The CyberWire Daily Briefing 2.13.18

Summary

By The CyberWire Staff

The malware used against official sites of the PyeongChang Winter Olympics now has a name: "Olympic Destroyer." It's also said, by Cisco's Talos research unit, to share some code with NotPetya and BadRabbit, pseudoransomware strains famously used last year. The malware was apparently used with disruptive rather than financially motivated intent. The two usual suspects are Russia and North Korea, with more of the circumstantial evidence (and motive, and opportunity) pointing toward Russia. Russia's Ministry of Foreign Affairs is on the counter-messaging warpath, denouncing rumors of that country's involvement as nothing more than a CIA and NSA operation concocted with firms like ESET, ThreatConnect, and Trend Micro. Bratislava-based ESET is particularly mentioned in dispatches, and a Slovak-American plot against Russia would at least have the virtue of novelty. But ESET understandably and believably denies that any such thing is up, characterizing the charges as propagandistic hooey and misdirection.

North Korea may be posing as a global model citizen during the games, but its Lazarus Group has shown a new spurt of activity in its familiar specialty of cryptocurrency theft.

The hitherto little-known BitGrail cryptocurrency exchange says it's lost $195 million to hackers, but observers are skeptical.

Skype has been found to suffer from issues in its updater process that could grant an attacker system-level privileges through DLL hijacking. Microsoft won't patch it immediately: it's a tricky problem that will require significant reworking of Skype code.

Tomorrow is Valentine's Day. Experts caution the lovelorn against entrusting their hearts to the Internet.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Austria, Canada, Estonia, Germany, India, Indonesia, Iran, Iraq, Italy, Democratic Peoples Republic of Korea, Republic of Korea, Lebanon, Netherlands, Palestinian Territories, Pakistan, Philippines, Qatar, Russia, Slovakia, Somalia, Sweden, Switzerland, Thailand, Turkey, United Arab Emirates, United Kingdom, United States

Do you know your adversary’s next move? We do.

Getting a leg up on your adversary – cyber espionage, cyber crime, or hacktivism – is no easy feat. You need strategic intelligence…from the experts. But what makes intelligence strategic? Learn more in LookingGlass’ webinar featuring the experts. Join our Sr. Directors of Research and Analysis Jonathan Tomek and Olga Polishchuk on February 21 @ 2PM ET for a discussion covering what security teams need to proactively defend against your next cyber attack. Sign up now!

On the Podcast

In today's podcast we speak with our partners at Webroot, as David Dufour talks us through Mac vulnerabilities. Our guest is Mark Loveless from Duo Security, who shares some insights into personal safety devices in the Internet-of-things.

Sponsored Events

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Compete to win prize money plus the chance to be DataTribe’s next big investment (Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Winter Olympics hit by cyber-attack (BBC News) The website for the Games suddenly went offline on 9 February after being attacked, officials say.

Researchers: We Found the Olympic-Disrupting Malware (Motherboard) They're calling the malware 'Olympic Destroyer' and say they have "moderate confidence" that it was used to disrupt the Opening Ceremony.

Olympics attack aimed at disruption, say Cisco researchers (iTWire) Researchers at Cisco's Talos Group say they are fairly sure that a cyber attack during the opening ceremony of the Winter Olympics on Friday, using Wi...

Hackers attacked the opening ceremony of the Winter Olympics. The question is who they were. (Vox) The two main suspects are Russia and North Korea.

Eset rejects allegations raised by Russia of cooperation with the CIA (Slovak Spectator) Slovak cyber security company stresses that one of its principles is to stay neutral on any political or geopolitical issue.

Skype can't fix a nasty security bug without a massive code rewrite (ZDNet) The bug grants a low-level user access to every corner of the operating system.

‘We’re still training Kashmiris for jihad,’ Hizbul leader claims (Asia Times) Commander laughs off his designation as a global terrorist in an exclusive interview with Asia Times

Necurs Spammers Go All In to Find a Valentine's Day Victim (Security Intelligence) The cybergang behind the Necurs botnet launched a massive romance-themed spam campaign in the lead up to Valentine's Day, impersonating single Russian women looking for dates online.

Valentine’s Day Sends Mobile, Online Dating Scammers on the Prowl (Security Boulevard) In a month where match-making is in high demand, we took a look at recent trends around online dating sites using Webroot Brightcloud Threat Intelligence Platform. What did we find? Valentine’s Day sends...read more The post Valentine’s Day Sends Mobile, Online Dating Scammers on the Prowl appeared first on Webroot Threat Blog.

Deciphering Confucius’ Cyberespionage Operations (TrendLabs Security Intelligence Blog) We stumbled upon the Confucius hacking group while delving into Patchwork’s cyberespionage operations. Confucius targeted a particular set of individuals in South Asian countries, such as military personnel and businessmen, among others.

‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories (Motherboard) Nine victims of SIM hijacking—an increasingly popular scam—share their stories.

BitGrail Cryptocurrency Exchange Claims $195 Million Lost to Hackers (Fortune) But claims of a hack have been greeted with widespread suspicion

Crypto-Wars: Bitgrail Hits Back at Dev Team After $170m Theft (Infosecurity Magazine) Crypto-Wars: Bitgrail Hits Back at Dev Team After $170m Theft. Crypto-exchange founder now claims Nano developers defamed him

Lazarus Rises Again with Aggressive Bitcoin-Stealing Campaign (Infosecurity Magazine) The campaign uses implants that have never before been seen and indicate a newly sophisticated level of attack.

Someone hacked this advertising screen to mine Bitcoin (HackRead) In today's world everyone wants Bitcoin and in today's news hackers have hacked advertising screen to mind Bitcoin with NiceHash code.

Researchers find Javascript cryptomining code in 19 Android apps (Computing) Cyber crooks are intent on hiding cryptomining code in Android apps

Cryptocurrency Mining Hack That Compromised Thousands of Sites ‘Could Have Been a Catastrophe’ (Motherboard) UK and US government sites were affected.

Hackers Used Ontario Government and CAMH Websites to Mine Cryptocurrency (Motherboard) Hackers hijacked a popular plugin.

Creators of In-Browser Cryptocurrency Miner 'Coinhive' Say Their Reputation Couldn't Be Much Worse (Motherboard) Hackers are planting code on websites designed to use visitors’ computers to mine cryptocurrency. The creators of Coinhive, one of the most popular variants, say they didn’t see it coming.

The harmful drive-by currency mining scourge shows no signs of abating (Ars Technica) One attack sneaks coin-mining malware onto 4,300 sites. Another targets Android users.

In Iceland, bitcoin mining will soon use more energy than its residents (Ars Technica) “I could not have predicted this trend—but then bitcoin skyrocketed.”

Flashpoint - Inside a Twitter ‘P[0]rnbot’ Campaign (Flashpoint) Flashpoint analysts recently investigated the trend of adult entertainment-themed Twitter bots known as p[0]rnbots, which post tweets with hashtags containing popular brand names alongside random, unrelated terms.

Study shows which phishing attacks most successful (SC Media UK) People are predictable when it comes to designing phishing attacks with messages concerning money getting the most clicks.

Don't fall for this elaborate WhatsApp phishing scam (Trusted Reviews) Thousands of users are falling victim to a new scam on WhatsApp. Here's how to make sure you don't fall into the same trap.

Beware the ‘celebrities’ offering you free cryptocoins on Twitter (Naked Security) Who CAN you trust if you can’t trust @DoonaldTrump65, promising Ethereum to all comers like he’s a cryptocurrency version of Oprah Winfrey?

5 Questions on Cryptomining Answered with Bryan York of CrowdStrike (Best Endpoint Security Protection Software and Vendors) We asked Bryan York, Director of Services at CrowdStrike, 5 questions on cryptomining and what it means for your business.

New Hack Can Steal Data From Devices in Faraday Cages (Motherboard) Last year Wikileaks released documents detailing how attackers can compromise offline computers. This new study goes one step further, exposing the fallibility of Faraday cages

MY TAKE: Here’s how the U.S. economy would lose $15 billion from a 3-day cloud outage (Security Boulevard) Cyber attack scenarios have become fairly common. It doesn’t take too much imagination to conjure plausible assumptions and project Armageddon-scale damages attributable to crippling cyber attacks. One prime example is the Herjavec Group’s 2017 cybercrime report which suggests damage caused by cyber criminals is climbing towards a whopping $6 trillion in annual global encomic damage

Dissidents Have Been Abandoned and Besieged Online (Motherboard) Neither governments nor the cybersecurity community have taken enough responsibility for protecting human rights activists from hacking and surveillance.

Security Patches, Mitigations, and Software Updates

February Patch Tuesday forecast: Key updates to act on (Help Net Security) We all know that on a month-to-month basis there is not a lot of important patch information we need to convey up to management or down to our users.

Verizon kills unlocked-phone policy by temporarily locking phones to its service (CNET) It had previously sold all its phones unlocked, allowing you to swap SIM cards and use other carriers immediately.

Netflix warning over Intel's latest Meltdown fix that could cause CPU latency spikes of 8,000 per cent (Computing) New Meltdown patches from Intel still have issues...

Cyber Trends

New Research from Advanced Threat Analytics Finds Mssp Incident Responders Overwhelmed by False-Positive Security Alerts (Advanced Threat Analytics Inc) Incident responders waste hours each day investigating false-positive security alerts; manpower requirements stress MSSP business models

9 in 10 Cybersecurity Leaders Concerned About Sharp Rise in Digital Threats, RiskIQ CISO Survey Finds (RiskIQ) Lack of internal resources and exploding cybercrime a ‘perfect storm’ for CISOs and their teams San Francisco

What CISOs prioritize in order to improve cybersecurity practices (Help Net Security) A new survey has unveiled what what CISOs prioritize. 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector.

Despite costly breaches, channel customers target remediation over prevention (Channelnomics) Both enterprises and SMBs showing channel a lack of urgency in taking preventative measures

Consumers want more IoT regulation (Help Net Security) According to a study from Market Strategies International, consumers who understand IoT technologies want more IoT regulation.

Network Security Policy Management Solutions (NSPM) Enhance Change Management, Application & Business Continuity, Cloud Migrations and Disaster Recovery (GlobeNewswire News Room) New survey from Enterprise Management Associates reveals that NSPM solutions improve the security posture through better visibility, change and compliance management processes

Never Mind Malware – Social Engineering Will Be Your Biggest Threat This Year (Infosecurity Magazine) A much bigger threat comes in the form of the increasingly advanced deceptive techniques used by criminals to reach their targets.

Marketplace

General Dynamics Buying CSRA for $6.8 Billion (Wall Street Journal) General Dynamics said it agreed to buy CSRA for $6.8 billion as part of the defense contractor’s push into government IT services.

CSRA deal will determine whether General Dynamics is past its M&A troubles (Washington Business Journal) “Our M&A process was broken in that we bought some businesses that were somewhat problematic. We’re past that,” says General Dynamics CEO Phebe Novakovic.

FireEye: This Turnaround Story Gains Momentum (Seeking Alpha) Internet security firm FireEye was one of the few stocks that rose in the market downdraft last week. Better than expected fourth quarter results spark a rash o

Why a FireEye Deal Makes Some Sense for Microsoft Corporation (InvestorPlace) FireEye makes a sensible acquisition target for Microsoft. Don't buy MSFT stock just because of the possibility, but it sure doesn't hurt the bullish argument.

Google-Nest merger reawakens privacy worries (Naked Security) One observer said it “would be naive” to expect that a combined Google/Nest wouldn’t bring all the platforms and all the data together.

Thoma Bravo completes Barracuda Networks acquisition (PE Hub) Thoma Bravo has closed its previously announced buyout of Barracuda Networks Inc, a provider of cloud-enabled security and data protection solutions. The deal is valued at $1.6 billion. Goldman Sachs, Credit Suisse and UBS Investment Bank served as financial advisers to Thoma Bravo on the transaction.

Infocyte Series B Funding and New CEO Fuel Market Expansion of Leading Threat Hunting Platform (Infocyte) Infocyte, the threat hunting leader, today announced the close of a $5.2 million Series B funding round and welcomed seasoned Fortune 500 technology executive Curtis Hutcheson as CEO.

France's Thales sees more cybersecurity sales after strong 2017 (Reuters) French defense electronics group Thales enjoyed a jump in sales at its cybersecurity business in 2017 and expects further strong growth in the coming years, said executive Laurent Maury.

Why the IT industry is deserting UK's 'Silicon Valley' (and where everyone is going instead) (CRN) The Thames Valley has homed the IT industry for 30 years. As that changes, this is where the country's next tech hubs are going to be located

Cyber Security Cluster Austria presents IT security solutions (GlobeNewswire News Room) High-ranking representatives from international authorities around the world met with players in industry and research in Austria's capital earlier this month at this year's Vienna Cyber Security Week 2018 (VCSW)

To keep growing, these bwtech@UMBC incubator grads didn't move far (Technical.ly Baltimore) As they get bigger or even get acquired, companies who went through the Catonsville startup program stay in Maryland.

One in Three SOC Analysts Now Job-Hunting (Dark Reading) The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.

Equifax Names New CISO (Dark Reading) Former Home Depot CISO takes the reins in the wake of Equifax's massive data breach and fallout.

Products, Services, and Solutions

D3 Security Launches Guided Case Management; A Force Multiplier for Post-Incident Investigations and Digital Forensics (BusinessWire) D3 Security today announced the release of a Guided Case Management feature that supports efficient and disciplined post-incident investigations.

Technologies, Techniques, and Standards

You have five months to switch your website to HTTPS (Naked Security) Starting in July, Google Chrome will mark all HTTP sites as ‘not secure’.

4 reasons forensics will remain a pillar of cybersecurity (CSO Online) When protection fails, forensics can still prevail.

Polisis: AI-based framework for analyzing privacy policies in real time (Help Net Security) A group of researchers have developed Polisis, a framework for analyzing privacy policies. Polisis can be used to assign privacy icons to a privacy policy with an average accuracy of 88.4%.

How do you measure cybersecurity risk? (FederalNewsRadio.com) Rick Howard, chief security officer at Palo Alto Networks. discusses a wide range of security features offered by his company that could help your agency.

Tackling the insider threat: Where to start? (Help Net Security) Not all insider threats have to be malicious to cause an incident. How are you tackling insider threat within your organization?

Design and Innovation

UK outs extremism blocking tool and could force tech firms to use it (TechCrunch) The UK government's pressure on tech giants to do more about online extremism just got weaponized. The Home Secretary has today announced a machine learning..

The revolution of obfuscation for cybersecurity and threat intelligence (FCW) Without the proper protections, threat intelligence can do more harm than good.

Why banning autonomous killer robots wouldn’t solve anything (Aeon) Autonomous weapons – killer robots that can attack without a human operator – are dangerous tools. There is no doubt about this fact. As tech entrepreneurs such as Elon Musk, Mustafa Suleyman and other signatories to a recent open letter to the Un...

Research and Development

Scientists claim vanadium dioxide could transform aerospace and neuromorphic computing (Computing) Project backed by €3.9m of European Union funding

How large-scale quantum computers could become a security nightmare (Fifth Domain) If large-scale quantum computers are ever built, they may be able to break many of the public-key cryptosystems currently in use.

Seabed to Space: U.S. Navy Information Warfare Enriches Cyber Resiliency, Strategic Competition (DVIDS) The U.S. Navy Information Warfare (IW) pavilion concluded the three-day premier naval conference and exposition on the West Coast, WEST 2018, Feb. 8.

Academia

CyberPatriot Holds Proof of Concept for New CyberGenerations Program (GlobeNewswire News Room) The Air Force Association’s (AFA) CyberPatriot program announced today it has held a proof of concept for its new CyberGenerations program, designed to promote cyber safety for mature technology users, which is expected to launch late 2018.

Penn State Altoona students collaborate across disciplines on HAX competition (Penn State University) What began as an activity for the Security and Risk Analysis Club at Penn State Altoona, has grown to include entrepreneurs from the Sheetz Fellows Program. The two groups of students teamed up with the national security firm GRIMM to solve HAX challenges.

Legislation, Policy and Regulation

Estonian Spies Understand the Russian Threat (Bloomberg.com) Finally, a comprehensive look at Putin's ambitions backed by real expertise.

US terror designations expose 3 international facilitators for Islamic State (FDD's Long War Journal) The US Treasury Department has further exposed the Islamic State's international network by designating three facilitators as terrorists. The men have operated in the Philippines, Somalia, Turkey and elsewhere. One of them operates a business in Turkey that has acquired drone components for the so-called caliphate.

Dark Money: How Militants Exploit Hawala to Fund Terror (The Cipher Brief) Moving money covertly through hawala networks remains one of the leading methods of terrorist financing while avoiding detection.

Lawmakers spar over how much to punish Chinese firms (Washington Examiner) Mike Conaway wants to bar two firms from getting federal contracts, but it could hurt U.S. companies.

Trump requests $3.3B for DHS cyber unit in 2019 (TheHill) The 2019 budget request is largely consistent with Trump's first proposal.

Amino Apps Makes the Case for Anonymity Online (WIRED) The saying goes, "On the internet, no one knows you're a dog." Is that a good thing for an app for teens?

Litigation, Investigation, and Enforcement

Facebook's use of personal data is illegal, German court rules (Computing) Berlin legislators uphold complaint of German consumer groups about Facebook's privacy Ts&Cs

Adam Schiff: Trump didn't release Democratic memo because court citations undermine 'vindication' (Washington Examiner) 'What's really going on here is that the president doesn't want the public to see the underlying facts.'

Marc Short: Adam Schiff intentionally sabotaged the release of House Intelligence Committee Democrats' memo (Washington Examiner) “We believe Congressman Schiff intentionally put in there methods and sources that he knew would need to be redacted. And if we redacted it,...

Did the NSA really use Twitter to send coded messages to a Russian? (Naked Security) A sequence of 12 NSA tweets are claimed to be a coded back-channel used to communicate with a Russian negotiating to sell cyberweapons.

Obama admin discussed how much of Russia probe to share with Trump team (CNN) President Barack Obama met in January 2017 with then-FBI Director James Comey and other top national security officials to discuss sharing information related to Russia with the incoming Trump administration, where Obama stated that the Trump-Russia investigation should be handled "by the book," according to an email made public Monday and a source familiar with the matter.

Hillary Fingerprints All Over FBI's Investigation Into Trump's Russia Ties (The Federalist) Her campaign is linked to at least three separate pieces of information fed to the FBI, including the dossier the FBI used to spy on the Trump campaign.

Former Senior FBI Official Is Leading BuzzFeed’s Effort to Verify Trump Dossier (Foreign Policy) Anthony Ferrante coordinated the U.S. government’s response to Russian election interference. Now he’s helping a news site defend itself from a Russian billionaire’s lawsuit.

Explained: How the secret spy court really works (TheHill) The allegations of surveillance abuse raised by House Intelligence Committee Devin Nunes (R-Calif.) hinge on a 1978 law that governs surveillance for the purposes of foreign intelligence.

DHS pushes back on NBC, 'no evidence' Russians 'manipulated' elections (Washington Examiner) The Department of Homeland Security made the rare move Monday to officially push back on an NBC News report that claimed a top Trump officia...

Equifax accused of not disclosing the full extent of last year's data breach (Computing) Equifax accused of not telling the whole truth about the data that was stolen when it was hacked last year

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Laurel, Maryland, USA, March 2, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

upcoming Events

Cyber Security Summit: Silicon Valley (San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from the FBI, Darktrace, @RISK Technologies and more. Engage in panel discussions focusing on trending cyber topics including Emerging Threats to IoT & Big Data, Insider Threats, and Compliance. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

CyberThreat 18 (Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics by security experts and prominent industry figures, interspersed with team-building events and hands-on challenges designed to put both your defensive and offensive skills to the test.

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team and Andy Williams, ensuring Midlands based companies that are seeking a market entry strategy into the USA can access the best advice and guidance possible.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from The FBI, U.S. Secret Service, IBM, and more. Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

PrivacyCon 2018 (Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC sought general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies’ failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.