The CyberWire Daily Briefing 2.1.18

Summary

By The CyberWire Staff

Malware exploiting Spectre and Meltdown CPU vulnerabilities is expected to break into the wild in the near future. Researchers in a number of security firms have observed more than one-hundred-thirty distinct samples of malicious code designed to attack these flaws. The exploits aren't proofs-of-concept, at least not for the most part. Instead, researchers believe they're observing criminal experimentation with new attack tools.

AMD has, like Intel, announced that its next generation of chips will not be burdened with either Meltdown or Spectre.

Barracuda warns that it's found criminals impersonating Google Docs, Outlook, and DocuSign. They send emails that purport to be from these trusted services, and that claim to remind you that you have unread messages. The links in these phishing emails are of course malicious.

A very large cryptomining botnet, called "Smominru," has been in circulation since last May. It's believed to have infected more than half-a-million Windows machines and earned its criminal masters millions. The botnet's current daily take is estimated at $8500.

The WannaMine cryptominer continues to circulate. Hackers are also working on other malware to hit those who haven't yet patched EternalBlue and other alleged Equation Group exploits released by the Shadow Brokers last year.

Its Caliphate may have been extirpated from the territory it once held, but ISIS continues to recruit and inspire in its online diaspora. They concentrate on the young, mostly teen and tween boys, feeding them music, slogans, and, alas, beheading videos. Foreign Policy magazine calls it a continuing "war on families."

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Brunei, Cambodia, China, Germany, India, Indonesia, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Laos, Lebanon, Malaysia, Myanmar, Philippines, Russia, Singapore, Slovakia, Syria, United States

Implement these seven cybersecurity best practices for 2018.

Is your organization prepared for the threat landscape of 2018? In this article, ObserveIT takes a look at seven cybersecurity best practices—ranging from preparing for GDPR to testing backup systems to leveling up user training—that will better prepare you for everything from spearphishing to insider threats. Rather than dwell on the past, take stock of where your organization stands today and put these best practices in place, and you’ll be well-prepared for the coming year.

On the Podcast

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses the model data cybersecurity law proposed by the National Association of Insurance Commissioners. Our guest is Shashi Kiran from Quali, who talks to us about cyber ranges and cloud sandboxes.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Hezbollah Goes on the Cyber Offensive with Iran’s Help (The Cipher Brief) Maturing under Tehran’s tutelage, Hezbollah’s hackers are quickly learning the art of cyber warfare.

Malware Exploiting Spectre, Meltdown Flaws Emerges (SecurityWeek) Researchers find more than 130 malware samples exploiting the Meltdown and Spectre vulnerabilities, including malware for Windows, Linux, macOS and browsers

Meltdown and Spectre malware being picked-up by anti-virus software firms (Computing) Cyber crooks have started experimenting with Meltdown and Spectre malware

We May Soon See Malware Leveraging the Meltdown and Spectre Vulnerabilities (BleepingComputer) Security researchers are seeing an ever-increasing number of malware samples that are experimenting with the Meltdown and Spectre vulnerabilities.

Cybercriminals Impersonating Google Docs, Outlook, DocuSign (Barracuda) When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages.

Man-in-the-Middle Attack Now Hitting Hackers (SecureWorld) Hackers waiting on a ransom to be paid are getting hit with a man-in-the-middle attack. The attack also hurts victims who need their files back.

Activity Trackers Releasing 'Too Much Information,' DOD Warns (SIGNAL) The U.S. military will study the related implications of wearable exercise devices.

Fitness apps aren’t just spying on the military (New York Post) Soldiers using fitness-tracking devices inadvertently revealed the locations of US military bases — including classified ones — and the incident has lessons for anyone with a smartphone. The locati…

CLC Report: U.S. Elections Remain Vulnerable to Foreign Influence (Campaign Legal Center) Today, Campaign Legal Center (CLC) released a report detailing the vulnerabilities of American elections to foreign interference that were exposed in the 2016 presidential election. The report outlines solutions for addressing this most urgent issue, which would protect the integrity of our democracy for the upcoming 2018 elections and beyond.

If you're on an Android device, be careful about looking at porn (CNET) Google's mobile operating system is riddled with malware using NSFW content as bait, according to Kaspersky Lab.

Security Bug Affects Over 300,000 Oracle POS Systems (BleepingComputer) Hackers have a new security flaw in their arsenal they can exploit to install POS malware on Oracle Micros point-of-sale systems.

DDoS threats and bot attacks are biggest threats to API security (BetaNews) APIs power many of our digital experiences, but because they provide a window into applications they also present a security risk.

Smominru! Half a million PCs hit by cryptomining botnet (The State of Security) A Monero-mining botnet called Smominru is said to have infected 526,000 Windows PCs since May 2017 and is earning millions of dollars for its operators.

Massive Smominru Cryptocurrency Botnet Rakes In Millions (Threatpost) Researchers say Smominru threat actors are in control of 500,000 node botnet and earning $8,500 daily mining for Monero cryptocurrency.

Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em (Register) Yep, vulns of WannaCry infamy. Why haven't you patched yet?

NSA exploit EternalBlue is back and powering WannaMine cryptojacking malware (TheINQUIRER) It's like WannaCry but it's more stealthy and goes after your CPU,Security

What are “WannaMine” attacks, and how do I avoid them? (Naked Security) Combine the ETERNALBLUE exploit from WannaCry with a payload that mines cryptocoins, and you get “WannaMine” – here’s what you need to know.

Cryptomining – is it the new ransomware? [REPORT] (Naked Security) SophosLabs just published a technical report about cryptomining – on your Android device, via apps from Google Play, no less.

Erie County Medical Center: Anatomy of a ransomware attack (Health Data Management) Buffalo, N.Y. hospital’s response to cybercriminals taking its data hostage provides valuable lessons for other healthcare providers.

Medical Imaging Devices Are Vulnerable To Cyber-Attacks (Information Security Buzz) The Israeli national media is reporting on research from Ben-Gurion University which shows that “unpatched” medical devices whose owners and operators don’t download ongoing security updates may be vulnerable to attacks. In their paper “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show the relative ease of exploiting these “unpatched” medical devices.

True Believers (Foreign Affairs) ISIS’ land may be vanishing, but the dream of a true Islamic state—of heaven on earth—remains.

ISIS's War on Families Never Ended (Foreign Policy) The Islamic State's campaign for the hearts and minds of Syrian children may have laid the groundwork for its resurgence.

Security Patches, Mitigations, and Software Updates

New AMD Processors to Include Protections for Spectre-like Exploits (SecurityWeek) AMD’s Zen 2 and future processors will include protections against exploits such as the recently disclosed Spectre, the company’s CEO said

Mozilla Fixes Severe Flaw in Firefox UI That Leads to Remote Code Execution (BleepingComputer) Mozilla has released Firefox 58.0.1 to fix a security issue that was hiding in the browser's UI code and would have allowed an attacker to run code on the user's computer, allowing a quick and easy path to delivering malware or even taking over the entire PC.

Multiple Zero-Day Vulnerabilities in ManageEngine Products Disclosed by Digital Defense, Inc. (Digital Defense) Collaboration results in prompt resolution

Windows security: We'll delete tools that bully you to buy upgrades, says Microsoft (ZDNet) Cleaners and optimizers that try to scare PC users into paying for upgrades will be detected and removed.

Machine Learning Helps Google Remove a Record 700,000 Bad Apps (SecureWorld) Google removed a record number of bad apps from its Google Play store in 2017. In part, the company credits advances in machine learning.

Cyber Trends

Poll: Dissolving network boundary requires a new approach to security. (CSO Online) A Forcepoint study shows IT security executives want to understand user intent vs. relying on technology alone.

6 findings from Experian’s newest global fraud report (Auto Remarketing) It would seem automotive financing and retail activity is not immune to unscrupulous behavior, especially activity that originates online.

Nearly Two-Thirds of U.S. Federal IT Leaders See Identity Management as Critical to Cybersecurity - Unisys Survey (Business Insider) About two-thirds (64 percent) of U.S. federal government IT leaders view identity management solutions as a 'very...

Marketplace

Lieberman Software Acquired by Bomgar (Dark Reading) Deal combines privileged access management products, technologies.

ECS to be Acquired by On Assignment For $775 Million (BusinessWire) ECS Federal, LLC (“ECS” or the “Company”), one of the largest privately-held government services contractors delivering artificial intelligence, cyber

An unnamed Hong Kong-based blockchain investment fund has acquired Chinese crypto exchange BTCC (Business Insider) Chinese cryptocurrency exchange BTCC has been acquired by an unnamed Hong Kong-based blockchain investment fund

These hot technologies are ready to be commercialized... all they need is you! (National Security Agency Technology Transfer Program) A Patent License Agreement offers the opportunity to add Agency technology to your existing capability or build a new business around it. The National Security Agency’s Technology Transfer Program (TTP) may have exactly what your company needs to gain a competitive edge in the commercial marketplace.

Duo Security Announces Record-Breaking Year After Launching Duo Beyond (Duo Security) Duo Security today announces a major annual recurring revenue (ARR) milestone, investments in additional leadership, and strategic partnerships with some of the largest players in the technology world in 2017.

Symantec's revenue jumps 16 percent (Reuters) Symantec Corp's quarterly revenue rose 16 percent, helped by strong demand for its cyber-security software.

Symantec CEO Cloud Confession: Traditional License, Appliance Product Sales Will Become An Exception In Our Business (CRN) "Customers are picking the cloud form factor and the virtual appliance form factor way more often that we thought," said Symantec CEO Greg Clark.

Why Google partnered with MobileIron – and what they plan to offer (Computerworld) Google will use MobileIron's enterprise mobility management platform and analytics software to create App Store-like instances that can be offered through telecom providers.

Imperva: The Value-Destructive Effects Of Dilution (Seeking Alpha) Imperva has diluted shares by ~33% over five years. I look at what happens to shareholder value if it repeats this over the next five years. Share dilution shou

Emerging Gulf State cyber security powerhouse growing rapidly in size, (Reuters) A little-known cyber security company in the United Arab Emirates (UAE) recruiting executives who have worked for Western intelligence services is turning over hundreds of millions of dollars a year, largely in contracts with the government, according to its chief executive.

Cyber Armour is Need of the Hour: Harshil Doshi, Forcepoint India (Elets News) Rising menace of security threats is creating the urgent need to ensure cyber security solutions across the Banking, Financial Services and Insurance (BFSI) domain. In order to ensure complete safety of data and maintain credibility all the banks – big and small are ensuring the use of advanced technologies, says Harshil Doshi, Strategic Security Solutions Consultant, Forcepoint India, in conversation with Harshal Yashwant Desai of Elets News Network (ENN).

“Vendors promise the moon, but don’t always deliver," analyst says (Tahawul Tech) Technology vendors mislead CIOs when they claim to be complete solutions providers, and systems integrators are the true unsung heroes of enterprise IT, a leading industry analyst has claimed.

Snake Oil Salesmen Plague the Security Industry, But Not Everyone Is Staying Quiet (Gizmodo) Adriel Desautels was suddenly in a serious mess, and it was entirely his fault.

Midlands Cyber sets sights on USA | TheBusinessDesk.com (East Midlands) Breaking the US Cyber market, taking East Midlands companies Stateside

New York Aiming to Be the Country’s Cybersecurity Hub (WSJ) New York City is pushing to become the country’s cybersecurity hub, and has attracted several firms in recent months with a $30 million initiative.

Products, Services, and Solutions

Equifax, still having problems computering, releases credit locking app that doesn’t (Ars Technica) It's supposed to lock reports for free but doesn't work as advertised—or at all.

CompTIA Launches Beta Test for New CompTIA PenTest+ Certification (PR Newswire) CompTIA, the leading provider of vendor-neutral skills...

Munich Airport Establishes Center to Fight Cybercrime (AviationPros.com) Munich Airport has opened a new chapter in its IT security activities. At a special ceremony today, the airport launched its Information Security Hub (ISH) – a competency center where IT specialists with the airport operating company (FMG) will work...

CenturyLink and collab9 to deploy secure cloud communications to the Defense Nuclear Facilities Safety Board (PR Newswire) CenturyLink, Inc. (NYSE: CTL) and collab9, a leading FedRAMP-authorized...

Zentera Systems Announces Partnership with Nebosystems to Help Enterprises Address Need for GDPR Compliance (Broadway World) Zentera Systems Announces Partnership with Nebosystems to Help Enterprises Address Need for GDPR Compliance

SpaceX Launches Satellite With More Cyber Protection (VOA) The Luxembourg-built satellite expands NATO surveillance and ability to stop cyber attacks

Sophos integrates $100m acquisition into new next-gen offering (CRN) Vendor acquired Invincea last year and has now integrated it into its offering, with one partner calling the end result 'a game changer'

Paladin Armor Seeks To Redefine Smart Home Security (Forbes) “Home security” is a broadly defined moniker that in my view does a disservice ...

Virsae unveils fraud busting security solution (New Zealand Reseller News) Virsae has unveiled plans to tackle rising toll fraud costs, through the introduction of a security management solution leveraging unified communications capabilities.

Bandura-Pioneered Threat Intelligence Gateways Begin Mainstream Ascent (GlobeNewswire News Room) Providers of threat intelligence gateways reported growth rates from 120% to 400% from startup companies with a small base of overall revenue in 2016, Gartner states in report

Recorded Future Gives Companies Single View, Analysis of Security (SDxCentral) Threat intelligence company Recorded Future launched a new security product that provides a single view and analysis of threat data from various sources.

Technologies, Techniques, and Standards

Navigating ASEAN’s patchy cyber security landscape (ComputerWeekly) Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows

Govt's cyber swachhta project reduces malware infections by 50% (Moneycontrol) Over 121 ISPs and close to 40 financial service organisations and other such firms are configured to receive daily bots threat intelligence feeds from the analysis centre.

How To Decrypt Files Locked By a Ransomware (Virus Removal Instructions) If your files got decrypted by a ransomware there are still chances to save them.

Coincheck hack: How investors can protect their digital money (International Business Times, Singapore Edition) Cybersecurity expert Rick McElroy shares a few things about the significance of protection for cryptocurrencies.

Mattis considers cellphone ban at Pentagon (Military Times) Defense Secretary Jim Mattis is considering banning all cell phones and personal electronic devices such as FitBits from the Pentagon

Cybersecurity/Defense & Homeland "Progress & Best Practices" 2018 (Federal News Radio) This program will provide a progress report on cybersecurity in defense and homeland in government.

Making the Case for Vendor Security to the C-Suite (BitSight) Learn how to overcome common objections and convince your executive team that vendor risk management is a vital component of information security.

Ignorance is no defence for failure to encrypt - Senetas (Voxy) "In 2018, it is staggering that many businesses still do not encrypt their data, especially when the data is travelling across public networks. Large data breaches are becoming the norm around the world. At least once a week we hear of a significant

Design and Innovation

In fingerprints and banks we trust: IBM reports on the future of authentication (ZDNet) An IBM study of The Future of Identity has found that whether people use passwords or biometrics is influenced by how old they are, where they live, and the value of the service involved. Choices are not purely technical....

What is happening with AI in cybersecurity? (SearchNetworking) Bloggers explore the growing role for AI in cybersecurity, network simplicity and the role of BGP in EVPN-based data center fabrics.

Why experts think blockchain has the same potential as the internet (Jacksonville Business Journal) Blockchain technology has the potential to dramatically improve efficiency and security in a variety of industries, Deloitte experts told the Jax Chamber IT Council.

Research and Development

Device-Independent Quantum Cryptography (EurekAlert!) The key to proving the security of device-independent quantum cryptography in a regime that is attainable with state-of-the-art quantum technology is the realization that any attack strategy, no matter how complex (symbolized in the lower row), can be decomposed into a sequence of simple steps (upper row).

MIT launches MIT IQ, aims to spur human, artificial intelligence breakthroughs, bolster collaboration (ZDNet) Perhaps the biggest takeaways from MIT IQ are that algorithms need new approaches and multiple disciplines and research areas need to collaborate to drive AI breakthroughs.

The Army wants to be able to track friendly forces during a cyber attack (C4ISRNET) The Army is working on a new Blue Force Tracking system as the service prepares for soldiers to operate in hostile cyber and electronic warfare environments.

Legislation, Policy and Regulation

How barely connected North Korea became a hacking superpower (South China Morning Post) North Korea’s most promising hackers are sent to Shenyang, in China, before being unleashed upon the US and other enemies

Russian spy chiefs met in Washington with CIA director to discuss counterterrorism (Washington Post) The meeting raised concerns among some U.S. officials that Moscow may believe the Trump administration is willing to move beyond the issue of election interference.

China Prepares to Win 'Informationized Local Wars' (StrategyPage) CIA Director Mike Pompeo pegs Russia and China as America's two most powerful and worrisome adversaries.

Israeli entrepreneur calls for NATO-style cybersecurity alliance (Times of Israel) Former MK Erel Margalit says Israel and its Arab neighbors already cooperate in protecting the civilian cybersphere, but must do more

Data breach disclosure law will lift Australia’s cyber security game (ComputerWeekly.com) New rules underscore Australia’s recent efforts to tackle cyber security challenges on the local and international stage.

Parliament passes law on cyber-security (Slovak Spectator) The new law aims to ensure security of Slovak cyber-space and avert possible cyber-attacks.

Countering significant cyber threats? Check. (Fifth Domain) Cyber Command’s global operational defense arm has reached full operational capability.

Who Is Paul Nakasone? Army Cyber Warfare Chief May Head NSA Soon (International Business Times) Apart from serving in the Army Cyber Command, Nakasone also worked as deputy commanding general at the U.S. Cyber Command, and was later promoted to commander of the Cyber National Mission Force.

Firewalling democracy: Federal inaction on a national security priority (TheHill) This is a moment to choose national defense over politics, and develop election cybersecurity plans.

Establishing digital age of consent for children won’t protect them – expert (Independent) Establishing a digital age of consent for children is not an effective method of protecting them online, according to an expert and professor in cyber studies.

Litigation, Investigation, and Enforcement

House intel committee releases transcript of contentious meeting over surveillance memo (Fox News) The House Intelligence Committee on Wednesday released a 51-page unclassified transcript of the contentious meeting this week between Republicans and Democrats in which members voted to publicly release the classified memo circulating in Congress that purportedly reveals government surveillance abuses.

Small businesses ‘losing the war’ against cyberattacks, say FBI and DHS (The Washington Times) Small businesses across America are increasingly falling prey to cyberattacks and allowing criminals access into the nation’s critical information-technology infrastructure, officials from the FBI and Department of Homeland Security warned lawmakers Tuesday.

German antitrust office starts asking questions about online ad platform giants (TechCrunch) Germany's national competition regulator has announced it's looking into market conditions in the online advertising sector, responding to concerns that a..

Bitcoin payments used to unmask dark web users (Naked Security) Researchers have discovered a way of identifying those who bought or sold goods on the dark web, by forensically connecting them to Bitcoin transactions.

Facebook sued for not stopping killer who gave 4 minute notice (Naked Security) The killer called it an “Easter day slaughter,” fatally shot a 74-year-old father of 10, then posted a video of the shooting to Facebook.

Wollongong hacker told GoGet of software flaws a year before cyber attack: court (Illawarra Mercury) Nik Cubrilovic advertised himself as a 'former hacker turned security consultant' on his recently shut-down website.

Warrington police are latest to offer safe zone for online transactions (Bucks County Courier Times) The police station lobby and parking lot on Easton Road are available to the public to use to complete online purchase transactions. Both areas are

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from The FBI, U.S. Secret Service, IBM, and more. Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: Phoenix (Phoenix, Arizona, USA, October 16, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

upcoming Events

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health and personal information, if or when their devices or EHR is breached by a hacker or inadvertently exposed by providers and staff.

Cyber Security Summit: Silicon Valley (San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from the FBI, Darktrace, @RISK Technologies and more. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.