The CyberWire Daily Briefing 2.26.18

Summary

By The CyberWire Staff

Unnamed sources in the US Intelligence Community are telling the Washington Post that Russia's GRU was responsible for the hack that marred the Pyeongchang Winter Olympics' opening ceremonies. The US sources also assert that it was a false-flag operation intended to look like a North Korean hack.

If so, two things are noteworthy. First, the imposture was pretty thin, because suspicion fell almost immediately on Russia. Second, the GRU, Russia's military intelligence service, is the lair of Fancy Bear. Fancy Bear, in apparent retaliation for anti-doping sanctions against the Russian team, had begun doxing the International Olympic Committee and individual non-Russian athletes late last year.

Sentiment in favor of some form of international modus vivendi in cyberspace grows, especially in the tech industry.

Researchers at Qihoo 360 Netlab say an unnamed ad network installs cryptojackers via advertising it serves on its customer sites. It's using a domain generation algorithm to evade ad blockers.

T-Mobile patches a bug that could have enabled customer account hijacking through the company's website. Whether the vulnerability was actually exploited is unknown.

PhishMe has been acquired by a consortium of private equity investors for a reported $400 million. The company will rebrand itself as "Cofense," the better, it says, to reflect the range of its offerings.

Australia's Defense Department joins its US counterpart in banning Huawei and ZTE phones as security risks. Huawei sees the bans as a move in a trade war prompted by industry fears of the Chinese companies' potential to dominate the market.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Democratic Peoples Republic of Korea, Republic of Korea, Philippines, Russia, United Kingdom, and United States.

Struggling with your DLP? It's time to rethink your data loss prevention strategy.

Traditional data loss prevention tools aren’t cutting it anymore. Why? They are high-maintenance and require endless fine-tuning. They often miss insider threats. They stymie communication between security and other departments. And they slow down endpoints, leading to crashes and failures that drive users crazy. Learn from ObserveIT why DLP tools aren’t getting the job done in 2018 and how you can stop data loss in its tracks. Read Now.

On the Podcast

In today's podcast, we hear from the Johns Hopkins University's Joe Carrigan, who gives us the word on securing AWS buckets. Our guest is Randall Murch from Virginia Tech who takes up the (still) recherché but increasingly important topic of cyber bio security.

Sponsored Events

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

US Spooks: Russia Hacked Pyeongchang 2018 (Infosecurity Magazine) US Spooks: Russia Hacked Pyeongchang 2018. Intelligence suggests Kremlin spies tried to frame North Korea

Report: Russian spies behind Winter Olympics cyber attack (USA TODAY) Russian spies tried to make Winter Olympics cyber attack appear to be initiated by North Korea, according to a report.

Russian spies hacked the Olympics and tried to make it look like North Korea did it, U.S. officials say (Chicago Tribune) Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence.

Russia hacked the Olympics and tried to make it look like North Korea did it (Vox) And the International Olympic Committee could reinstate Russia as soon as this week.

Winter Olympics cyber attacks - they thought it was all over (SC Media UK) The PyeongChang 2018 Olympic Winter Games closes this weekend, having been targeted by malicious cyber-attacks. But the threat is far from over.

North Korea resumes cyber attacks in desperate search for foreign currency (Nikkei Asian Review) The North Korean state-sponsored hacker group Lazarus appears to have resumed its efforts to steal desperately needed foreign currency for th

North Korean Trojan Activity - BANKSHOT, HARDRAIN and BADCALL (SystemTek) Three new trojans known as BANKSHOT, HARDRAIN and BADCALL have been identified as being created and operated by the advanced North Korean threat group known as HIDDEN COBRA. BANKSHOT consists of several proxy application tools intended to disguise command and control (C2) communications. Also included are two remote access trojan (RAT) tools designed to install …

Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners (Bleeping Computer) An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team.

PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor (BleepingComputer) Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos.

'Critical' T-Mobile Bug Allowed Hackers To Hijack Users' Accounts (Motherboard) A security researcher discovered a flaw in a T-Mobile website that let hackers log in as any customer.

Ethereum Scammers Posing as Tech Celebrities Are Running Rampant On Twitter (Motherboard) Not even Ethereum's founder, Vitalik Buterin, is immune.

FBI Warns Of Spike In W-2 Phishing Campaigns (Threatpost) A recent FBI public service advisory warned of an increase in reports of compromised or spoofed emails involving W-2 forms.

Which phishing messages have a near 100% click rate? (Help Net Security) Training employees to spot phishing messages, emails and phone calls can't be done just once or once a year if the organization wants to see click rates decrease.

Everyone is a Spear Phishing Target (Infosecurity Magazine) Given the vast quantities of personal information breached, expect targeted attacks to rise.

The Problem with Cryptojacking (WIRED) Jackers pick so many pockets at once that the cost per victim is actually minimal. What’s more, browser-based mining isn’t all bad. So what gives?

Cyber Attack Targets State Agencies (NBC Connecticut) Some of Connecticut's state agencies experienced a cyber attack late Friday afternoon, according to the Department of Administrative Services.

Hack Attack: Why Mecklenburg County and who was behind the cyber attack? (WJZY) During the Hack Attack series, we’ve told you what it cost the county and what it took to rebuild 48 servers that were infected in December and held hostage for $23,000 dollars in ransom. But the big question still remains: Why Mecklenburg County? In Part 3 of the Hack Attack, we investigate why our local government was targeted and who was behind the hack attack.

After cyberattack, Spartanburg libraries begin checking out books (GoUpstate) Spartanburg County Public Libraries' computer system remained down Wednesday after a ransomware attack earlier in the week, but staff members have begun

Davidson recovering from cyber attack (The Courier) After adjourning over last weekend, Davidson County Commissioners once again entered into closed session Monday for updates following an

Poster of cyberthreat that closed Central York schools is 'brilliant' or 'lucky,' chief says (PennLive.com) Investigators are finding the case unusually hard to crack.

North Somerset Council hit with cyber attack (Weston Mercury) North Somerset Council was hit by one cyber attack and one cyber security incident last year.

Security Patches, Mitigations, and Software Updates

NPM update changes critical Linux filesystem permissions, breaks everything (Naked Security) A recent update to the Node Package Manager introduced a bug that caused it to interfere with the operating system, by locking the system itself out of numerous mission-critical files

Samsung Galaxy Note 8 On Verizon gets February Security Patch (Geeky Gadgets) Verizon Wireless has released a software update for the Samsung Galaxy Note 8 smartphone. The update is a security update for the handset.

Cyber Trends

Global megatrends that are problematic for the state of cybersecurity (Help Net Security) The 2018 Global Megatrends in Cybersecurity survey shows that despite growing threats, IT professionals believe cybersecurity is still not considered a strategic priority among senior leadership.

A view of the global threat landscape: Cybercrime and intrusion trends (Help Net Security) The new 2018 CrowdStrike Global Threat Report analyzes comprehensive threat data and details key trends driving adversary targeting.

Cyber-Security Reports Reveal Growing Concerns About Data Breach Risks (eWEEK) NEWS ANALYSIS: Nine different cyber-security reports show a rising volume of cyber-threats, though not all organizations are preparing for the right types of risks.

Expert warns: Computer hackers becoming major threats to govts (BusinessMirror) A global cybersecurity expert recently warned that computer hackers are becoming major threats to governments, which could to lead instability in the long run.

Mobile Malware Infections Hit 16 Million in Q3 (Infosecurity Magazine) Mobile Malware Infections Hit 16 Million in Q3. McAfee warns of trouble ahead in 2018

93% of Cloud Applications Aren't Enterprise-Ready (Dark Reading) The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.

Peter Thiel Is a Flawed Messenger With a Crucial Message for Tech (WIRED) The billionaire investor says Silicon Valley is unprepared for a coming wave of regulation.

Against Hack Porn (Motherboard) Media outlets often cover fanciful hacking techniques, but they need to make it clear that these attacks will probably never apply to most readers.

Marketplace

Defence ditches Chinese-made phones as US spy chiefs sound security warning (THe Age) The Defence department is phasing out its use of Chinese-made Huawei and ZTE phones at the same time as United States spy chiefs issued blunt security warnings about the companies’ products.

A US China proxy war is being fought through mobile phones (Verdict) Huawei and ZTE have been under fire from US government officials before, but people are being advised not to buy the companies' phones.

Chinese Smartphone Brands Oppo, ZTE And Huawei Facing Torrid Future Over 5G Security Concerns (Channel News) Chinese smartphone brands Oppo, Huawei and ZTE are facing a torrid future with their smartphones being labelled as devices that in the future could be used for State sponsored spying by the Chinese government.

Huawei's rivals 'worry we are too strong' and may use politics to kick the tech giant out of the US, top exec says (CNBC) Huawei's competitors are worried about its strength and are using politics to kick the company out of the U.S. market, the head of the Chinese giant's consumer business said on Sunday, adding that mobile carriers want to work with it.

Congressman Urges National Security Review of Any Broadcom-Qualcomm Deal (TheStreet) Rep. Duncan Hunter, Republican of California, sent a letter to President Trump urging him to conduct a national security review of a Broadcom-Qualcomm deal if it is consummated.

Worldwide smartphone sales recorded first ever decline in Q4 2017 (CRN Australia) Due to slow upgrades and lack of quality "ultra-low cost" smartphones.

Private Equity Giants Buy Cybersecurity Firm for $400 Million (Fortune) BlackRock is one of the buyers.

Fast-growing cybersecurity startup sells to private equity consortium, rebrands (Washington Business Journal) Leesburg-based PhishMe, a cybersecurity company that started by helping companies and employees combat “phishing” scams, announced Monday it has been acquired by a private equity consortium in a deal it says values the business at $400 million.

Zscaler IPO: What To Look For (Seeking Alpha) Zscaler, a tech company aiming to offer cloud security solutions, has filed for an IPO worth $100 million. Cloud security is a growing field where Zscaler has b

Dropbox to go public in US$500 million IPO (CRN Australia) Cloud file sharing vendor has revenue of $1.11 billion

How Precedent Communications, the company behind the Red Cross data breach, went bust (CRN Australia) What happened to Precedent Communications after the Red Cross data breach went public.

Symantec Cuts Ties With NRA Amid Backlash Over School Shootings (Gizmodo) Symantec, one of America's largest security software companies, has ended its partnership with the National Rifle Association, Gizmodo has learned.

Accenture Hires Former Head of Operations for US Cyber Command (Washington Executive) Accenture Federal Services has hired retired Gen. George Franz, former director of operations for U.S. Cyber Command, to provide cybersecurity expertise for Accenture’s customers in the defense and security markets.

Products, Services, and Solutions

Apple iCloud security change in China raises privacy questions (CNET) The company is moving encryption keys for China-based users' data from the US to the Asian country. Bad for dissidents?

Archos debuts hardware cryptocurrency wallet ahead of Mobile World Congress (Neowin) Archos has announced that it will be releasing a €49.99 cryptocurrency wallet. The firm gave details about it and will be showing it off at the upcoming Mobile World Congress next week.

5 best encrypted messaging software to block prying eyes (Windows Report) Millions of people exchange messages every day throughout the world, but how many of them really know what truly happens to their messages once they send them? Will these be intercepted by third-parties? The unfortunate truth is that we do live in a world and age in which data logging and Internet surveillance are happening.

Use 1Password' 'pwned password' to verify if your password was leaked (HackRead) 1Password's "pwned password" will check your password on the list of leaked passwords in previous or unannounced data breaches.

Here's Why You Need to Add Another Layer of Security to Your Antivirus (Heimdal Security Blog) Ransomware attacks continue to be a real online threat to both users and companies. Here's why antivirus usually can't keep up with these threats and why you need extra layers of security to enhance online protection.

Technologies, Techniques, and Standards

Three steps MSPs must take to become GDPR compliance experts (Channel Pro) MSPs need to position themselves effectively to take advantage of the new regulations

How to protect Office 365 data from ransomware attacks (Help Net Security) In order to protect Office 365 data from ransomware attacks, organizations should incorporate the following risk mitigation best practices to help keep their organization secure.

Interpol Tests Global Cops with IoT Simulation (Infosecurity Magazine) Interpol Tests Global Cops with IoT Simulation. Some investigators still lack digital skills

Cracking AD Domain Passwords (Password Assessments) - Part 1 - Collecting Hashes (SANS Internet Storm Center) In my last 2 posts we discussed recovering passwords in a penetration test, first by using password spraying and then by using LLMNR (using the responder tool). In both cases we discussed that it’s pretty likely that you’ll recover domain admin credentials in these steps.

Six months on – Have we reached the other side of the Bad Rabbit hole? (IT Pro Portal) Employee training is key to preventing your organisation from falling victim to ransomware and other cyber threats.

Ransomware and the Importance of Prevention, Recovery, and Managed IT Services in NYC (Simplegrid Technology, Inc.) You should consult a managed IT services expert in NYC to help your business in creating a prevention and protection against ransomware. In general,

Insights on industrial vulnerability: How secure is your OT infrastructure? (IT Brief) Addressing the requirements of an OT network is now more important than ever and requires an integrated approach.

Design and Innovation

Cybersecurity Style Guide helps you write like a hacker (The Parallax) The point of the Bishop Fox Cybersecurity Style Guide, its editor says, is to “bridge the gap between people who are writing in security, and the people who have to read that.”

Would Tech Giants Be Able to Secure Autonomous Vehicles? (iHLS) While autonomous vehicles real-world tests become more and more prevalent, the risk of hackers taking

Blockchain and Biometrics Could Produce Paperless Global Travel, Boost Border Security (EnterpriseTech) A wonderful week in Italy is coming to an end, and now there’s the heartbreak of leaving the life of the Med. But the spirit of la dolce vita is upon you. Italy has given you a new appreciation for life and people, for beauty, for relaxation, art and culture, for good food and wine, laughter, enjoyment – for the

Cryptocurrencies – money of the future or flash in the pan? (Market Business News) Are cryptocurrencies the money of the future or something that came and went rapidly, i.e., a flash in the pan?

Start-ups fight back against the scourge of fake news (National) Google, Facebook and others are under pressure to tackle the spread of “alternative facts” online. Now start-ups are offering their own solutions.

Academia

Engility announces CyberWarrior® Scholarship recipients (PR Newswire) Engility Holdings, Inc. (NYSE: EGL) today announced the recipients of...

Students explore cybersecurity during event (Hickory Daily Record) Six hundred local middle and high school students got some interactive opportunities in cybersecurity this week when they attended Catawba Valley Community College’s Day of Security.

MSU breaks ground on tech park research lab, first of its kind in Montana (Bozeman Daily Chronicle) University leaders and industry members including executives from Boeing and defense giant Raytheon broke ground Friday on Montana State University’s Applied Research Lab, the first of a handful of buildings

Legislation, Policy and Regulation

ISIS May Be on the Run But What’s Our Message to Prevent Its Re-Grouping? (cyberdb.co) Even with the near- defeat of ISIS it is still a prominent force on the Internet, particularly for propaganda and recruitment campaigns.

The world badly needs a cyber-warfare truce - what are the chances? (diginomica) Cyber warfare is combat on the cheap, writes Denis Pombriant, as he sets out the case for an international truce to limit the scope for cyber attacks

Russia gets its super power on (SC Media US) After the breakup of the Soviet Union stripped it of its influence, Russia seems determined to reassert itself as a super power...in cyberspace. Teri Robinson reports.

White House challenges media claims of inaction on Russia (Washington Examiner) 'He has been tougher on Russia in the first year than Obama was in eight years combined,' White House press secretary Sarah Sanders told rep...

Homeland Security's tall order: A hacker-free election (CNET) Jeanette Manfra, the top cybersecurity official at DHS, tells CNET about all the ways hackers can sow chaos in this year's primaries and midterm elections.

Microsoft joins calls for a 'national cybersecurity agency' (Digital Journal) Microsoft has advocated a "national security agency" to avoid a "national security quagmire." The company has compiled guidelines to follow when establishing a federal cybersecurity agency. It said it would create a "focal point" for cyber defence.

Litigation, Investigation, and Enforcement

Jeremy Corbyn and the Czech spy: the secret files (Times) Soon after 32-year-old Jan Sarkocy flew from Prague to Heathrow on May 29, 1986, to start his career as an intelligence officer at the Czech embassy in London, his cover as Jan Dymic, a diplomatic...

Democratic intelligence memo released (CBS News) The memo claims Christopher Steele's dossier did not play a key role in the surveillance application process

House Democrats release intelligence memo defending DOJ, FBI investigation (TheHill) House Intelligence Committee Democrats on Saturday released their memo defending the Justice Department (DOJ) and FBI against allegations of surveillance abuses made in a memo by committee Republicans.

5 Key Takeaways From the Democratic Rebuttal Memo (WIRED) House Democrats released a 10-page memo Saturday that shows just how misleading the original #ReleaseTheMemo campaign was.

Byron York: Assessing the new Democratic intel memo (Washington Examiner) The GOP accused the Justice Department and FBI of relying heavily on the unverified Trump dossier in a secret court request to wiretap the s...

Out for Justice: Feds Battle Trolls (BankInfo Security) Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to

The Russia Investigations: More Pleas, More Charges — Any More Preparation? (WBUR) This week in the Russia investigations: More newcomers join Mueller's roll of honor; the feds meet with state officials on election security; and Washington starts thinking about considering some potential planning to defend the 2018 midterms.

Top Trump Campaign Aide Flips, Pleads Guilty In Mueller Probe (New York Law Journal) Rick Gates pleaded guilty Friday to one count of conspiracy and another of lying to federal investigators.

Jared Kushner pushed to Donald Trump margins as Russia inquiry closes in (Times) He was once the power behind the throne, Donald Trump’s most influential adviser. But Jared Kushner, the president’s son-in-law, now finds himself on the margins, fighting for relevance. The...

‘In Fraud We Trust’ – Cybercrime org bust shows we’re fighting pros (Naked Security) A former FBI official says the Russian Infraud Organization was operated like a “dark-web cousin of major commercial marketplace sites.”

Developer gets prison after admitting backdoor was made for malice (Ars Technica) Full-featured trojan catered to password thieves, Peeping Toms, and ransomware scammers.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, community college students interested in learning about security or expanding their current knowledge, and students attending the 3CS Pre-Summit Job Fair and National Cyber League (NCL) on Thursday, August 2nd.

upcoming Events

CyberThreat 18 (Westminster, England, UK, February 27 - 28, 2018) Hosted by the UK’s National Cyber Security Centre, a part of GCHQ, and the SANS Institute, CyberThreat18 brings together a packed schedule of talks on a broad range of familiar and less familiar topics by security experts and prominent industry figures, interspersed with team-building events and hands-on challenges designed to put both your defensive and offensive skills to the test.

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team and Andy Williams, ensuring Midlands based companies that are seeking a market entry strategy into the USA can access the best advice and guidance possible.

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of an Europe-wide cybersecurity system and to create a dedicated, collaborative platform for the governments, international organisations and key private sector companies.

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders from The FBI, U.S. Secret Service, IBM, and more. Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

PrivacyCon 2018 (Washington, DC, USA, February 28, 2018) The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government. As part of this initiative, the FTC sought general research that explores the privacy and security implications of emerging technologies, such as the Internet of Things, artificial intelligence and virtual reality. The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies’ failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Laurel, Maryland, USA, March 2, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Olympic false-flag? Crytojacking ad network. T-Mobile fixes hijacking bug. Australia's DoD boots Chinese phones.