesterday. Many media companies are Cedexis customers; the hardest hit in the incident were French media outlets, including Le Monde and Figaro. Services have been restored. Investigation is proceeding, but the source of the attack is presently unknown.
Flashpoint describes an irritating and motiveless (except insofar as attention-seeking lulz count as motivation) telephone harassment campaign. The skids use "Phonecord," a telephonic bot service. Among the recipients of the prank calls are police organizations (including Britain's NCA, the US FBI, pizza chains, hotels, and ordinary people whose personally identifiable information has been exposed in earlier breaches. Phonecord has been used for both DDoS and swatting.
Sophos describes Android XavirAd, an adware library recently found infesting Google's PlayStore. The adware strain is particularly objectionable in that it improperly collects personal information after users have specifically declined to provide their data to the ads XavirAd serves up.
ESET and FireEye report on the use in the wild of three zero-days Microsoft patched this Tuesday. They say CVE-2017-0261, CVE-2017-0262, and CVE-2017-0263 were all exploited by the Russian cyber espionage group Turla (a.k.a. KRYPTON, Waterbug, or Venomous Bear), and also by some "financially motivated" gangs.
NSA Director Rogers's testimony to Congress this week included downbeat remarks on information operations. While Rogers acknowledges their importance and says the agency has engaged in some counter-messaging, NSA isn't where it'd like to be in information ops
Notes.
Today's issue includes events affecting Canada, France, India, Iraq, Russia, Syria, Thailand, United Kingdom, United States
On the Podcast
In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin takes a look at the first months of the Trump Administration from a cyber perspective. We also speak with our guest, Ken Spinner, VP of Field Engineering at Varonis Systems, who talks through the risks associated with stale data and excessive employee permissions.
Sponsored Events
Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June.
Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Cyber attack pushes French news sites offline (Reuters) Several French news companies, including Le Monde and Le Figaro, said their websites went temporarily offline on Wednesday because a company that helps speed delivery of their content was hit by a cyber attack.
French Websites Knocked Offline in Cyber-Attack on Cedexis (Bloomberg.com) The websites of several major French media outlets were knocked offline Wednesday during a cyber-attack against Cedexis, a Paris-based provider of network and cloud technology to corporate customers.
Threat Actors Leverage "Phonecord" Bot to Harass Victims (Flashpoint) Flashpoint Analysts recently observed a series of attacks that subject victims to an age-old form of abuse: telephone harassment.
The Google Play apps that say they don’t collect your data – and then do (Naked Security) Our researchers have found more than 50 apps in Google Play that contain XavirAd, which says it doesn’t collect your personal information and then promptly sucks it up...
3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies (BleepingComputer) Microsoft's May 2017 Patch Tuesday, released yesterday, included fixes for three zero-days, which according to ESET and FireEye, were used by cyber-espionage groups operating out of Russia.
Thai Companies Hit by Ransomware Attack (HackRead) We are quite used to seeing hackers using ransomware apps to trick unsuspecting users into paying ransoms. But, in Thailand instead of targeting ordinary
Seamless Campaign Using Rig Exploit Kit to send Ramnit Trojan (SANS Internet Storm Center) On Wednesday 2017-05-10, @thlnk3r tweeted about Rig exploit kit (EK) activity. @DynamicAnalysis has already posted an analysis of this traffic on malwarebreakdown.com (always a good read), but I've also looked into it. Today's diary documents my investigation.
40 Asus RT routers open to attack through web interface vulnerabilities (Help Net Security) If you own an Asus RT wireless router, and you haven't updated its firmware for a while, now is the time to do it. Asus RT router security.
Hacker Steals Millions of User Account Details from Education Platform Edmodo (Motherboard) The data includes usernames, email addresses, and hashed passwords.
The Tanium Affair Reminds Us That Cybersecurity Risks Are Everywhere (JD Supra) The Wall Street Journal recently reported that well-known cybersecurity startup Tanium, Inc. had been inadvertently exposing one of its clients’...
How to hack a Jeep Cherokee – but don’t try this at home, kids (Naked Security) Carmakers are going to have to get much better at securing their vehicles now that the researchers who demonstrated how to hack a Cherokee Jeep added their notes to the tools already online
UK Water Supplier Loses £500,000 in Sophisticated Scam (BleepingComputer) An unnamed UK-based regional water supply company lost over £500,000 ($645,000) in a sophisticated scam that involved social engineering, an inside man, and international bank transfers.
Security Patches, Mitigations, and Software Updates
Microsoft finally bans SHA-1 certificates in Internet Explorer and Edge (CSO Online) The Tuesday updates for Internet Explorer and Microsoft Edge forces those browsers to flag SSL/TLS certificates signed with the ageing SHA-1 hashing function as insecure.
Microsoft’s recent success in blocking zero-day attacks is eerily good (Ars Technica UK) Microsoft neutralises a series of attacks that took control of targeted computers.
Paranoid Android: Antivirus app-makers resolve MitM vulnerability (Register) Attack loophole in Panda app sealed
Android flaw used in 74 percent of ransomware to be fixed in August (TheHill) A feature in Android used in 74 percent of ransomware will be fixed for the next version of the Android operating system.
Google's plan to foil screen-hijacking malware in Android O (Help Net Security) 74% of ransomware, 57% of adware, and 14% of banker malware abuse a specific app permission to target nearly 40 percent of all Android users.
Ad network takes steps to reduce fraud (CSO Online) Online advertisers are losing billions to fraud, but one advertising network has successfully taken steps to clean up its platform. U.S. advertisers spent more $25 billion on programmatic online ads last year, meaning that about $8 billion is lost to fraud.
Cyber Trends
Richard Clarke on Who Was Behind the Stuxnet Attack (Smithsonian) America's longtime counterterrorism czar warns that the cyberwars have already begun—and that we might be losing
The Technology That Can Destroy a Presidency (The Atlantic) From Xerox copiers to secret tapes to missing emails, machines are still at the center of modern political scandals.
Data security disruptions can have cascading negative impacts (Help Net Security) Nine in 10 global cybersecurity and risk experts believe that cyber risk is systemic and that simultaneous attacks on multiple companies are likely in 2017.
Most companies falsely believe their Active Directory is secure (Help Net Security) Active Directory insecurity is reality, despite what most companies believe. AD security is underperforming, leaving organizations open to attack.
Cybersecurity analytics and operations: Need for automation and orchestration (Help Net Security) When it comes to the evolution of cybersecurity analytics and operations, 71% of organizations find it more difficult today than it was two years ago.
Cyber crime is biggest threat, says Deloitte expert (TravelMole) Cyber crime is the number one risk for the travel industry, according to an expert from Deloitte.
iovation Survey Finds Digital Nomads and False Declines Don't Mix (Payment Week) iovation, the leading provider of device-based consumer authentication and fraud prevention solutions, recently released some interesting findings regarding its newest consumer preference report.
Security Is Holding DevOps Back – But Why? (TechSpective) Ash Wilson, Strategic Engineering Specialist for CloudPassage, shares his thoughts on the intersection of DevOps and security.
Marketplace
Symantec CEO Sees A Blue Coat Boost And Forecasts Bright Days Ahead With Increased Financial Guidance (CRN) The leading security vendor sees market momentum in its favor, helped by last year's acquisition of Blue Coat Systems.
Symantec Falls 7%: CEO Clark Clarifies Cloud Impact on Revenue Forecast (Barron's) Symantec stock fell 7% in late trading as the security vendor offered a disappointing forecast for this quarter. But CEO Greg Clark says it's not a bad thing: the company sold more software for cloud computing, which has the effect of depressing revenue in the near term but leading to a big pile of deferred revenue that pays off down the road.
Cisco acquires conversational AI startup MindMeld for $125 million (TechCrunch) This morning Cisco announced that it is buying MindMeld for $125 million. Founded in 2011, MindMeld helps businesses to build conversational interfaces with..
Cisco Systems Maintains Its Leadership in the Security Appliance Space (Market Realist) Cisco Systems leads the security appliance market
Better Buy: Cisco Systems, Inc. vs. Oracle Corporation (Madison) Cisco (NASDAQ: CSCO) and Oracle (NYSE: ORCL) are both mature tech stocks that are usually owned for income instead of growth. I compared these two stocks last October, and concluded
F-Secure Acquires Consultancy Digital Assurance (Infosecurity Magazine) F-Secure has announced the acquisition of Digital Assurance to add security consultancy services to its portfolio
Xped shares rise on artificial intelligence company acquisition (Proactiveinvestors UK) Xped (ASX:XPE) - The acquisition is expected to enhance Xped’s Internet of Things platform.
This Herndon cyber company has bought another startup (Washington Business Journal) Herndon-based cybersecurity startup Opaq Networks has bought New York-based Drawbridge Networks — its second acquisition since launching in January.
OPAQ Networks gains John Terrill as CISO after acquisition (CSO Online) Drawbridge Networks CEO Terrill stays on with OPAQ as its chief information security officer after it acquired his company.
What FireEye’s Billings Growth Says about Its Future (Market Realist) Previously in this series, we discussed FireEye’s (FEYE) better-than-expected 1Q17 results due to improvements in the company’s Subscription and Services offerings. Despite cybersecurity expecting to rule the technology space in 2017, FireEye wasn’t able to benefit from this growth, as shown by its 1Q17 earnings results.
How Helix Could Position FireEye in the Security Space (Market Realist) Helix is FireEye’s latest offering in the security space
How FireEye’s Valuation Stacks Up against Its Peers (Market Realist) Cloud security spending to drive M&A spree
McAfee extends partnership with Samsung (Telecompaper) McAfee expanded its collaboration with Samsung to provide pre-installed security software protection on Samsung Smart TVs, Samsung PCs, and the Samsung Galaxy S8 smartphone line worldwide.
SonicWall talks rebuilding partner program post-Dell (Channelnomics) Vendor tells Channelnomics that more than 10,000 have signed up for the vendor's SecureFirst program.
Army IT contract will support critical C4 needs (C4ISRNET) CACI was awarded a $48 million contract for IT services.
BAE Systems to Help U.S. Treasury Investigate, Track Cash Flow of Organizations to Protect National Security (Sys-Con Media) The U.S. Department of Treasury has selected BAE Systems to support the agency’s Office of Terrorism and Financial Intelligence (TFI) in safeguarding the country’s financial system against threats posed by rogue nations, terrorist facilitators, drug cartels, and other national security threats.
BT to axe 4,000 staff after profits slump - but will reconsider fibre-to-the-premises (Computing) BT will explore potential of laying fibre into homes and premises after years of claiming there was no demand for it.
Keys to attracting and retaining cybersecurity talent (Help Net Security) Federal agencies need to invest strategically and heavily in their benefits strategy if they're going to successfully compete for cybersecurity talent.
Recorded Future Launches Threat Research Arm to Enhance Threat Intelligence Offering (PRNewswire) Recorded Future, the threat intelligence company, announced the launch of Insikt...
Ret. U.S. Army General Dennis Via Joins Booz Allen Hamilton (BusinessWire) Ret. U.S. Army General Dennis Via joins Booz Allen as Senior Executive Advisor and Fellow for Defense Futures, bringing more than 36 years’ expe
Security On-Demand Taps Steven Bay as Director of Threat Reconnaissance & Intelligence (PRNewswire) Security On-Demand Inc., (SOD) the leading provider of advanced managed...
ZixCorp (ZIXI) Names Nigel Johnson as CTO (Street Insider) Zix Corporation (Nasdaq: ZIXI), has appointed Bhavin Merchant as Vice President of Corporate Development and expanded Nigel Johnson’s role with the company to become Chief Technology Officer (CTO).
Ex-Intel Security exec moves to Digital Guardian to spearhead EMEA expansion (Channelnomics) EMEA boss of data protection vendor eyes German and French distribution deals.
Ex-Intel Security exec moves to Digital Guardian to spearhead EMEA expansion (Channelnoomics) EMEA boss of data protection vendor eyes German and French distribution deals.
Ex-Intel Security exec moves to Digital Guardian to spearhead EMEA expansion (Channelnomics) EMEA boss of data protection vendor eyes German and French distribution deals.
Ex-Intel Security exec moves to Digital Guardian to spearhead EMEA expansion (Channelnoomics) EMEA boss of data protection vendor eyes German and French distribution deals.
Products, Services, and Solutions
Netwrix Introduces Free Add-on to Strengthen the Security of Cisco Network Infrastructures (Netwrix) Add-on for Cisco network devices further extends the visibility provided by Netwrix Auditor and enables customers to identify and block threats to their network infrastructures
Waterfall Security Delivers its Unidirectional Security Gateway DIN Rail Product to Market (PRNewswire) Waterfall Security Solutions, a global leader in cybersecurity...
Randstad Group Selects Trend Micro to Protect its Public Cloud Infrastructure (BusinessWire) Trend Micro today announced that the Randstad Group, a human resources and flexible work services industry leader, has selected Trend Micro to ensure
Sopra Banking Software, Axway join forces for PSD2 compliance (IBS Intelligence) Sopra Banking Software and Axway have teamed up to create a new digital platform for PSD2 compliance.
Versa Networks Goes Beyond SD-WAN to Software-Define the Branch (SD-Branch) (Marketwired) Versa Adds New Security Functions, Local Branch Networking and Third-Party VNF Hosting to its Cloud IP Platform
Forcepoint Selects Lastline to Power Its Comprehensive Advanced Malware Detection Solution (BusinessWire) Lastline Inc., the leader in advanced threat protection, today announced a partnership with Forcepoint, a leading cybersecurity technology provider.
Virtustream Announces HIPAA Compliant Healthcare Cloud Service (HITInfrastructure) Virtustream's latest cloud deployment presents a HIPAA compliant healthcare cloud for organizations to securely and effectively manage apps and workflows.
Black & Veatch Publishes Field Study of Radiflow's iSID (PRNewswire) Radiflow's Intrusion Detection System receives positive reviews for NERC-CIP v6 compliance for Low Impact substations in Oklahoma coop pilot deployment
General Dynamics stages successful test of military 4G network (UPI) General Dynamics Mission Systems has successfully streamed video over 62 miles between tactical antennas as part of a U.S. Marine Corps-backed effort.
Technologies, Techniques, and Standards
BSI Upgrades Data Protection Standard (Infosecurity Magazine) BSI Upgrades Data Protection Standard. New requirements put it in line with GDPR
How to counteract another ‘Dyn-like’ attack (CSO Online) Jim Hurley, a Distinguished Analyst at technology research and advisory firm ISG, shares his insights on what enterprises using cloud-based as-a-services can do to work with their providers and reduce risks to their business from similar attacks.
MS Amlin CISO Ali Zeb: split your security teams into 'strategic security' and 'technical security' (Computing) Finance industry security pro Ali Zeb explains how he approaches the basics for tackling corporate security.
How to Investigate, Contain, Recover From Breaches (Baseline) The Verizon Data Breach Digest identifies common scenarios and provides an analysis of how each attack occurred, tactics used and recommended countermeasures.
Securing DNS Against the Threat of Things (Infosecurity Magazine) While likely to revolutionize how we live, work, and play, the IoT also presents a security challenge to the networks that support it.
9 best practices to improve security in industrial IoT (TechRepublic) Dell EMC's senior product manager for IoT security, Rohan Kotian, hosted a presentation at Dell EMC World explaining how industrial enterprises can protect their IoT deployments.
ICS Security: Is your Industrial Control System Prepared for Malware Attacks? (Above Security) How to Secure Your Industrial Control System Against Cyber Attacks
User Security is a Responsibility, Not an Excuse (Security Week) Ask an IT person what the weakest link in their organization’s security is, and you’ll invariably get a witty take on the same derisive answer: “Meatware.” “Our walking, talking vulnerabilities.” “PEBKAC” (problem exists between keyboard and chair).
What are the best practices Indians online must follow to safeguard themselves? Symantec’s Tarun Kaura explains (The Financial Express) Cyber attackers revealed new levels of ambition globally in 2016—a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks powered by a botnet of IoT devices.
Design and Innovation
Google-funded ‘super sensor’ project brings IoT powers to dumb appliances (TechCrunch) Researchers at CMU's Future Interfaces Group reckon they've come up with a quicker, less expensive and less cumbersome way to create a smart home. And one..
Trusona develops passwordless access for Salesforce (TechCrunch) Last week, to commemorate World Password Day -- yes, there really is such a thing -- we ran my 2015 article called Kill the password, my treatise on the..
6 AI startups win $1.5 million in prizes at Nvidia Inception event (VentureBeat) Nvidia's GPU Technology Conference is all about highlighting companies using graphics processing units (GPUs) to accelerate artificial intelligence. To juice the ecosystem, Nvidia and its partners tonight gave away $1.5 million in prizes to the winner of the Nvidia Inception Awards for best AI startups.
Australian Computer Scientist Who Claimed to Be Bitcoin Founder Elaborates on Actions, Beliefs (Crypto Insider - Bitcoin and Blockchain News) Australian computer scientist Craig Wright, who claimed to have created Bitcoin, entered a Bitcoin chat room and opined about the digital currency he claims to have created. The chat logs, leaked to social media forums like Reddit, have been the topic of much discussion.
Research and Development
Endpoint cybersecurity technology deployed through AF agreement (U.S. Air Force) The Air Force Life Cycle Management Center electronic systems development division here and Carbon Black, a locally-based security company, signed a cooperative research and development agreement to
Academia
Cardiff University opens cyber security centre of excellence (Gradplus) The first European centre of its kind to tackle cyber attacks on critical infrastructure will open at Cardiff University’s School of Computer Science and Informatics.
Legislation, Policy and Regulation
US military cyber operation to attack ISIS last year sparked heated debate over alerting allies (Stars and Stripes) A secret global operation by the Pentagon late last year to sabotage the Islamic State's online videos and propaganda sparked fierce debate inside the government over whether it was necessary to notify countries that are home to computer hosting services used by the extremist group, including U.S. allies in Europe.
The Ten Main Defense Challenges Facing Macron’s France (War on the Rocks) Emmanuel Macron will be the next president of France. For the first time in the history of the Fifth Republic (since 1958), both final candidates were outs
Ottawa “behind other governments” in fighting cyber attacks, says FireEye exec (IT World Canada) Canada has had a national strategy to protect critical infrastructure for years and is toughening federal cyber defences, but the president of
Cyber Command head: We are not prepared to counter info operations (Cyberscoop) U.S. Cyber Command is not “optimized” today to combat information operations orchestrated by foreign powers, NSA Director and U.S. Cyber Command head Adm. Michael Rogers said during a Senate Armed Services Committee hearing Tuesday.
Senators press Trump for cyber deterrence, response strategy (TheHill) Senators seek answers on threats to internet-connected devices, critical infrastructure.
CYBERCOM Chief Defends Delay in Trump's Cyber Strategy (Defense One) Trump missed a deadline to deliver the strategy within 90 days of taking office.
CIA establishes mission center focused on North Korea (TheHill) The CIA has opened a mission center focused on curbing North Korea's advancing weapons program, the agency announced on Wednesday.
Comey farewell: ‘A president can fire an FBI director for any reason’ (TheHill) "It is done, and I will be fine," he wrote.
Byron York: To fire Comey, Trump team waited for Rosenstein (Washington Examiner) When Trump fired Comey Tuesday afternoon, the Justice Department chain of command had been in place for all of 14 days.
SECURITY: Comey firing risks compounding cyber 'disarray' (EnergyWIre) The firing of FBI Director James Comey, along with its unfolding political fallout, also leaves another hole in the Trump administration's policymaking team on cybersecurity until his replacement is confirmed.
Justice interviewing candidates for acting FBI director post (Federal Times) The position is currently held by Andrew McCabe, top deputy to ex-FBI Director James Comey, who President Donald Trump fired on Tuesday evening.
Bootstrapping the way out of the legacy IT systems crisis (FederalNewsRadio.com) Chris Cairns and Robert L. Read make the case for agencies to once again try to use share-in-savings contracts to modernize technology systems.
4 takeaways from acting Federal CIO’s IT modernization plans (Federal Times) Margie Graves knows that modernizing the government’s IT systems will not be done with a single plan, but a slate of initiatives.
Why going small is not always the best cyber strategy [Commentary] (Fifth Domain | Cyber) There are many places in government where a small business procurement strategy is efficient and effective, yet cybersecurity is not necessarily one of those areas.
Marine Corps Forces Cyberspace chief talks cyber MOS [Video] (Fifth Domain | Cyber) Maj. Gen. Lori Reynolds, commander of Marine Corps Forces Cyberspace Command sat down to talk about the new cyber MOS and how the service is folding cyber into its force modernization efforts.
Every Marine a rifleman no more? Corps reconsidering ‘lateral entry’ for cyber (Fifth Domain | Cyber) The Corps is more skeptical than the other services about many aspects of Carter's "Force of the Future" reforms. The Marines truly believe their motto of “Every Marine is a rifleman,” and believe that has been the service’s unique strength throughout its storied history.
New York starts accepting applications for autonomous vehicle testing (TechCrunch) Soon enough, self-driving car companies will have the opportunity to see how their cars deal with sitting in the occasionally snowy bumper-to-bumper New York..
Litigation, Investigation, and Enforcement
Republican chairman to highlight threats of ransomware, botnets in cyber hearing (TheHill) Sen. Ron Johnson (R-Wisc.) to seek answers on growing cyber threat landscape.
Sources: Comey sought more Russia resources before firing (Military Times) In the days before his firing by President Trump, FBI Director James Comey told U.S. lawmakers he had asked the Justice Department for more resources to pursue the bureau's investigation into Russia's interference in last year's presidential election, three U.S. officials said Wednesday.
Ex-feds confident Comey’s devices and files are safe, even if FBI won’t confirm (Ars Technica) "E-mail accounts and individual hard drives should be archived."
What James Comey got wrong at the FBI (Washington Examiner) Comey has a long, respected background and should be applauded, but in this instance, he strayed far away from the task of truth gathering.
US Senate committee examines Kaspersky Lab links to Russian government (Solid Tech News) Kaspersky Lab is under investigation by US authorities for possible links to the Russian government, according to a report on ABC News
Kaspersky Denies Report It Might Help Russian Government Spy on US Citizens (BleepingComputer) In an article published yesterday, ABC News cited congressional sources who claimed the Senate Intelligence Committee had started an investigation into Kaspersky Lab's relationship with the Russian government.
Minority Report in Chicago as police aim to stop crime before it happens (Naked Security) As gun crime in Chicago reaches record levels, police claim that it’s having an impact on crime prevention, but civil rights campaigners are less convinced
Nuisance Call Biz Fined £400,000 by ICO (Infosecurity Magazine) Nuisance Call Biz Fined £400,000 by ICO. Privacy watchdog working with liquidator to recoup funds
Military ‘revenge porn’ investigation leads to 21 felony cases (Naked Security) Despite facial recognition and other technology, it’s still a gruelling cat-and-mouse game for investigators
Marines who share nude photos can be separated (Marine Corps Times) Sharing nude photos without consent is now considered sexual harassment.
Intel concerned about name of John McAfee’s privacy phone (CSO Online) Intel has told a court that MGT Capital Investments has gone ahead with the announcement of the “John McAfee Privacy Phone,” even though the company that proposes to change its name to “John McAfee Global Technologies” has previously said that it did not plan to launch products and services under the McAfee mark.
Nova Scotia privacy commissioner investigates after school webcams streamed online (Global News) Privacy watchdogs say the incident highlights broader issues around reasonable video surveillance
Industry Events
newly Noted Events
International Conference for the Criminalization of Cyber-Terrorism (Abu Dhabi, UAE, May 15 - 16, 2017) The International Conference for the Criminalization of Cyber-Terrorism will focus on developing practical approaches to criminalise cyber-terrorism by furthering cooperation between anti-cyber-terrorism organizations and institutions. Best methods to initiate a comprehensive international legal framework that criminalizes cyber-terrorism will feature high on the event's agenda.
CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will convene leaders from industry, academia and government to identify and discuss priorities for a Canadian cybersecurity education and workforce development strategy.
European Smart Homes 2017 (London, England, UK, October 25 - 26, 2017) ACI’s European Smart Homes 2017 will will bring together key industry stakeholders from the energy industry, IT, telecoms operators, retailers, solution distributors utilities, insurance and property management companies, governments, consultants, solution and technology providers. The key discussions will involve monetisation, customer approach, partnership and interoperability.
upcoming Events
OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative sessions, and great social experiences. During the pre-conference (Monday 8th - Wednesday 10th May 2017) there is the opportunity to attend one of the many trainings courses on offer from industry experts, plus project summits and outreach sessions to the future pioneers of the application security industry. The main conference offers four full tracks of talks, for pentesters and ethical hackers, developers and security engineers, DevOps practices and GRC/risk level talks for managers and CISOs.
EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students will receive technical instruction on various topics including threat hunting, network packet analysis, and security assessments. Sessions will also cover operational technology used in the electric sector, and instructional workshops from industry vendors. Students will also participate in facility tours hosted by the Lower Colorado River Authority (LCRA), and evening activities designed to build relationships within industry and strengthen the community of cybersecurity professionals.
K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy and security experts, tech innovators, and senior policy makers the forum to discuss the future of identity. By utilizing the world’s best event technology, K(NO)W connects attendees digitally and physically unlike ever before.
Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.
Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.
PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.
2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.
Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.
SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.
Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.
2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.
Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.
AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.
AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.
SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.
Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.
SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.
Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.
Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.
National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.
Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.
Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.
2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.