The CyberWire Daily Briefing 3.1.18

Summary

By The CyberWire Staff

German authorities said yesterday that they are investigating a cyber espionage campaign against Federal networks. The attack was detected in December, but the threat actors are believed to have been present in the networks for about a year before they were discovered. The campaign is attributed (not officially, but by anonymous sources close to the investigation) to Fancy Bear, Russia's GRU military intelligence service.

Deutsche Welle describes the Informationsverbund Berlin-Bonn (IVBB) network, the hackers' target, as a dedicated secure platform used only by "the Chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn, the former German capital where some ministries still have offices."

UpGuard disclosed that it found another exposed AWS S3 bucket. This one belongs to Birst, a cloud business intelligence and analytics firm. The data exposed belonged to Capital One, the eighth largest US commercial bank. UpGuard thinks the data could provide attackers a "roadmap" to Capital One's infrastructure. [Update, 3.3.18: UpGuard has taken down its report on the breach. Birst and its corporate parent, Infor, have said that no data were exposed. An Infor representative told ITWire: "A Birst employee placed a copy of certain non-production components of the Birst software in a publicly-available S3 bucket to provide a prospective customer in the financial services industry non-production, read-only access to the software (a proof-of-concept). These components were not populated with data; no data from the financial institution was ever present in the test environment at any time, although the filename contained the name of the financial institution." Thus it appears that no data were exposed. Capital One contacted the CyberWire to point out that the report of a breach was inaccurate.]

Wandera describes RedDrop, Android malware distributed for the purpose of blackmailing its victims. RedDrop combines the functionality of spyware, Trojan, and data exfiltration. If users take apps only from reputable sources and enable Google Play Protect, they're probably safe.

Intel adds new fixes for Spectre to Broadwell and Haswell chips.

The US Federal Trade Commission has reached a settlement with PayPal subsidiary Venmo over the company's privacy and security practices. The US Securities and Exchange Commission has begun investigation into multiple ICOs, looking particularly at sales structures and presale agreements.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, European Union, Germany, Russia, United Kingdom, and United States.

Struggling with your DLP? It's time to rethink your data loss prevention strategy.

Traditional data loss prevention tools aren’t cutting it anymore. Why? They are high-maintenance and require endless fine-tuning. They often miss insider threats. They stymie communication between security and other departments. And they slow down endpoints, leading to crashes and failures that drive users crazy. Learn from ObserveIT why DLP tools aren’t getting the job done in 2018 and how you can stop data loss in its tracks. Read Now.

On the Podcast

In today's podcast, we hear from our partners at the SANS Institute, as Johannes Ullrich (Dean of Research and proprietor of the ICS Stormcast) gives us the lowdown on the Memcache DDoS risk. Our guest, Rami Sass from WhiteSource, talks about security issues surrounding open source software.

And, in case you missed it, Recorded Future's Threat Intelligence Podcast (produced in cooperation with the CyberWire) is up. This episode features a talk with McAfee's Michael Rea on the art of managing formal intelligence requirements. He explains the value of formal management of your threat intelligence requirements, how best to do it, and why it helps make IT security teams more effective.

Sponsored Events

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

German ministries hit 'by Russian hackers' (BBC News) Unconfirmed reports link the malware attack to a Russian hacking group known as Fancy Bear.

Secret German Government Network Attacked (Infosecurity Magazine) Secret German Government Network Attacked. Reports suggest hackers may have had access for a year

Germany admits hackers infiltrated federal ministries, Russian group suspected (Deutsche Welle) German security services have admitted they uncovered a cyberattack on the government in December. Sources say the malware had been planted up to a year earlier and could be the work of a notorious Russian hacking group.

[Added 3.3.19] UpGuard silent on why it pulled Capital One breach claims (iTWire) Security firm UpGuard is remaining silent about the removal of a blog post from its website wherein it was claimed that a cloud-based data storage rep...

Unprotected AWS Bucket Exposes 50.4 GB of Financial Giant's Data (HackRead) [Note, 3.3.18: See the article from ITWire, above, for updated information on this story. There appears to have been no breach.] Another day, another AWS Bucket exposed to the public - This time the AWS Bucket belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm.

Researchers Warn of RedDrop Blackmail Malware (Infosecurity Magazine) Researchers Warn of RedDrop Blackmail Malware. RedDrop spyware records victims for later use, says Wandera

New Android malware record voice calls for extortion & blackmailing (HackRead) The RedDrop malware steals personal data from Android devices, recording live calls and in order to blackmail the victim.

Consumers Falling for Fake Mobile Banking Apps (Infosecurity Magazine) More than one in three consumers are fooled by fraudulent versions of banking apps.

Mobile bankers beware: Sophisticated hacks soar (CBS News) Malware now so seamlessly appears to be your own bank's app that it can easily fool even savvy users

XM-Hell strikes single-sign-on systems: Bugs allow miscreants to masquerade as others (Register) Yeah, I’m so totally Sarah from accounts…

Zero-Day Attacks Major Concern in Hybrid Cloud (Dark Reading) Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.

There is still a lack of cyber resiliency of the electric grid (Control Global) October 10, 2016, I wrote a blog: “The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack” This was because NERC, DOE, and DHS had effectively ignored the 2015 attack as it was against the distribution system. Ironically, two months later, the second Ukrainian cyberattack was against the transmission system. In both cases, the attack was step 1 of the 2 steps of Aurora. Enclosed are examples of what is not happening.

Phillips clinical imaging solution plagued by vulnerabilities (Help Net Security) Phillips is developing a software update to mitigate 35 CVE-numbered vulnerabilities in the Philips IntelliSpace Portal (ISP), a clinical imaging visualization and analysis solution that is used by healthcare and public health organizations around the world.

Kaspersky Lab denies reports about making part of its anti-virus code accessible online (TASS) Kaspersky Lab constantly monitors the network for the presence of code samples

Spy games: Is buying a Chinese smartphone risky? (USA TODAY) The CIA, FBI, NSA, and other intelligence heads are all warning against using Huawei and ZTE phones for risk of being spied upon.

What is a botnet? And why they aren't going away anytime soon (CSO Online) Controlling thousands or even millions of devices gives cyber attackers the upper hand to deliver malware or conduct a DDoS attack.

What Is A Botnet & How Does It Work? (Pwnie Express) Learn what botnets are, how they are created, and how they carry out DDoS attacks. You can also discover ways to prevent a botnet attack from affecting you.

Security Patches, Mitigations, and Software Updates

Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips (Threatpost) Intel has issued stable microcode to help protect its Broadwell and Haswell chips from the Spectre Variant 2 security exploits.

SSL Snafu Ends in 23,000 Revoked Certs (Infosecurity Magazine) SSL Snafu Ends in 23,000 Revoked Certs. DigiCert and Trustico feud hits UK websites

Cyber Trends

Editorial: If No One Will Listen About Cybersecurity (Infosecurity Magazine) Editorial: If No One Will Listen About Cybersecurity

The State of Application Penetration Testing (Dark Reading) Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.

IoT Rewards to Outweigh Risks for NSA (SIGNAL) The Internet of Things both requires and enhances cybersecurity.

KnowBe4 Issues 2018 Threat Impact and Endpoint Protection Report (ResponseSource Press Release Wire) KnowBe4, the world's largest provider of security awareness training and simulated phishing, today rel...

Nearly half of security pros rarely change their security strategy, even after a cyber attack (Help Net Security) Nearly half (46 percent) of IT security pros rarely change their security strategy substantially – even after experiencing a cyber attack.

3 Emerging Healthcare Security Challenges (Bricata) Security professionals in health care face a difficult challenge: protecting an aging infrastructure with unique requirements of PII even as threats multiply and budgets remain flat. A renewed focus on some of the basics could reverse the trend.

Cybersecurity pros don't feel equipped to stop insider attacks (Help Net Security) One consistent message we heard in all of these interviews was that cybersecurity professionals don't feel equipped to stop insider attacks, despite an increase in funding.

Beyond the Password Era: Changing Consumer Habits Signal the End Is Near (Security Intelligence) A recent IBM Security study found that consumers, especially millennials, are beginning to embrace alternatives to password protection, such as biometric authentication.

Exclusive: Public wants Big Tech regulated (Axios) A new Axios-SurveyMonkey poll finds a seismic shift in the public's perception of Silicon Valley over a short period of time.

Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples (Dark Reading) From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Grey's Anatomy, hacking themes now run deep in today's TV shows.

Marketplace

Contractors gripe about DHS clearance woes (FCW) Varied and uneven security clearance processes for contractors across DHS components are leading to confusion and problems for vendors, industry experts told a congressional panel.

Pentagon’s $1 Billion Cloud Deal May Signal New Era in Government Buying (Nextgov.com) Congress wants the Defense Department to buy technology faster. Now it's beginning to do just that.

How agencies can request funds to replace legacy IT systems (Federal Times) Though the fund established by the Modernizing Government Technology Act is currently empty, the White House is encouraging agencies to begin submitting project proposals that could use the money.

What employers need to know about cybersecurity jobseekers (Help Net Security) An ISC2 study sheds light on what motivates cybersecurity jobseekers and what’s most important to them for professional and personal fulfillment. Armed with this insight, employers can do a much better job appealing to top cybersecurity professionals.

Want a well-paid job in the channel? Then work in cybersecurity (CRN) Average wages among top cybersecurity MSSPs, resellers and consultancies spike by 10 per cent to top £60,000, CRN Cybersecurity Provider Report finds

Northrop Grumman awarded $95M OBIM contract (BiometricUpdate) Northrop Grumman has been awarded a 42-month, $95 million contract by the DHS Office of Biometric Identity Management (OBIM) to develop the first two stages of the Homeland Advanced Recognition Tec…

Kratos Executes Definitive Agreement to Sell Public Safety & Security Division to Securitas Electronic Security, Inc. for Expected Net Proceeds of Approximately $70 Million (GlobeNewswire News Room) After Transaction Close, Kratos Will Have Successfully Transformed Into a Pure Play Defense Products, Systems and Technology Company

Virginia Cybersecurity Startup CounterFlow AI Inc. closes $2.7M Seed Round (California Newswire) Cybersecurity startup CounterFlow AI announced last week that it has raised $2.7 million in seed funding from Osage University Partners, the Charlottesville Angel Network, and a number of individual investors who also supported the founders' previous venture, nPulse Technologies (acquired by FireEye in 2014).

Cyber Insurer Coalition Raises $10 Million to Solve Cyber Risk for SMBs (Coalition) Coalition Inc., the first technology-enabled cyber insurance solution, announced today that it raised $10 million in Series A funding from leading technology investors including Vy Capital, Ribbit Capital, Valor Equity Partners, Sam Altman (President, Y Combinator), and Deep Nishar (Senior Managing Director, Softbank Vision Fund).

Amazon Acquires Ring to Bolster Home Security Portfolio (Yahoo) Amazon's (AMZN) acquisition of Ring expands the company's footprint in the home security market and enables it to improvise in-house delivery services.

By Light acquires Axom for intell footprint (Washington Technology) By Light Professional IT Services acquires Axom Technologies to gain a new footprint in the intelligence community, a highly-sought after customer base in recent deal activity.

CNBC Exclusive: CNBC Transcript: Palantir Technologies Co-Founder & CEO Alex Karp Joins CNBC's Josh Lipton for Rare Interview Airing Today (CNBC) Following is the unofficial transcript of the full CNBC EXCLUSIVE interview with Palantir Co-founder & CEO Alex Karp and CNBC's Josh Lipton, airing today Wednesday, February 28 at 11am ET.

Qualys Hires Bill Solms To Head US Federal Division (WashingtonExec) Solms, who brings 30 years of experience, will help drive government IT initiatives to aid agencies maintain visibility and control of their complex networks and secure their digital transformations.

Howard Edelstein Appointed CEO of BioCatch (BusinessWire) BioCatch, the global leader in behavioral biometrics, announced today that it has appointed FinTech industry luminary Howard Edelstein as CEO. Edelste

Carbon Black Strengthens Executive Team with Kane Lightowler’s Promotion to Senior Vice President of Americas Field Sales (BusinessWire) Lightowler moving from APAC region to take over NA field sales; MobileIron veteran Matt Bennett takes helm in Asia Pacific & Japan (APJ)

Products, Services, and Solutions

Cylance and ConnectWise Partner to Provide AI-Driven Cybersecurity Prevention to More Than 21,000 Global MSPs (BusinessWire) Cylance® Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, fil

Egnyte Connect for Google Hangouts Chat Lets Users Securely Share Content in Real-Time (Benzinga) New Integration Enables Seamless Collaboration and Increased Productivity in the Digital Workplace MOUNTAIN VIEW, Calif. (PRWEB) February 28, 2018 Egnyte, a leading cloud...

QBE North America launches online cyber response tool (Business Insurance) QBE North America, an operating division of Australia’s QBE Insurance Group Ltd., will include an online cyber response tool with all its cyber policies, the insurer said in a statement Wednesday.

Joseph Greenwald & Laake adding cybersecurity practice (Maryland Daily Record) Joseph Greenwald & Laake P.A. has recently added a new practice area in data privacy and cybersecurity, with a focus on compliance, government investigations and enforcement actions, data priva…

Fortinet Expands its Ecosystem of Fabric-Ready Partners to Advance Security Visibility and Automated Response for Digital Business (GlobeNewswire News Room) New Fabric-Ready Program partners extend Security Fabric automation, visibility and management into IT and security workflows, multi-cloud and virtualized networks

The enSilo platform traps threats that bypass other endpoint defenses (CSO Online) The enSilo platform offers traditional endpoint protection alongside the ability to offer post-infection protection. It can also trap threats, holding them in place and rendering them harmless until a threat hunter can arrive to investigate.

Data I/O Wins Best of Show with Embedded Award for the SentriX Security Provisioning Platform (Marketwire) Data I/O Corporation (NASDAQ: DAIO), the leading global provider of advanced data and security programming solutions for flash, flash-memory based intelligent devices and microcontrollers, announces that it has been awarded a 2018 Embedded Award in the category of Tools for its SentriX Security...

Bitdefender Announces GravityZone Security for VMware Cloud on AWS (Bitdefender) GravityZone provides VMware customers with award-winning, next-generation security that facilitates management efficiency and infrastructure performance across the hybrid datacenter

Bitdefender BOX 2 Becomes Available in Europe starting next month (Bitdefender) Next-generation security hub protects entire households

Bill Gates says cryptocurrencies have “caused deaths in a fairly direct way” (Ars Technica) Gates says cryptocurrencies’ main feature is anonymity.

Technologies, Techniques, and Standards

How to Fight Mobile Number Port-out Scams (KrebsOnSecurity) T-Mobile, AT&T and other mobile carriers are reminding customers to take advantage of free services that can block identity thieves from easily “porting” your mobile number out to another provider, which allows crooks to intercept your calls and messages while your phone goes dark.

How to Turn Off Facebook's Face Recognition Features (WIRED) Facebook recently expanded its face recognition features—and you may have opted in without even realizing it.

For Hackers, Uniformity Is Path of Least Resistance (SIGNAL) Standardizing network components creates more problems than it solves.

Research Finds No Guidance Results in Weak Passwords (Infosecurity Magazine) 75% choose

Why Do Enterprises Need a Software Security Program? (Infosecurity Magazine) Enterprises cannot expect a collection of independent activities to consistently result in secure software.

Why Salesforce customers should think about GDPR best practices (SearchSalesforce) Companies trafficking in customer data should start looking at GDPR best practices ahead of the May 25 implementation date.

How to Defend Servers Against Cryptojacking (eSecurity Planet) Here are some steps you can take to reduce the risk of becoming an unwitting accomplice to cryptojacking attacks.

Why Cryptocurrencies Are Dangerous for Enterprises (Dark Reading) When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.

Design and Innovation

CoinDesk's Head of Research On What's Next For Cryptocurrency (Forbes) If you have ever researched bitcoin or blockchain, chances are you found yourself on CoinDesk’s homepage. Since 2013, CoinDesk has been the leader in blockchain news.

Don’t Call Zcash A Privacy Coin, Cryptocurrency Founder Says (International Business Times) Privacy can be a security feature.

Legislation, Policy and Regulation

GDPR: Will We Get Back Control of our Data? (Infosecurity Magazine) Will the GDPR make us the masters of our own personal data?

Top intel official: US must do more to stop Russian meddling (Boston Herald) The U.S. response to Russian meddling and disinformation campaigns has not been strong enough to deter Moscow's activities, a top intelligence official said Tuesday.

Cyber Command granted new, expanded authorities (Fifth Domain) With the elevation of Cyber Command comes additional authorities for its commander, such as the ability to synchronize forces globally.

Senate DHS Reauthorization Bill Likely to Streamline Oversight, Include Election Security (Nextgov.com) Senators also aim to limit partisan amendments to the bill that would reauthorize DHS for the first time in 15 years.

Canada adds new cybersecurity center, hikes funding for electronic spy agency (Fifth Domain) The Canadian government will significantly improve its cyber security capabilities with funding increases to the Department of National Defence’s electronic spy agency and with the creation of a new cyber security center.

Liberals pitch $500 million cyber security plan (Toronto Star) Canada's electronic spy agency takes a central role in new cyber security strategy, will see budget boosts.

The NIS Directive: A path to cyber resilience or a simple ‘tick-box’ exercise? (VanillaPlus) Back in March 2017, the UK Government launched its long-awaited Digital Strategy, which promised to make “the UK the safest place in the world to live and

House passes sex trafficking bill that could limit free speech online (Ars Technica) A bipartisan bill would enable states to prosecute sites like Backpage.

Defying Pai’s FCC, Washington state passes law protecting net neutrality (Ars Technica) Washington may be the first state to impose net neutrality rules on all ISPs.

Fleet Cyber Command to get new leader (Fifth Domain) Rear Adm. Timothy White has been nominated to serve as the next commander of Fleet Cyber Command/Tenth Fleet, as well as a third star.

Litigation, Investigation, and Enforcement

Judge to rule whether to suppress accused leaker's statement (Fifth Domain) Defense attorney Matthew Chester says the statement from Reality Winner, accused of leaking National Security Agency secrets, should be suppressed because federal agents intentionally chose not to read her Miranda rights out of fear that she would not talk if they did.

VA inspector general finds no evidence of computer hacking in travel scandal (Military Times) Investigators have uncovered no evidence of Veterans Affairs Secretary David Shulkin’s claims that email hacking may have contributed to a series of ethics violations during an overseas trip last year.

Security clearance shakeup wreaks havoc in executive branch (Federal Times) An ongoing security clearance debacle that has reached into the highest levels of the Trump administration since Day One has now claimed victims.

UPDATED: Homeland security says no sign Alaska vote tallies were tampered with (KTUU) Federal officials say an NBC report that said Alaska is one of seven states to have had election information compromised in 2016 is 'not accurate' and 'misleading.'

The SEC is reportedly investigating a number of ICOs (TechCrunch) The SEC is getting up close and personal with companies that have raised ICOs, according to a new report. Citing sources, the Wall Street Journal is..

FTC Settles with Venmo on Security Allegations (Dark Reading) Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.

New Orleans alleged to have secretly used Palantir predictive policing (CSO Online) The New Orleans Police Department is accused of secretly using Palantir's predictive policing technology to predict who would cause a crime or be a victim of it.

The Future of Policing Is Being Hashed Out in Secret (Bloomberg) Maybe prediction algorithms will be a great stride for justice. Secret experiments definitely aren't.

Fake P[0]rn Makers Are Worried About Accidentally Making Child P[0]rn (Motherboard) Images of celebrities as minors are showing up in datasets used in making AI-generated fake p[0]rn.

YouTube Bans Channel of American Neo-Nazi Extremist Group Atomwaffen Division (Motherboard) YouTube's removal only comes after a media flurry around the platform's inaction on neo-Nazi content.

Anti-Defamation League: YouTube Should Delete Neo-Nazi Videos 'Immediately' (Motherboard) The ADL says these videos are 'disgusting racist content that has no place in our society.'

YouTube's New Moderators Mistakenly Pull Right-Wing Channels (Bloomberg) YouTube’s new moderators, brought in to spot fake, misleading and extreme videos, stumbled in one of their first major tests, mistakenly removing some clips and channels in the midst of a nationwide debate on gun control.

This is weird: Securities class action defendant wants to block... (Reuters) We’ve become inured to squabbles among plaintiffs' lawyers who want to be appointed to lead juicy securities class actions.

Man involved in shooting cop and was found via stingray given 20 years (Ars Technica) Purvis Ellis, of Oakland, tells judge: “I just hope not to be defined by this.”

Instagram image of Lego assault rifle, threat lead to 14-year-old’s arrest (Ars Technica) San Diego County teen wrote Tuesday evening: "Don’t come to school tomorrow."

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Laurel, Maryland, USA, March 2, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

AFFIRM and USCC 5th Annual Cybersecurity Summit (Arlington, Virginia, USA, March 8, 2018) The 5th Annual Cybersecurity Summit is a place for important discussions about the challenges with cyber-security and is also a significant benefit both for the AFFIRM scholarship program, which helps students focused on IT skills and is the largest support for USCC's summer camp program, which focuses on cybersecurity. Cybersecurity is a dynamic and crosscutting field that is ever changing and increasingly challenging to address. This in-depth, half-day session will gather an all-star line-up of chief information officers, chief information security officers, and other thought leaders from government and industry who will explore growing threats as well as innovative approaches to attract and retain the best cyber talent.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Fancy Bear goes to Berlin (and Bonn). AWS S3 misconfiguration. RedDrop extortion. Spectre fixes. FTC, SEC enforcement actions.