The CyberWire Daily Briefing 2.15.18

Summary

By The CyberWire Staff

The hacking of the Winter Olympics appears to have been under preparation at least since December. Investigation suggests that the Games' cloud provider, Atos, may have been compromised two months before the Olympics opened. Atos has brought in McAfee to help with its investigation.

The British Foreign Office has directly attributed last year's NotPetya pseudoransomware campaign to Russia, and warned that country's government that the UK will not tolerate another disruptive attack. Russian representatives dismiss the attribution as "Russophobia."

Trend Micro reports that its sensors have detected vulnerabilities in Apache CouchDB are being exploited in the wild by Monero cryptomining malware.

NewSky Security says that its honeypots have detected the formation of a new IoT botnet. This one is being called "DoubleDoor" because it chains two exploits to bypass a firewall and compromise a router. The first backdoor (CVE-2015-7755) affects the firewall, Juniper Networks' NetScreen. The second, CVE-2016-10401, enables privilege escalation to obtain a superuser account on ZyXEL PK5001Z devices.

The Satori botnet is also evolving, according to Netlab 360, and now affects routers made by Dasan Networks.

Another initial coin offering scam has been reported. LoopX, which may have been a cryptocurrency exchange, but which promised a "proprietary algorithm" yielding "great profits continually every month" has vanished, taking some $4.5 million in investors' cash along with it.

Coinherder, being investigated by Cisco and Ukrainian police, uses Google AdWords to poison search results with phishing to gain access to victims' wallets. Losses are said to run to some $50 million.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, Israel, Republic of Korea, Russia, Singapore, Ukraine, United Kingdom, United States

Do you know your adversary’s next move? We do.

Getting a leg up on your adversary – cyber espionage, cyber crime, or hacktivism – is no easy feat. You need strategic intelligence…from the experts. But what makes intelligence strategic? Learn more in LookingGlass’ webinar featuring the experts. Join our Sr. Directors of Research and Analysis Jonathan Tomek and Olga Polishchuk on February 21 @ 2PM ET for a discussion covering what security teams need to proactively defend against your next cyber attack. Sign up now!

On the Podcast

In today's podcast, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about the dispute between the state of New Jersey and the FCC over net neutrality. Our guest is Scott Register from Ixia who discusses the security issues surrounding the coming 5G cellular rollout.

Sponsored Events

Cyber Security Summits: February 13 in Silicon Valley & Atlanta on February 28 (Silicon Valley, California, USA, February 13, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Compete to win prize money plus the chance to be DataTribe’s next big investment (Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Atos, IT provider for Winter Olympics, hacked months before Opening Ceremony cyberattack (Cyberscoop) Hackers appear to have compromised Atos, the main IT service provider for the Winter Olympic Games months before last week's highly publicized cyberattack.

Stopping Olympic Destroyer: New Process Injection Insights (Endgame) The International Olympic Committee confirmed that the 2018 opening ceremonies experienced a range of digital attacks, resulting in internet disruption and containing the capability to cause destruction.

Russian actors mentioned as possibly launching Olympics cyber-attack (SC Media UK) Industry executives have gathered evidence showing the culprit behind the cyber-attack that hit the 2018 Winter Olympics might be a Russian group.

UK: Russia behind 'malicious' cyber-attack (BBC News) The defence secretary points finger at Kremlin for Ukraine attack, which also hit British businesses.

UK blames Russia for cyber attack, says won't tolerate disruption (Reuters) Britain blamed Russia on Thursday for a cyber-attack last year, publicly pointing the finger at Moscow for spreading a virus which disrupted companies across Europe including UK-based Reckitt Benckiser .

Russia was behind 'malicious' cyber attack on Ukraine, Foreign Office says (The Telegraph) Russia was behind a devastating cyber attack on Ukraine’s banks, government and power grid, the Foreign Office has said.

Vulnerabilities in Apache CouchDB Open the Door to Monero Miners (TrendLabs Security Intelligence Blog) Based on data from our sensors that we deployed worldwide, we have observed a new attack that exploits two vulnerabilities in a popular database system to deliver miners (detected by Trend Micro as HKTL_COINMINE.GE, HKTL_COINMINE.GP, and HKTL_COINMINE.GQ) for the Monero cryptocurrency.

Coinherder Campaign Nets $50 Million from Bitcoin Phishing (Infosecurity Magazine) The campaign was unique because adversaries leveraged Google AdWords to poison user search results in order to steal users’ wallets.

Vulnerabilities found in Broadcom Wi-Fi adapter of Lenovo laptop chipsets (Quick Heal Technologies Security Blog) Lenovo recently released an advisory, warning customers about two critical Broadcom vulnerabilities which impact 25 models of its popular ThinkPad lineup. The Broadcom Wi-Fi chipsets used by Lenovo ThinkPad devices are affected by the CVE-2017-11120 & CVE-2017-11121 vulnerabilities. Both these issues are rated as “critical” and received a CVSS 10 score...

DoubleDoor Botnet Chains Exploits to Bypass Firewalls (BleepingComputer) Crooks are building a botnet that for the first time is bundling two exploits together in an attempt to bypass enterprise firewalls and infect devices.

IoT botnet bypasses firewalls to get to ZyXEL modems (Help Net Security) NewSky Security's honeypots have detected a new IoT botnet in the making. The botnet was named DoubleDoor, as it leverages two distinct backdoors to get to the target: ZyXEL PK5001Z modems.

A potent botnet is exploiting a critical router bug that may never be fixed (Ars Technica) With Internet stability hanging in the balance, router maker maintains radio silence.

This new text bomb crashes most Mac and iOS apps with a single unicode symbol (TechCrunch) TechCrunch has learned of a potentially serious new bug affecting a wide range of Apple devices. During their development work on an international news feed,..

Cryptocurrency startup LoopX exit scams with $4.5M in ICO (Naked Security) It was one flaky pastry: “great profits continuously every month,” zero details on its “Loop Algorithm,” and nary a single detail on its team.

Scammers Abuse Google Ads to Steal Millions in Bitcoin (PCMAG) The cybercriminals used Google Ads to promote fake Blockchain.info pages that were designed to steal victims' login credentials.

How cybercriminals exploited Telegram flaw to deliver malware (Help Net Security) A "vulnerability" in Telegram's desktop instant messaging client for Windows was exploited for months by Russian cybercriminals to deliver malware to users.

Cryptomining malware continues to drain enterprise CPU power (Help Net Security) Cryptomining malware continues to impact organizations globally as 23% were affected by the Coinhive variant during January 2018, according to Check Point’s Global Threat Impact Index January 2018.

Who has the most to gain from cryptocurrency? Criminals (CNET) Cryptocurrency has earned a reputation for fast returns on investment, but it’s a vehicle for exploitation too.

Twitter deleted Russian troll tweets. So we published more than 200,000 of them. (NBC News) Twitter doesn't make it easy to track Russian propaganda efforts — this database can help

Email Fraud Attacks Continue to Grow, Proofpoint Reports (eWEEK) Proofpoint analyzed 160 billion emails and found a growing trend of fraud, as attackers spoof email identities.

X-rated scam that could cost you thousands if you've ever watched p[0]rn (Daily Record) This scammer claims he knows what you did when your partner was out…and even has a film of it

Facebook's free VPN acts like spyware to iOS users in the U.S. (CSO Online) Facebook's new VPN service for iOS users in the U.S. claims to provide security protections, but it also tracks users -- collecting mobile data traffic.

Security Patches, Mitigations, and Software Updates

Dell EMC Patches Critical Flaws in VMAX Enterprise Storage Systems (Threatpost) Attacks include a hard-coded password vulnerability that could give attackers unauthorized access to systems.

Dell EMC Isilon OneFS Multiple Vulnerabilities (Core Security) 1. Advisory InformationTitle: Dell EMC Isilon OneFS Multiple VulnerabilitiesAdvisory ID: CORE-2017-0009Advisory URL: http://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitiesDate published: 2018-02-14Date of last update: 2018-02-14Vendors contacted: Dell EMCRelease mode: Coordinated release

How Chrome’s built-in ad blocker will work when it goes live tomorrow (TechCrunch) Chrome's built-in ad blocker will go live tomorrow. It's the first time Google will automatically block some ads in Chrome, but while quite a few online..

Microsoft boosts Windows Analytics to help squash Meltdown and Spectre bugs (Help Net Security) Windows Analytics' latest update is primarily geared towards making administrators' job easier when it comes to mitigating and removing the risk of Meltdown and Spectre attacks.

Bitmessage Zero-Day Used in Attacks That Steal Bitcoin Wallet Files (BleepingComputer) The maintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.

Cyber Trends

With 100 days to go, 72% of organizations worldwide are GDPR ready (EfficientIP) EfficientIP X-Day study discovers average global spend on GDPR compliance tops $1.5 million, bringing increased trust and loyalty from customers

A five-year analysis of reported Windows vulnerabilities (Help Net Security) Avecto conducted an analysis of reported Windows vulnerabilities spanning five years. Last year, 685 vulnerabilities were found versus 325 vulnerabilities that were found in 2013.

Financial Services Sector Breaches Triple in Five Years (Infosecurity Magazine) Financial Services Sector Breaches Triple in Five Years. Accenture report claims cybercrime costs are higher than any other sector

Financial services firms most adept at making balanced security investments (Help Net Security) Financial services firms continue to make prudent and sophisticated security technology investments that contribute to reducing the cost of breaches significantly.

CISOs fear 'perfect storm' of cybercrime (IT Pro Portal) Combination of the lack of staff and a hard-hitting cyberattack could prove deadly.

Marketplace

10 Ways to Lose That Security Sale (SecurityWeek) Josh Goldfarb shares some observations made throughout the years around behaviors that aggravate the “culture clash” between salespeople and security practitioners.

European bankers scoff at bitcoin for its risk, huge energy inefficiency (Ars Technica) Top officials from Bundesbank, ECB push for the necessity of fiat currency.

Why multimillionaire Pavel Durov wants to mint his own cryptocurrency (Evening Standard) The Russian-born entrepreneur Pavel Durov was once caught on camera throwing paper aeroplanes out of his St Petersburg office window, carefully folded from 5,000-rouble notes. If helping one of his lieutenants give away his bonus was the outspoken libertarian’s way of showing contempt for money, he appears to have changed his tune.

Intel expands bug bounty program to include Spectre-like side-channel attacks, dangles $250K (GeekWire) Intel is promising up to $250,000 to security researchers who uncover new side-channel vulnerabilities in its processors, in the wake of the Meltdown and Spectre exploits that took advantage of such…

'Out-of-the-box move' by General Dynamics shows how big defense companies are shifting business strategies (Washington Business Journal) General Dynamics is well-suited to pursue critical mass in federal IT even as its peers got out of that business, because “more than any of its peers in the sector, General Dynamics has made out-of-the-box moves," an analyst says.

The Awake Threat Hunter Olympics 2018 (Awake Security) Awake has put together the threat hunting olympics for security analysts. Much like the athletes at Pyeongchang, winning this challenge will require solving six security challenges/puzzles. These challenges are built on real-world attack scenarios that we see in customer environments today.

Stealth Security® Raises $8M From Shasta Ventures to Help Enterprises Fight Malicious Bots (BusinessWire) Stealth Security® Raises $8M from Shasta Ventures to Help Enterprises Fight Malicious Bots.

inBay Technologies’ Financing Round Oversubscribed by $1 Million (inBay) Cybersecurity firm exceeds funding target through a key investment by Global Alliance Inc. – early investors in PayPal and Fortinet

inBay Technologies Connects to Silicon Valley Through Its Board of Directors (InBay) Cybersecurity firm adds two new directors to its board

Canadian managed detection services firm goes south for new CEO (IT World Canada) Last year Kerry Bailey was part of a U.S. private equity firm considering taking a big ownership in one of Canada’s biggest

Kenna Security Strengthens Cyber Risk Research Expertise (PR Newswire) Kenna Security, a leader in predictive cyber risk, announced today that...

Paul Parker Named Chief Technologist for SolarWinds’ Federal & Natl Govt Business (GovCon Wire) Paul Parker, a 22-year information technology industry veteran, has joined SolarWinds as chief techn

Bill Solms Named Qualys Federal VP, GM (GovCon Wire) Bill Solms, formerly president and CEO of WildRock Security Group, has joined Qualys (Nasdaq: QLYS)

Former DiData CEO hooks up with Ubusha Technologies (BusinessLive) Brett Dawson joins the Johannesburg-based IT security firm with a plan to expand its global footprint

Security Vendor eSentire Lands Ex-HPE Channel Chief Kerry Bailey As CEO In Push To $1B Sales Mark (CRN) Just 28 percent of eSentire's sales went through partners in the second half of 2017, but new CEO Kerry Bailey wants to boost that to between 50 percent and 55 percent within the next 18 months.

FireEye Promotes Craig Mueller to Vice President of Federal Sales (Homeland Security Today) Mueller will be responsible for defining, growing and executing the sales strategy for FireEye’s U.S. federal government sector, which includes federal civilian, defense, and intelligence agencies.

Products, Services, and Solutions

Webroot Offers SecureAnywhere® DNS Protection for Guest WiFi (Markets Insider) Webroot, the Smarter Cybersecurity® company expanded its SecureAnywhere® DNS Protection solution to include...

NTT Security and ThreatQuotient Partner (ThreatQuotient) ThreatQuotient's threat intelligence platform, ThreatQ, will serve as the cornerstone of NTT Security's new threat intelligence services offering.

ScramFS officially launches, exactly 100 days before GDPR becomes enforceable | ScramFS (ScramFS) Scram Software launches Scram FS Encryption System to safeguard cloud data and help SME customers reduce risk and ensure stringent HIPPA and GDPR requirements

Fitbit’s bug bounty program | Powered by Bugcrowd (Bugcrowd Inc.) Bugcrowd's bug bounty and vulnerability disclosure platform connects the global security researcher community with Fitbit to help keep their customers secure.

Radware neutralises evasive zero-day malware threats with cloud malware protection service (Totaltelecom) Radware, a leading provider of cyber security and application delivery solutions and services, today launched its Cloud Malware Protection Service, built to detect, alert and block upon evasive zero-day malware that elude existing anti-malware defences and steal data.

Why Microsoft spends over $1 billion on cybersecurity each year (TechRepublic) Azure Government CISO Matthew Rathbun explains how Azure uses artificial intelligence to defend business infrastructure.

CyberSponse Announces Full Integration with RSA Archer (PRWeb) CyberSponse, the leader in case management, security orchestration and automation, continues to expand its inter-tehnology collaboration and is proud to a

QuintessenceLabs harnesses diode 'flaw' for new quantum number generator (ZDNet) Hijacking a flaw in diodes to harness quantum physics, Australia's QuintessenceLabs has built a full-entropy quantum random number generator with a 1Gbps output.

Technologies, Techniques, and Standards

The GDPR Clock Is Running Out. Now What? (Dark Reading) Many organizations impacted by new European Union data privacy rules that go into effect May 25 are still blind to some of the basics.

7 threat modeling mistakes you’re probably making (CSO Online) The relative lack of maturity around threat modeling can cause big problems for organizations seeking to adopt the practice to bolster their network and services security.

Why blockchain holds ‘great promise’ for securing connected devices and systems (Cloud Tech News) Blockchain technologies hold ‘great promise’ for securing connected devices and systems, according to a new paper from the Cloud Security Alliance (CSA).

IBM sees blockchain as ready for government use (Computerworld) In testimony before a congressional committee, IBM's Jerry Cuomo warned against over-regulation because of cryptocurrency volatility, said the government should embrace the distributed ledger technology and encouraged its use in the enterprise.

Four best practices outlined to prevent health care cyberattacks (Medical Express) Four best practices outlined that can help prevent health care cyberattacks, which increased from 2016 to 2017, according to a report published in Managed Healthcare Executive.

Rise of the data protection officer, the hottest tech ticket in town (Reuters) They may not have the cachet of entrepreneurs, or geek chic of developers, but data protection officers are suddenly the hottest properties in technology.

Research and Development

MIT unveils energy-efficient encryption for Internet of Things (My Broadband) A special-purpose chip reduces power consumption of public-key encryption by 99.75%.

Radioactive Material From Chernobyl Will Help Secure the Next Version of Zcash (Motherboard) How to use toxic waste to generate “toxic waste.”

Academia

A former TSA and NSA executive reveals how to break into the cybersecurity field (TechRepublic) Emma Garrison-Alexander has had a long career in cybersecurity, engineering, counterterrorism, and academia. She recommends how to have a cyber career, and encourages women to pursue that field.

Legislation, Policy and Regulation

Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday (Dark Reading) Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services' new cybersecurity regulation, 23 NYCRR 500.

Singapore passes new Cybersecurity Bill: Here's what you need to know before it comes into force (Data Protection Report) The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon.… Continue reading

Ex-Mossad head: Israeli cybersecurity isn’t enough (Jerusalem Post) Sovereign governments face many challenges in erecting cyberdefenses, notably the many months or years it takes to develop and install defensive software.

DHS to Scrutinize Government Supply Chain for Cyber Risks (Nextgov.com) The department wants to integrate cyber vetting into existing supply chain checks.

Wyden grills FBI chief on encryption (FCW) Following an exchange with the FBI director over encryption standards, Sen. Ron Wyden (D-Ore.) released a letter from four experts arguing that 'responsible encryption' is not possible.

Crypto-Experts Slam FBI’s Backdoor Encryption Access Demands (Infosecurity Magazine) Crypto-Experts Slam FBI’s Backdoor Encryption Access Demands. Schneier et al want Feds to show exactly how they’d propose doing it

U.S. Democrats push $1 billion bill for election security (Reuters) Congressional Democrats introduced legislation on Wednesday that would provide more than $1 billion to boost cyber security of U.S. voting systems, and Vice President Mike Pence defended the administration's efforts to protect polls from hackers.

DoD’s secret weapon against election meddling: its reputation (Fifth Domain) According to experts, convincing the public to be on the lookout for Russian cyber operations will require leveraging the people's trust in the military.

Georgia Says No Thanks To In-Depth Election Security Help From Feds (90.1 FM WABE) Despite increasing scrutiny of Georgia’s voting technology ahead of the 2018 midterms, the state will not join more than a dozen others asking the U.S. Dep

Secretary of Energy Rick Perry Forms New Office of Cybersecurity, Energy Security, and Emergency Response (Energy.gov) Secretary of Energy Rick Perry Forms New Office of Cybersecurity, Energy Security, and Emergency Response

Litigation, Investigation, and Enforcement

BuzzFeed Is Suing the D.N.C. Over Issues Involving the Russia Dossier (The Hive) BuzzFeed believes that evidence of the alleged D.N.C. break-in by Russian hackers might help the online publisher in a libel suit. But the D.N.C. says releasing information might make it vulnerable to more hacking.

Trump Russia, Clinton Email Scandals Are Claiming A Lot of Bodies — At FBI And Justice (Investor's Business Daily) What accounts for the growing pile of top officials involved in those investigations who've been reassigned, demoted, or have suddenly quit?

Ex-F1 boss begins legal bid to limit free speech (Times) The former head of Formula One is seeking to gag the media using a law never intended to limit press freedom. Max Mosley, 77, is attempting to use data protection law to force newspapers including...

“Troll” loses Cloudflare lawsuit, has weaponized patent invalidated (Ars Technica) Cloudflare says it will be "ready to respond" if Blackbird appeals.

Growing Number of State Attorneys General Alarmed over Cyber Risks from Illegal Websites (Markets Insider) Attorneys General representing California, Texas, Virginia and 25 other states have warned consumers ab...

State launches lab to fight growing problem of cyber crime (AL.com) Joining Alabama Attorney General Steve Marshall at a Montgomery press conference was Louis Franklin, U.S. Attorney for the Middle District of Alabama, as well as representatives from the FBI, the U.S. Department of Homeland Security Investigations, the Alabama Fusion Center and the Alabama Office of Prosecution Services.

Newly Declassified Documents (IC on the Record) The ODNI, consistent with prior practice, recently added newly released documents pursuant to FISA litigation to the prior posts pertaining to that litigation.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

upcoming Events

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

CyberThreat 18 (Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics by security experts and prominent industry figures, interspersed with team-building events and hands-on challenges designed to put both your defensive and offensive skills to the test.

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team and Andy Williams, ensuring Midlands based companies that are seeking a market entry strategy into the USA can access the best advice and guidance possible.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from The FBI, U.S. Secret Service, IBM, and more. Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

PrivacyCon 2018 (Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC sought general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies’ failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Laurel, Maryland, USA, March 2, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.