The CyberWire Daily Briefing 2.12.18

Summary

By The CyberWire Staff

Olympic officials have confirmed that the winter games' official website was hacked during the opening ceremonies and remained unavailable for some twelve hours. A Pyeongchang 2018 spokesperson said the incident was a cyberattack and suggested that they know who was responsible. "In line with best practice," however, they will not yet offer any attribution. Tabloid speculation calls out the Russian mob and discerns a conventional criminal motive, but it's far too early to credit any snap judgment about cause and motivation.

Researchers over the weekend found cryptojacking on government websites in the UK, the US, and Australia. The miner, CoinHive, was apparently introduced through an accessibility plug-in, Browsealoud, developed by the British firm Texthelp. Texthelp confirms the compromise and is investigating.

The Sacramento Bee has decided to delete its (legally obtained) California voter database rather than pay extortionists to decrypt it.

IBM has issued patches for Spectre and Meltdown, and warned of a Lotus Notes bug.

Belgian police have released decryption keys for Cryakl ransomware on the No More Ransom site.

The CIA says reports it gave $100 thousand to a Russian informant as a downpayment on a million dollars promised for discreditable kompromat on President Trump are a crock (that is, "patently false"). This very odd and still developing story derives mostly from reports in the New York Times and the Intercept; the alleged transaction is said to be part of an operation to recover stolen classified information, which is itself at least as odd as any alleged kompromat.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Belgium, China, European Union, New Zealand, Russia, Ukraine, United Kingdom, United States, and and Vietnam.

Do you know your adversary’s next move? We do.

Getting a leg up on your adversary – cyber espionage, cyber crime, or hacktivism – is no easy feat. You need strategic intelligence…from the experts. But what makes intelligence strategic? Learn more in LookingGlass’ webinar featuring the experts. Join our Sr. Directors of Research and Analysis Jonathan Tomek and Olga Polishchuk on February 21 @ 2PM ET for a discussion covering what security teams need to proactively defend against your next cyber attack. Sign up now!

On the Podcast

In today's podcast we talk with our partners at Terbium Labs. Director of Analysis Emily Wilson offers a dark web scorecard on the 2018 Olympics and the 2018 elections, specifically addressing how matters stand in comparison with the last round of games and voting.

Sponsored Events

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, Feb 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Compete to win prize money plus the chance to be DataTribe’s next big investment (Online, Mar 23 - Apr 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Winter Olympics Site Taken Out for 12 Hours (Infosecurity Magazine) Winter Olympics Site Taken Out for 12 Hours. Russia suspected of pre-ceremony cyber-attack

Cyber Attack Disrupts Winter Olympics Website During Opening Ceremony (HackRead) The Winter Olympics Games Organizing Committee is investigating a cyber attack on the event's Internet and Wi-Fi system.

Pyeongchang Olympics Hit By Cyber Attack, With Widespread Rumors Russia to Blame (Gizmodo) Officials at the 2018 Pyeonchang Winter Olympics have occurred that a cyber attack hit the games, taking its website as well as TV and internet access at its main press center offline, the Guardian reported.

Winter Olympics website downed by cyber attack (Register) There was nothing to see here, but please move along, nothing to see here, say authorities

McAfee discovered 'malicious documents' targeting Winter Olympics ahead of opening ceremony 'hack' (ZDNet) The 2018 Winter Olympics opening ceremonies were briefly impacted when servers belonging to Olympic organisers were hacked.

Cryptojacking attack hits ~4,000 websites, including UK’s data watchdog (TechCrunch) At first glance a CoinHive crypto miner being served by a website whose URL contains the string ‘ICO’ might not seem so strange.

Government websites hijacked by cryptomining plugin (Graham Cluley) More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant Coinhive cryptocurrency-mining code designed to exploit the resources of visiting computers.

U.S. & UK Govt Sites Injected With Miners After Popular Script Was Hacked (BleepingComputer) Thousands of sites were injected with a in-browser Monero miner today after a popular accessibility script was compromised. With 4, 275 sites affected, this included government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.

Data security investigation underway at Texthelp (Texthelp) At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack.

Cryptomining script poisons government websites – What to do (Naked Security) Reports surfaced over the the weekend of many government websites that were “infected with malware”. Here’s what we know, and what to do.

Californian Voter Records Held for Ransom Again (Infosecurity Magazine) Californian Voter Records Held for Ransom Again. Newspaper’s error means firewall was down for two weeks

Domain Theft Strands Thousands of Web Sites (KrebsOnSecurity) Newtek Business Services Corp. [NASDAQ:NEWT], a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, had several of its core domain names stolen over the weekend.

How a Low-Level Apple Employee Leaked Some of the iPhone's Most Sensitive Code (Motherboard) This is how a small group of friends lost control of the leaked iBoot source code. The story behind one of Apple's most embarrassing leaks.

Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild (CP Blog) Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild and a Proof-of-concept exploit code is available online.

Uh-oh. How just inserting a USB drive can pwn a Linux box (HOTforSecurity) Remember the notorious Stuxnet worm? It was a highly-sophisticated piece of malware - developed by the United States and Israeli intelligence - which targeted Iran's Natanz uranium enrichment facility. One of the things which made Stuxnet so notable was that it... #kdeplasma #linux #malware

DarkSky botnet spotted evading security measures (SC Media UK) A new botnet has been discovered by security researchers that has anti-virtual machine capabilities to evade security controls such as a sandbox.

Turns out Equifax breach was way bigger than initially thought (HackRead) Equifax suffered a hack attack in 2017 in which 143 million customer data was stolen - It turns out that Equifax didn't fully reveal what exactly was stolen.

Buffett's Business Wire now 'stable' after cyber attack (Reuters) Business Wire, the corporate news release distributor owned by Warren Buffett's Berkshire Hathaway Inc, on Friday said it had fended off a cyber attack designed to disable it, and that its system was now "stable."

DDoS Extortion and Attack Techniques (BankInfo Security) DDoS extortion comes in many forms. Campaigns over the past three years have varied in their nature and continue to evolve over even the past few months. What

Expect cyber attacks on supply chains: Eset (Techgoondu) Attackers are trying to use the weakest element in the organisation’s supply network to infiltrate larger companies, according to security firm Eset

Half of All Cryptojacking Scripts Found on Porn Sites (BleepingComputer) Almost 50% of all cryptojacking scripts (in-browser miners) are deployed on adult-themed sites, according to new numbers released this week by Qihoo 360's Netlab division.

Have federal nuclear supercomputer? GO CRYPTOMINING! (Naked Security) News of arrests at a Russian nuclear physics lab for “unauthorised cryptomining” reminded us of SETI@work in the 1990s…

Bitcoin’s ‘Civil War’ Hit InfoWars Last Night and It Was Bizarre (Motherboard) We've hit peak... something.

8 Nation-State Hacking Groups to Watch in 2018 (Dark Reading) The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.

Op-ed: Logan Paul tases a dead rat, draws YouTube’s harshest crackdown yet (Ars Technica) Op-ed: Logan Paul tases a dead rat, draws YouTube’s harshest crackdown yet

Security Patches, Mitigations, and Software Updates

IBM Patches Spectre and Meltdown for Power Servers (Infosecurity Magazine) IBM Patches Spectre and Meltdown for Power Servers. Big Blue also warns of new Notes vulnerability

If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast (Register) Also: Big Blue's Meltdown, Spectre status updated, and a mystery bug in AIX

Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models (Threatpost) Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impact 25 models of its popular ThinkPad laptops.

VMware Addresses Meltdown, Spectre Flaws in Virtual Appliances (Security Week) VMware starts releasing patches and workarounds for Virtual Appliance products in response to the Spectre and Meltdown vulnerabilities

Chrome will mark HTTP pages as "not secure" (Help Net Security) Starting with Chrome 68, which is scheduled to be released in July 2018, Google will explicitly mark all HTTP sites as “not secure."

Cyber Trends

Cybercrime shifts: Rise of Russian cybercrime, attacks on cryptocurrency marketplaces (Help Net Security) Cryptocurrency marketplaces, designed to facilitate trading on the full range of digital currencies, are experiencing a range of fraudulent activity. The w

The Time to Focus on Critical Infrastructure Security is Now (Security Week) The software that controls our infrastructure is vulnerable to attack, and the potential results are far more destructive and pervasive than even science fiction would have us believe.

The technology takeover: Connectivity creates chaos culture (SiliconANGLE) The technology takeover: Connectivity creates chaos culture - SiliconANGLE

Internet users hate marketing spam more than cybercrime (iNews) More than one third of internet users have intentionally supplied false information about themselves when signing up for products and services online, acco

Consumers prefer security over convenience for the first time ever, IBM Security report finds (TechRepublic) Mobile and web users are aware of the data breaches happening around them, and are now prioritizing strong security and privacy--especially when it comes to their financial accounts.

Marketplace

Polish electric company looks to Israel as ‘partner in fighting cyber-crime’ (Times of Israel) Despite strained ties over Holocaust bill, 2 countries sign agreement; visiting Polish delegation to tour 10 cybersecurity firms and the National Cyber Institute

Cyber Warranties: What to Know, What to Ask (Dark Reading) The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.

Demand for email security escalates consolidation of phishing awareness & training point solutions (IT Pro Portal) Organisations must empower their employees with right tools and techniques to fight phishing at every phase of an attack.

Can we trust Intel Inside to mean secure computing? (ComputerWeekly) Intel has just released an updated patch after its previous update failed spectacularly. Now its CEO is promising security assurance

General Dynamics buying CSRA in watershed federal IT deal (Washington Technology) General Dynamics will pay $6.8 billion in cash to acquire CSRA in a move that consolidates two of government IT's largest players.

Lockheed gets extension on cyber range work (Washington Technology) Lockheed Martin will continue to support the National Cyber Range as the Defense Department continues to develop a larger and broader multiple award contract.

Zerodium Offers $45,000 for Linux 0-Days (Security Week) Hackers willing to find unpatched vulnerabilities in the Linux operating system and report them to exploit acquisition firm Zerodium can earn up to $45,000 for their findings, the company announced on Thursday.

Why Security Collaboration Is Critical for Luring Companies Like Amazon in Boston (Bost Inno) To no one’s surprise Boston has made it into the final round for selection of Amazon’s HQ2. While Boston ticks the boxes off Amazon’s list, we have additional assets that have real benefits to Amazon, or any large enterprise.

King Mill to get new life with plans for 250 apartments on the horizon (WRDW) Work continues at Sibley Mill to create what they're calling Augusta Cyberworks, a cyber tech campus with a data center and office spaces. The same developer at Sibley Mill has just bought the even larger King Mill right next door. They have plans to turn that old mill into apartments.

Government Cyber Contractor Eyes Texas Expansion (Government Technology) Noblis, a research and technology nonprofit, is looking to expand its San Antonio workforce focusing on artificial intelligence, data science and cybersecurity.

Cyber Deception Company Cymmetria Hires Lloyd's of London Exec (CTECH) The company recruited Marcus Alldrick, the former head of digital risk and compliance at the London-based insurance market

Products, Services, and Solutions

New infosec products of the week: February 9, 2018 (Help Net Security) This week's new infosec product releases showcase the following vendors: BeyondTrust, Cylance, Hitachi ID Systems, Waratek, and IOGEAR.

Blockchain consulting: Accenture, Synechron in pilot projects (SearchITChannel) Blockchain consulting is gaining momentum as Accenture and Synechron deliver prototype and pilot projects in the travel and financial services sectors.

Five smart TVs tested for security, privacy issues (Help Net Security) Consumer Union, a US-based nonprofit organization dedicated to unbiased product testing, has conducted a privacy and security evaluation of five smart TVs from the most widely sold TV brands in the US.

IBM QRadar vs Splunk: Top SIEM Solutions Compared (eSecurity Planet) While both SIEM solutions are popular industry leaders, each has its strengths and weaknesses. We take a close look at both.

NetIX launches new DDoS mitigation service (Capacity Media) NetIX has launched a new distributed denial of service (DDoS) attack mitigation product aimed at its telecoms customers and partners.

Parity Technologies engages Trail of Bits (Security Boulevard) We’re helping Parity Technologies secure their Ethereum client. We’ll begin by auditing their codebase, and look forward to publishing results and the knowledge we gained in the future. Parity Technologies combines cryptography, cellular systems, peer-to-peer technology and decentralized consensus to solve the problems that have gone unaddressed by conventional server-client architecture. Their Ethereum client is designed for

PhishMe Attains SOC 2 Type I Compliance Across PhishMe Simulator and Hosted PhishMe Triage Product Offerings (Benzinga) The leading provider of human phishing defense solutions today announced it has successfully completed a Service Organization Controls (SOC) 2 Type I examination LEESBURG, Va. (...

Technologies, Techniques, and Standards

Belgian police release decryption keys for Cryakl ransomware (V3) Decryption keys for the Cryakl ransomware have been released to the No More Ransom website following an operation led by Belgian police, assisted by security software firm Kaspersky Lab.

GDPR best practice use cases highlight burden and opportunity (Diginomica) Marketing executives and IT decision makers can help organisations cope with growing customer concerns and regulatory pressures.

Why is Cyber Threat Intelligence Sharing Important? (Infosecurity Magazine) Information-sharing forms one of the main pillars that will allow those organizations to better respond to the general cyber threat.

What government agencies tell us about cloud security (The Stack) Michael Mudd discusses the impact of the Snowden Revelations on businesses' understanding of cloud security.

Why it’s harder for threats to hide behavior on a corporate network (CSO Online) If signatures in cybersecurity are like fingerprints in a criminal investigation, behavioral detection is like profiling – it’s harder to hide, but it’s not foolproof either.

Security pros need a better way of pooling threat intelligence (C-Suite) Infoblox Inc. has released the results of its third annual study on the state of threat intelligence exchange conducted by the Ponemon Institute.

Stay on Track: High Tensions Often Cause Incident Response to be Derailed (Security Week) Inside look at the “response” phase of the incident response lifecycle. NIST 800-61 guidelines outline this in two phases: Detection & Analysis and Containment, Eradication & Recovery

Why Is Blockchain Technology The Perfect Fit For IP Exchange? | TechBullion (TechBullion) The bold push for blockchain technology and cryptography by Satoshi Nakamoto in 2008 when he invented the cryptocurrency; Bitcoin, has brought on a wave of solutions to problems in different fields from fashion to finance and luxury shopping. It’s a whole new world for anyone looking to leverage the inherent security of blockchain technology and […]

Design and Innovation

No more Windows 10 passwords? Microsoft says Hello to palm-vein biometrics (ZDNet) Microsoft and Fujitsu have teamed up to enable palm-vein authentication on Windows 10 as part of Windows Hello.

The Immorality of Bad Software Design (Weekly Standard) You surely saw the news: At 8:07 on January 13, a quiet Saturday morning in Honolulu, Hawaii’s Emergency Management Agency sent out to a million cell phones a text that read, “BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”

The National Inventors Hall of Fame to Induct 15 Innovators in 2018 Class (Multivu) National Inventors will induct 15 innovation pioneers for their world-changing inventions on May 2-3 during the Greatest Celebration of American Innovation

Academia

DSU cyber-ethicist to discuss technology’s threat to human nature (Dakota State University) What you find at DSU might surprise you. We offer an update on the traditional college experience that’s both rigorous and fun, with a technological twist that will prep you for a successful career in any field.

Legislation, Policy and Regulation

Deterring Cyberattacks (Foreign Affairs) For years, the United States has failed to devise a strategy to deter or respond to cyberattacks. In the future, it must communicate what behavior is acceptable and what is not—and what Washington will do about it.

Cybersecurity can't be seen in isolation, it has to be a concerted international effort, says ex-DHS cybersec chief Sean McGurk (Tech2) From digital identity, digital banking and data usage, India is ideally positioned to provide worldwide leadership in the digital era

Bill In US Senate Calls For Cryptocurrency Terror Threat Assessment (ETHNews.com) A bill currently in the US Senate would call on federal personnel, including from the Department of Homeland Security, to develop and share with other law enforcement bodies a threat assessment describing how cryptocurrencies could be used to support terrorist activity.

Krebs Nominated to Lead NPDD at Homeland Security (Homeland Security Today) He's been serving in the role as undersecretary since 2017, overseeing the cyber and physical infrastructure security mission for the department.

Politicians urge parents to get involved in 'child's e-safety' to detect cyber bullying (NZ City) Youth mental health experts say parents need more help to deal with cyber bullying.

Huawei claims national security is used as plausible excuse for 'protectionism' (Register) Global government affairs Veep wants trade rules to apply

Why Amazon, Apple, Facebook, and Google Need to Be Disrupted (Esquire) Four companies dominate our daily lives unlike any other in human history: Amazon, Apple, Facebook, and Google. We love our nifty phones and just-a-click-away services, but these behemoths enjoy unfettered economic domination and hoard riches on a scale not seen since the monopolies of the gilded age. The only logical conclusion? We must bust up big tech.

Litigation, Investigation, and Enforcement

CIA: 'Patently false' that we lost $100K to Russian offering Trump secrets (TheHill) The CIA, in a recent statement, pushed back against reporting that said U.S. spies were swindled out of $100,000 during secret negotiations meant to obtain stolen cyber tools.

U.S. Secretly Negotiated With Russians to Buy Stolen NSA Documents — and the Russians Offered Trump-Related Material, Too (The Intercept) The secret communications channel has opened rifts between CIA and NSA officials, some of whom fear getting damaging material on Donald Trump.

U.S. Spies, Seeking to Retrieve Cyberweapons, Paid Russian Peddling Trump Secrets (New York Times) After months of negotiations, the Russian insisted on including information about the president as part of a deal involving stolen hacking tools.

US intelligence negotiating return of classified NSA documents (TheHill) American intelligence officials have been conducting a top-secret operation to recover stolen National Security Agency (NSA) documents through meetings with Russian intermediaries, according to The Intercept.

The NSA sent coded messages to a shadowy Russian on its official Twitter account (Business Insider) The NSA fired off roughly a dozen coded tweets over a period of months last year, each time giving the Russian advance notice of the messages they would tweet.

The Inside Scoop on the New York Times’ Russian Spy Story from the Guy Who Reported It (Slate Magazine) “You never know entirely who is who. And with the Russians it is especially hard.”

Supreme Court fight could stir up fears of US spying overseas (Yahoo) The Supreme Court will hear a digital privacy case this month against Microsoft that could attract international attention and reignite fears that the U.S. government is harnessing tech giants to spy on the rest of the world.

2nd Circuit Vacates Arab Bank's Hamas Terrorism Verdict (New York Law Journal) The Second Circuit vacated Arab Bank's Hamas terrorism verdict but 597 plaintiffs are still set to receive a substantial settlement.

Russian Nuke Scientists, Ukrainian Professor Arrested for Bitcoin Mining (BleepingComputer) Authorities in Russia and Ukraine have arrested suspects this past week on accusations of using work computers to mine Bitcoin.

It’s all over: Why the Waymo v. Uber self-driving settlement makes sense (Ars Technica) By giving up just 0.34 percent of the company, Uber essentially got off cheaply.

Former Employee Arrested for Trying to Sell Company's Database for $4,000 (BleepingComputer) Officers from Ukraine's Cyber Police Department arrested a suspect last week for attempting to sell customer data belonging to his former employer.

Cloudflare Terminates Service to 'The Pirate Bay of Science' (Motherboard) Supporters tell Sci-Hub to “stay strong” while academic publications celebrate their victory.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Security Summit: Silicon Valley (San Jose, California, USA, Feb 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from the FBI, Darktrace, @RISK Technologies and more. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Security Titans (Scottsdale, Arizona, USA, Feb 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

CyberThreat 18 (Westminster, England, UK, Feb 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics by security experts and prominent industry figures, interspersed with team-building events and hands-on challenges designed to put both your defensive and offensive skills to the test.

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, Feb 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team and Andy Williams, ensuring Midlands based companies that are seeking a market entry strategy into the USA can access the best advice and guidance possible.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, Feb 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, Feb 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from The FBI, U.S. Secret Service, IBM, and more. Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

PrivacyCon 2018 (Washington, DC, USA, Feb 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC sought general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies’ failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, Mar 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, Mar 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, Mar 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, Mar 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, Mar 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, Mar 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, Mar 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, Mar 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, Mar 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, Mar 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Olympic site hacked. Cryptojacking government sites. Patch notes. Cryakl decryptor released. CIA denies paying for kompromat.