The CyberWire Daily Briefing 2.22.18

Summary

By The CyberWire Staff

Russian diplomats denounce British attribution of NotPetya to Russian security services. They also denounce American contentions that Russia is a safe haven for cyber criminals in large part because of a cozy relationship between those security services and organized cyber gangs. The common theme comes down to a complaint that there's no evidence: no Western intelligence service, Russia says, has offered any proof that Russia is a "bad actor in cyberspace."

More reports emerge on the increasingly capable and aggressive cybercriminal actors working for the North Korean regime.

Colorado's Department of Transportation is struggling with a large SamSam ransomware infestation. SamSam is financially motivated, but other ransomware strains aren't. Annabelle ransomware, for one, seems motivated by the lulz, and the desire to show off. MalwareHunterTeam is tracking it. The good news (reported by Bleeping Computer) is that Annabelle can be removed with an updated StupidDecryptor (bravo, Mr. Gillespie).

Recorded Future investigated a spike in the use of certificates to enable malware infections. Their researchers found that, contrary to general opinion, the certificates so used weren't in general stolen. Instead, they're counterfeited and registered using stolen corporate identities.

A paper in the Journal of the American College of Cardiology describes increased hacker interest in implantable medical devices. The probability of attacks against devices like pacemakers may be rising.

Israeli Prime Minister Netanyahu credits his country's Unit 8200 with detecting an ISIS plot last year to destroy an airliner, and with tipping off Australian security authorities in time to stop the bombers.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting European Union, Ireland, Democratic Peoples Republic of Korea, Russia, United Kingdom, and United States.

Intelligent response to doing more with less.

Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. How do you fend off these attacks when you don’t have the budget or resources for everything you need to protect your organization: data feeds, tools, analysis and mitigation? Learn more in our webinar on Wednesday, March 21 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast we speak with our partners at the University of Bristol, as Professor Awais Rashid discusses what students should be learning about cyber security. Our guest, Martijn Grooten from Virus Bulletin, talks about security product testing and describes the changes they’ve seen over time in the products they test.

Sponsored Events

Cyber Security Summits: February 28 in Atlanta & Denver on March 22 (Atlanta, Georgia, USA, February 28, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Compete to win prize money plus the chance to be DataTribe’s next big investment (Online, March 23 - April 25, 2018) The DataTribe Inaugural Cyber Funding Competition: We put real firepower behind every idea. If you're part of a entrepreneurial technology team with a vision to disrupt cybersecurity and data sciences — we want to enhance your growth prospect with the opportunity for a DataTribe-financed seed capital of $2,000,000. Plus possible millions more in a Series A Venture Capital Round. The top three finalists will share $20,000 in prize money.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russia slams Britain's "groundless" cyber attack accusations (Xinhua) London's allegations of Moscow being behind the cyber attack against Ukraine in June 2017 are far-fetched and "information warfare" against Russia, said Russia's Foreign Ministry on Wednesday.

Russian Embassy spokesperson confronts FBI, DHS officials in public event (Cyberscoop) A Russian Embassy spokesperson challenged two senior U.S. officials Wednesday during a public event in Washington, D.C., claiming the Trump administration refuses to collaborate with Russia to fight cybercrime.

Report: Cybercrime causes over $600 billion in damage annually (Cyberscoop) Cybercrime and espionage have caused more than $600 billion worth of damage annually in recent years, according to new estimates from the Washington, D.C., think tank Center for Strategic and International Studies (CSIS) and American cybersecurity firm McAfee.

North Korean Reaper APT uses zero-day vulnerabilities to spy on governments (ZDNet) The often-overlooked hacking group appears to be backed by the North Korean government.

A New North Korean Hacker Group Is Making a Name for Itself (BleepingComputer) A lesser-known North Korean cyber-espionage outfit has become more active on the international scene in 2017, after spending the previous five years targeting only South Korean government agencies and North Korean defectors.

North Korea's growing criminal cyberthreat (Fifth Domain) North Korea’s cybercrime efforts — all seemingly state-sponsored — steal money that is then used to fund its cash-strapped government.

The global cyber war is heating up: Why businesses should be worried (CSO Online) From NotPetya's global disruption to North Korea's digital plundering of financial institutions, state-sponsored cyber attacks should be top of mind for business leaders. Here's how to defend against them.

The Rise of ICS Malware: How Industrial Security Threats Are Becoming More Surgical (SecurityWeek) ICS environments were generally not targeted by targeted malware, but this is no longer case and represents a major challenge for facilities operators.

Anatomy of an Attack on the Industrial IoT (Dark Reading) How cyber vulnerabilities on sensors can lead to production outage and financial loss.

Life-saving Pacemakers, Defibrillators Can Be Hacked and Turned Off (HackRead) Pacemakers and implantable cardioverter defibrillators (ICDs) are lifesaving devices but malicious actors can exploit vulnerabilities and result of it can be life-threatening.

How AI-Driven Systems Can Be Hacked (Forbes) Nowadays, AI seems to be taking over everything, and there is a variety of examples of that.

43% of all online login attempts are made by hackers trying to break into your account (TechRepublic) Content delivery network Akamai says nearly half of all online login attempts are performed by cybercriminals trying to break into accounts containing sensitive user data.

BitSight Survey: Botnet Attacks Prevalent Among Govt Contractors (ExecutiveBiz) A new survey by cybersecurity company BitSight says botnets have become widespread among government contractors specifically for manufacturing and health care firms, e-End reported Friday. BitSight polled at least 1,200 federal government contractors and found that health care firms have recorded a data breach incidence rate of 8.2 percent since January 2016, followed by aerospace...

The risks of DDoS and why availability is everything (Security Brief) We’ve all experienced the feeling of frustration, or even desperation, when the online services we expect are not available when we need them.

One-stop counterfeit certificate shops for all your malware-signing needs (Ars Technica) Certificates registered in names of real corporations are surprisingly easy to come by.

The Use of Counterfeit Code Signing Certificates Is on the Rise (Recorded Future) Researchers are seeing an increase in code signing certificates being used for malicious payload distribution campaigns. Recorded Future investigated the criminal underground to find answers.

uTorrent Client Affected by Some Pretty Severe Security Flaws (BleepingComputer) A Google security researcher has found multiple security flaws affecting the uTorrent web and desktop client that allow an attacker to infect a victim with malware or collect data on the users' past downloads.

2,000 Systems Down Due To SamSam Ransomware Infection At Colorado Department of Transportation (KnowBe4 Blog) 2,000 Systems Down Due To SamSam Ransomware Infection At Colorado Department of Transportation

Bad Actors Increase Focus on Cloud Services, Encryption (Infosecurity Magazine) There was a threefold increase in encrypted communication used by malware in last 12 months.

The Annabelle Ransomware Is a Horrific Mess (BleepingComputer) While most ransomware is created to actually generate revenue, some developers create them to show off their "skills". Such is the case with a new ransomware based off of the horror movie franchise Annabelle.

Hackers Use Fake Facebook Profiles of Attractive Women to Spread Viruses, Steal Passwords (Newsweek) Newly-uncovered hacking campaign could transform a smartphone into the ultimate surveillance tool.

Hackers Use 'Honey Pot' Tactics on Facebook to Take Your Phone (Outer Places) The early 2000s had fraudulent emails from Nigerian princes. The 2010s have seductive Facebook messages from hackers using fake profile pictures. It's...

BEC scammers actively targeting Fortune 500 companies (Help Net Security) Nigerian scammers are targeting Fortune 500 companies, and have already stolen millions of dollars from some of them, IBM Security researchers have found.

Hackers Steal Millions by Ditching Malware to Sidestep Security (Gizmodo) Employing sophisticated scams involving social engineering, email phishing, and the harvesting of employee passwords, attackers have pilfered millions of dollars from some of the world largest corporations—all while bypassing traditional hacking safeguards by simply avoiding the use malware.

Incident Detection, Email Attacks Continue to Cause Headaches for Companies (Financial IT) Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a new report published today by global cyber security company F-Secure.

Is your child a victim of identity theft? (Naked Security) Finding out someone has already established your child’s credit for them is a nightmare to try and clean up after years of damage already done.

Does Fake News Affect Threat Intelligence? (Infosecurity Magazine) Is fake news more about dirty tricks, or a new form of subversion?

GDPR-based extortion is a dangerous myth (Computing) Eerke Boiten, Professor of Cyber Security at De Montfort University, argues that extortion via GDPR fines is not a realistic addition to the criminal repetoire

Harper’s Magazine Warns Subscribers That Passwords May Have Been Stolen (Motherboard) No one is immune to the ever-rolling wave of account data breaches.

Allentown Struggles with $1 Million Cyber-Attack (Infosecurity Magazine) The city’s critical systems have been hit by the malware known as Emotet, impacting both financial and public safety operations.

Security Patches, Mitigations, and Software Updates

To prevent data breaches, AWS offers S3 bucket permissions check to all users (Help Net Security) Previously available only to Business and Enterprise support customers, the S3 bucket permissions check identifies S3 buckets that are publicly accessible due to ACLs or policies that allow read/write access for any user.

Intel releases more Meltdown/Spectre fixes, Microsoft feints SP3 patch (Computerworld) Intel says it has most -- but not all -- of the buggy Meltdown/Spectre firmware patches in order. While Microsoft announces but doesn’t ship a firmware fix for the Surface Pro 3.

Trend Micro patches email gateway, but leaves two flaws unpatched (iTWire) Trend Micro has patched 10 vulnerabilities in its Email Encryption Gateway product that could be used for remote exploits, but left two others unpatch...

Cyber Trends

Cybercriminals stole $2.3 billion from Aussies in 2017 (Starts at 60) It’s worth reviewing your own security practices.

Higher Ed Users Are Less Susceptible to Phishing Scams (Technology Solutions That Drive Education) Survey finds that education end users aren’t clicking on suspicious email messages as much as users in many other industries.

Good conquers evil in the battle against social media trolls (Times) Good can triumph over hate on social media when trolls are challenged, research suggests. Academics investigating antisemitism on Twitter found that most offending posts were ignored or shared...

Marketplace

How cloud access security brokers have evolved (SearchCloudSecurity) Cloud access security brokers made a big splash when they first entered the industry, but where are they now? Here's a look at where they stand.

Here's how the Marines’ cyber warriors are buying new equipment (Fifth Domain) Marine Corps Forces Cyberspace Command uses a variety of partners and authorities within the Marine Corps to procure systems for their cyber warriors.

Cybersecurity Skills Gap Soars as Brexit Bites (Infosecurity Magazine) Cybersecurity Skills Gap Soars as Brexit Bites. Capgemini claims 25 percentage point gap between supply and demand

In the gig economy, a cybersecurity divide (The Parallax) Dek: The gig economy’s investment in cybersecurity education and protection is hard to quantify, but it’s easy to see that it’s important, researchers explain at the Enigma Conference.

Cyber Technology Dives Into Shark Tank (SIGNAL) It’s down to five companies as a competitive series aims to make a big splash in innovation development.

Unicorn or donkey? How accelerators and venture builders identify the best tech startups (Computing) Most startups fail. We examine the secrets of the ones that survive and thrive

Feature Labs launches out of MIT to accelerate the development of machine learning algorithms (TechCrunch) Feature Labs, a startup with roots in research begun at MIT, officially launched today with a set of tools to help data scientists build machine learning..

Exclusive: Ex-Synack Engineers Raise $3 Million for Security Startup (Fortune) The founders graduated from startup accelerator YCombinator last summer.

WhatsApp Co-Founder Puts $50M Into Signal To Supercharge Encrypted Messaging (WIRED) WhatsApp co-founder Brian Acton has taken on the leadership of the non-profit behind that popular encryption app—and given it a serious injection of cash.

Robinhood rolls out zero-fee crypto trading as it hits 4M users (TechCrunch) Coinbase has some serious competition. Today, Robinhood starts rolling out its no-commission cryptocurrency trading feature in California, Massachusetts,..

Government Ramps Up ICO Fees for Large Organizations (Infosecurity Magazine) Government Ramps Up ICO Fees for Large Organizations.Potential £2000+ rise in annual costs as GDPR lands

The ICO immaturity problem (TechCrunch) I’ve been following “startups” - I define startups as small businesses with a global scale - for almost two decades. In that time I’ve watched them..

Multiven Announces its Initial Coin Offering (“ICO“) to Build the World’s First Blockchain-Based Marketplace for IT, Telecoms and Network Products and Services (WebWire) Multiven Token launch will disrupt and decentralise the over $3 Trillion global marketplace for IT products and fund the cyber-defense of Bitcoin, Ethereum and other public cryptocurrency network nodes

Imperva Announces Transition of Its Chairman of the Board (BusinessWire) Imperva, Inc. (NASDAQ:IMPV), a cybersecurity leader that delivers best-in-class solutions to protect data and applications on-premises, in the cloud,

Products, Services, and Solutions

Wombat Security Announces Industry-First Configurable Password Policy Module (PR Newswire) Wombat Security Technologies (Wombat), the leading provider of security...

Data Center Intrusion Prevention System (DCIPS) (NSS Labs, Inc) NSS Labs arms enterprises with fact-based and objective information to get secure and stay secure. Click to learn more.

QuintessenceLabs Launches Technology Alliance Partner Program to Meet Increased Demand for Integrated Data Security (GlobeNewswire News Room) Extended program follows successful collaborations with NetDocuments, PKWARE and VMware, and supports data protection integration with emerging and strategic technology partners

Centripetal Announces Network Filter Technology Breakthrough (PR Newswire) Centripetal Networks, the leading provider of real-time network defense...

Don't Trust Google Play Protect to Shield Your Android (Tom's Guide) Google Play Protect bears the dubious honor of being the only Android program evaluated by AV-Test that doesn’t routinely protect its users.

Chiron To Provide Free Cybersecurity Skills Assessments (PRWeb) Chiron Technology Services, Inc., a leading provider of cybersecurity services and training solutions to government and commercial clients, announced today

New Cyber Defense Solutions Protect SAIC Customers from Distributed Denial of Service Attacks (BusinessWire) Large-scale, persistent Distributed Denial of Service (DDoS) attacks directed at cyber infrastructure are becoming a major threat to our federal gover

DomainTools Launches Innovative Predictive Domain Risk Scoring Model (Markets Insider) DomainTools®, the leader in domain name and DNS-based cyber threat intelligence, today announced its Domain Risk Scor...

Technologies, Techniques, and Standards

C-Suite Divided Over Security Concerns (Dark Reading) Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.

Know How to Avoid Cyber attacks by Minimizing Human Error (Security Boulevard) According to Cybersecurity Ventures, damages brought about by cybercrime will cost the world $6 trillion annually by 2021. A common finding in studies conducted by different parties reveals that majority of cyberattacks on businesses can be traced back to human error. In fact, according to London-based consultancy, Wills Towers Watson, 66% of 2016 cyber breaches The post Know How to Avoid Cyber attacks by Minimizing Human Error appeared first on Netswitch Technology Management.

When Two-Factor Authentication Fails: Rethinking The Approach To Identity Security (Forbes) In 2017, we saw a new influx of spectacular and devastating breaches. Somewhat lost in the chaos was a surprising trend amongst them -- a sharp escalation in attackers utilizing stolen, valid credentials as their primary means of gaining a foothold in the organization. This is by no means a new trend.

Cyber Aware – are passwords past it? (Hint: no.) [VIDEO] (Naked Security) Getting your online password situation right is easier than you think – so here’s how to do it!

Control Flow Integrity: a Javascript Evasion Technique (Security Boulevard) Understanding the real code behind a Malware is a great opportunity for Malware analysts, it would increase the chances to understand what the sample really does. Unfortunately it is not always possible figuring out the "real code", sometimes the Malware analyst needs to use tools like disassemblers or debuggers in order to guess the real Malware actions.

Red Sparrow: State of Manipulation (In Partnership with 20th Century Fox from VICE Media) (Vice) VICELAND's Karley Sciortino and former FBI agent Joe Navarro talk about the future of espionage and counterintelligence training.

Research and Development

Good versus evil: Who will win the AI arms race? (CRN) Crowdstrike and other providers hit back at new report warning that the rise of AI could boost cybercrime, arguing it should be seen as a force for good.

Legislation, Policy and Regulation

U.S. SEC calls for 'clearer' cyber risk disclosure from companies (Reuters) The U.S. Securities and Exchange Commission on Wednesday updated guidance to public companies on how and when they should disclose cyber security risks and breaches, including potential weaknesses that have not yet been targeted by hackers.

What the budget request explains about Cyber Command’s goals (Fifth Domain) Here are four programs and capabilities Cyber Command is looking to purchase in fiscal 2019.

The FCC’s order gutting net neutrality is now official — but the fight is just getting started (TechCrunch) The FCC's "Restoring Internet Freedom" order, which vastly curtails the agency's 2015 net neutrality rules, has officially taken effect in the Federal..

Why states might win the net neutrality war against the FCC (Ars Technica) FCC might have doomed its preemption case by renouncing authority over broadband.

Litigation, Investigation, and Enforcement

Robert Mueller Is Treating Russia Like a Gang, and It's Working (Vice) This is like an anti-mafia RICO case—except applied to a whole country.

Israel foiled Australia 'plane terror plot' (BBC News) PM Benjamin Netanyahu says his nation halted an "unimaginable slaughter" last year.

IDF cyber warriors thwart major ISIS aviation terror attack (The Jerusalem Post) Spread across the country, the online soldiers of Unit 8200 are on the front line of Israel’s cyber wars 24/7, 365 days a year to identify possible threats and effectively neutralize them.

The Microsoft Design Decisions That Caused this Mess (Just Security) Microsoft's design decisions contributed to the problem in Microsoft Ireland, as did its revolution against borders and local laws.

Justices Embrace Narrow View of Dodd-Frank Whistleblower Protections (New York Law Journal) The U.S. Supreme Court on Wednesday narrowed the scope of whistleblower protection under the Dodd-Frank Act ruling unanimously that employees must first report alleged securities violations to the U.S. Securities and Exchange Commission.

Bitcoin Platform Operator Allegedly Lied to SEC Over Hack (New York Law Journal) Jon Montroll's now-defunct BitFunder allegedly misappropriated cryptocurrency deposits even before hackers stole over 6000 of the digital currency.

Online security is a disaster and the people who investigate it are being sued into silence (Boing Boing) Online security is a disaster and the people who investigate it are being sued into silence

LA Times homicide website throttles cryptojacking attack (The State of Security) Whoever hacked the LA Times probably hoped to make a killing mining cryptocurrency - but action from a security researcher has put paid to their plans.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) The cyber risk landscape is rapidly evolving. Are insurers rising to meet the need with products and services that are equal to the task? Are current client needs getting the attention required? The International Cyber Risk Management Conference (ICRMC) is a unique gathering of global risk experts, focused on learning, debate, and collaborative approaches to cyber security.

upcoming Events

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very best InfoSec thought leadership in one, focused event. Keynote speakers Kevin Mitnick, the first computer hacker to make the FBI’s Most Wanted list, and Frank Abagnale, a hacker turned security consultant whose life was the inspiration for the film Catch Me If You Can, will share secrets from their hacking days.

CyberThreat 18 (Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics by security experts and prominent industry figures, interspersed with team-building events and hands-on challenges designed to put both your defensive and offensive skills to the test.

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team and Andy Williams, ensuring Midlands based companies that are seeking a market entry strategy into the USA can access the best advice and guidance possible.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from The FBI, U.S. Secret Service, IBM, and more. Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

PrivacyCon 2018 (Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC sought general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies’ failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Laurel, Maryland, USA, March 2, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Russia says it's being framed by the Five Eyes. Ransomware updates. Counterfeit certificates. Medical device hacking.