The CyberWire Daily Briefing 3.6.18

Summary

By The CyberWire Staff

Fancy Bear isn't just bothering Germany. Montenegro complains that it's received a lot of unwanted attention from Russia's GRU over the past year.

Reddit, which has concluded its platform was used for influence operations during the 2016 US elections, has taken down a large number of "Russia-linked" accounts.

There are calls in the US Senate for a deterrent strategy in cyberspace, especially after NSA Director nominee General Nakasone testified last week that US adversaries don't appear to fear American retaliation for cyberattacks. The current going option remains sanctions, which at least have some potential to impose costs short of a nuclear exchange: observers think a fresh round of punitive measures against Russia for last year's NotPetya attacks likely. One of that campaign's victims, Nuance Communication, estimates that NotPetya will cost it more than $90 million.

A January study of Iranian state-sponsored hacking by the Carnegie Endowment receives fresh attention as Iran's non-proliferation agreements come under closer, more hostile scrutiny. Experts are considering ways in which Iranian hackers might also be deterred. The country's Revolutionary Guard has also recently been fingered by ClearSky as being involved in establishing bogus BBC and Radio Farda sites to spread disinformation.

Exabeam has released a study of what attackers can learn about you and your habits from your browser.

CFIUS has put a hold on Broadcom's attempt to takeover Qualcomm.

Attention civil servants working at the US Food and Drug Administration: your bosses would like you to stop watching adult content on Uncle Sam's dime.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Angola, Australia, China, Czech Republic, European Union, Germany, Iran, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Montenegro, Russia, Singapore, United Kingdom, and United States.

A note to our readers: We'll be in Mountain View, California, later this week, covering SINET's ITSEF conference. Sessions will be held on March 7th and 8th. Watch for summaries, articles, and live tweets beginning Wednesday.

How seamlessly is your data ingested across vendors?

To successfully fend off increasingly sophisticated cyber attacks, organizations need security tools that work effectively and efficiently across vendors. Join LookingGlass’ webinar with IBM and Cisco overviewing how STIX/TAXII2 standards-based technologies support solving those challenges in a new and effective manner. Sign up now!

On the Podcast

In today's podcast we speak with our partners at Lancaster University, as Senior Lecturer in Cyber Security Daniel Prince introduces himself and his work. Our guest is Jeremy Wittkop from InteliSecure with results from their Critical Data Protection Benchmark Survey.

Sponsored Events

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Russia’s Fancy Bear Hacks its Way Into Montenegro (Balkan Insight) A notorious Russian cyber-espionage group is believed to have been behind a number of attacks targeting Montenegrin institutions in the last year.

Cyber-Espionage Hits Berlin: The Breach from the East (SPIEGEL ONLINE) German intelligence officials issued warnings back in 2016 of a cyber-espionage group known as Snake. But the apparently Russian hackers behind the group were able to breach the German government nonetheless.

Reddit Says It Removed Hundreds of Suspected Russia-Linked Accounts (Motherboard) The website's CEO, Steve Huffman, admitted that Reddit was subject to 2016 election propaganda.

New Malware Used in Attacks Aimed at Inter-Korean Affairs (SecurityWeek) State-sponsored threat group interested in inter-Korean affairs continues to launch highly targeted attacks using new malware

North Korea could have profited $200 million from Bitcoin to boost missile program (9Finance) An expert believes the nation is using cyber hacking to skirt around economic sanctions.

Member Of Basij Behind Fake Radio Farda Website (RFE/RL) The man behind dozens of fake news websites in Iran is a member of the Basij militia, one of the forces of the Islamic Revolutionary Guards Corps.

The Iranian Cyberthreat (SC Media US) Can diplomacy and defense declaw this prowling 'kitten'?

The cyber caliphate (Colorado Springs Independent) When it comes to maintaining land, ISIS has not had a good year. A series of defeats has left the terrorist group without a state,...

MY TAKE: Necurs vs. Mirai – what ‘classic’ and ‘IoT’ botnets reveal about evolving cyber threats (Security Boulevard) I’ve written about how botnets arose as the engine of cybercrime, and then evolved into the Swiss Army Knife of cybercrime. It dawned on me very recently that botnets have now become the bellwether of cybercrime. This epiphany came after checking in with top experts at Proofpoint, Forcepoint, Cloudflare and Corero — leading vendors that

Threat of new malware looms over cyberspace (The Hindu) Saposhi can take over electronic devices and use them for DDoS attack

Triada Trojan Pre-Installed on Low Cost Android Smartphones (SecurityWeek) The sophisticated Triada Trojan has been found embedded in the firmware of more than 40 low-cost Android smartphone models.

How Criminals Can Build a “Web Dossier” from Your Browser (Exabeam) All kinds of personal information, from your location, work hours, habits, banks, applications, and even passwords are there for the taking. Web browsers store an incredible amount of sensitive information about you. Website developers have a variety of ways of using modern browsers to customize the experience for users. Advertisers also use these features to maximize the impact of ads shown on sites. The result is that a lot of information about you is stored[...]

MIRUS malware infects html files with CoinHive scripts: Quick Heal (Hindu Business Line) Researchers at Quick Heal Security Labs have reported a crytomining malware that injects CoinHive JavaScript into html files while also injecting virus in files with *.exe, *.com, *.scr and *.pif exte

Spectre-Inspired Attacks Can Steal Data from Intel SGX Enclaves (Security Boulevard) Researchers have developed new techniques inspired by the recent Spectre CPU vulnerability to completely compromise the confidentiality of hardware-based secure enclaves created with Intel's Software Guard eXtensions (SGX).

Malware Authors Turn to DNS Protocol as a Covert Channel (Infosecurity Magazine) DNS command and control (C&C) and DNS exfiltration can be successful because DNS is an integral part of the internet's infrastructure.

The Keeper browser extension flaw: How can users stay secure? (SearchSecurity) A Keeper browser extension vulnerability brought attention to security issues with password managers. Here's a look at how to avoid similar problems.

Backdooring connected cars for covert remote control (Help Net Security) We've all known for a while now that the security of connected cars leaves a lot to be desired. The latest proof of that sad state of affairs comes from Argentinian security researchers and hackers Sheila Ayelen Berta and Claudio Caracciolo. The pair is set to demonstrate a hardware backdoor for the CAN bus that can

Social media phishing on the rise as attackers experiment with tactics (Security Brief) The data suggests a pivot in tactics away from traditional cloud service providers.

Inside the Profitable Underworld of Ransomware (Government Technology) The FBI says that the ransomware “business” continues to turn a handsome profit, and attacks are only getting more sophisticated.

Cryptocurrency-stealing malware relies on victims copy-pasting wallet info (Help Net Security) An unconventional email spam campaign has been delivering unusual cryptocurrency-stealing malware to American and Japanese users.

Hackers crack Final Fantasy XV Windows edition before its launch (HackRead) For gaming fans, the release of Final Fantasy XV for Windows was the event of the month given the high level of popularity this game has managed to garner over the years and the fierce fan-following it boasts of. However, much to their disappointment there are reports of Square Enix’s game being cracked by a Chinese

NIS America hacked: Customer payment card data stolen, $5 off next purchase offered as apology gift (International Business Times UK) The breach took place sometime between 23 January and 26 February on NIS America's online stores.

Payment Card Breach Hits Some Applebee's Restaurants (SecurityWeek) Over 160 RMH-owned Applebee’s restaurants had their PoS systems infected with malware designed to capture payment card information

USDA to block 400 websites after IG finds employees looking at porn (FederalNewsRadio.com) At the same time, Chris Lowe, the chief information security officer at USDA, is being reassigned to a bureau level role as part of a continued house cleaning of IT officials.

Rockdale ISD his with W-2 scam (SC Media US) Every employee with the Rockdale, Texas Independent School District had their W-2 tax form information stolen in a spearphishing attack.

Nuance Estimates NotPetya Impact at $90 Million (SecurityWeek) Nuance Communications, one of the companies to have been impacted by the destructive NotPetya attack last year, estimates the financial cost of the attack at over $90 million.

Security Patches, Mitigations, and Software Updates

Delta Patches Vulnerabilities in HMI, PLC Products (SecurityWeek) Delta Electronics patches several vulnerabilities in two of its HMI and PLC products, including high severity issues that can allow remote code execution

Cyber Trends

2018 Thales Data Threat Report Healthcare Edition | Data Security Issues, Risks, Trends, and Concerns (Thales e-Security) Driven by escalating cyberattacks, traditional insider threats, privacy requirements and data residency regulations, enterprises around the world are facing increasing pressures to protect their data and reduce the exposure of their organizations to data related risks.

Report: 58 Percent of PHI Data Breaches Involve Insiders (Healthcare Informatics Magazine) Almost 60 percent of data breach incidents involving protected health information (PHI) involved insiders, which makes healthcare the only industry in which internal actors are the biggest threat to an organization’s data security, according to a recent Verizon security report.

Researchers explore real-world deployment of connected medical devices (Help Net Security) A ZingBox provides insight into the type of connected medical devices deployed, their unique behaviors, and associated security issues. This report is based on the detailed analysis of devices across 50 hospitals in 2017.

Exclusive: Is cybersecurity losing because it’s too profit-focused? (Security Brief) “Given their pay is never guaranteed, cybercriminals are outperforming the 'good guys' in many particular aspects only because they are 'hungry'."

Due Diligence on Cybersecurity Becomes Bigger Factor in M&A (Wall Street Journal) Growing concerns about cybersecurity have made assessing cyber risk vital to deal strategy.

Marketplace

More Security Vendors Putting 'Skin in the Game' (Dark Reading) Secure messaging and collaboration provider Wickr now publicly shares security testing details of its software.

How Silicon Valley went from ‘don’t be evil’ to doing evil (Orange County Register) Meet the new boss. Same as the old boss. – The Who, “We won’t be fooled again”, 1971 Once seen as the saviors of America’s economy, Silicon Valley is turning into something more of an emerging axis…

SCREEEECH: US national security agency puts brakes on Qualcomm takeover (Register) CFIUS sends Broadcom deal TITSUP* for 30 days

KnowBe4 Expands Into South Africa by Acquiring Popcorn Training (KnowBe4) Company continues its expansion of the world’s largest library of security awareness training.

Cybersecurity unicorn Zscaler sets terms for $110 million IPO (NASDAQ.com) Zscaler, which provides a cloud-based network security service for enterprises, announced terms for its IPO on Monday. The San Jose, CA-based.

Portuguese web security startup Jscrambler nets $2.3 ml Series A (PE Hub) Portugal-based Jscrambler, a web security startup, has secured more than $2.3 million in Series A funding. Sonae IM led the round with participation from Portugal Ventures.

Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round (Financial Review) Aussie founded BugCrowd will double in size after raising $33m for its 'white-hat' hackers who already serve the likes of Mastercard and Tesla.

AlienVault Reports Strong Finish to 2017 with 50 Percent Year-over-Year Revenue Growth (GlobeNewswire News Room) Fueled by Adoption of AlienVault USM Threat Detection Platform; More than 7,000 Commercial Organizations and More than 500 MSSPs Rely on AlienVault

Ex-Cisco CEO tells why he's going his own way in venture (Silicon Valley Business Journal) In this bonus interview from this week's Business Journal cover story, John Chambers digs deeper into why he launched a private family investment fund instead of joining an existing firm, and his goals for Palo Alto-based JC2 Ventures.

Singtel Innov8, NUS to create cybersecurity startup hub in Singapore (e27) In addition to providing access to working space and funding, ICE71 will also provide startups with cybersecurity resources to test and build proof-of-concept solutions in a virtual environment

Vendor Q&A Series: Sean Sykes, Avast (Channelnomics) The latest channel exec to sit in the Channelnomics hot seat is Avast's managing director of the Americas

This Female Founder Helps Businesses Stay Ahead Of Hackers (The Story Exchange) Molly O’Hearn is in the protection business. She is co-founder and vice president of operations of Iovation, a Portland, Ore., information security firm. Her company sells fraud prevention tools that help businesses protect customers from identity and credit card theft and other hacks, as well as authentication products that help firms verify customers’ identities. Iovation’s top priority is to stay ahead of hackers -- a focus that O’Hearn and her co-founders, Jon Karl and Greg Pierson,

DarkMatter names new CEO (Tahawul Tech) DarkMatter has appointed Karim Sabbagh as its new chief executive officer, effective April 2018.

Armored Things Hires Elite Cyber Security Specialists (Benzinga) Armored Things announces two executive hires in cyber security, former Carbon Black Chief Architect, Chris Lord and fellow Carbon Black alumnus, Joshua Hartley. Boston,...

Products, Services, and Solutions

Acalvio Executive to Moderate Panel on Deception Technology at SINET 2018 (PR Newswire) Acalvio™ Technologies, an innovator in Advanced Threat Defense,...

Technologies, Techniques, and Standards

With Less Than 90 Days to Go, Are You Ready for GDPR Enforcement? (Security Intelligence) Are you there yet? Which "there" are we talking about? Unless you've been hiding under a rock for the past year, you probably know that I'm talking about your GDPR plan.

How to choose a penetration testing service (Help Net Security) Outsourcing your penetration testing efforts can offer fresh and customized methodologies that can be utilized by the external resources which usually means better quality and coverage.

How to improve your security infrastructure when you're on a budget (Help Net Security) What does your security infrastructure budget look like? How can you improve it? Matt Corney, CTO at Nuspire Networks offers advice help you.

Vermeer's Camera: Uncovering the link between art criticism and cybersecurity (Help Net Security) Forensics provides evidence of who, what, and how. Today, the business need for computer forensics extends beyond litigation support into compliance.

Academia

Deadline approaches for Department of Homeland Security cybersecurity internship (Reporter) Still in college and interested in a cybersecurity career? Then you may want to apply for the 2018 Secretary’s Honors Program (SHP) Cyber Student Volunteer Initiative sponsored by the U.S. Department of Homeland Security.The window

Vermont high school girls successfully complete cyber challenge (Vermont Business Magazine) Governor Phil Scott today recognized the Vermont high school girls who participated in the GirlsGoCyberStart challenge, a cybersecurity training partnership between states and the SANS Institute

Legislation, Policy and Regulation

Israeli Government Asked European Security Companies for Zero-Days in Unsolicited Emails (Motherboard) Israel cast a wide net in Europe too, looking to purchase zero-days for its law enforcement and intelligence agencies.

A Russian Threat on Two Fronts Meets an American Strategic Void (New York Times) President Trump has responded to Russia’s ramped-up nuclear arsenal and cyberweapons with a mix of Cold War-era approaches and virtual silence.

Sanctions for NotPetya? You Betcha. (The Cipher Brief) The White House deployed words to chide Russia for the NotPetya attack. On 15 February 2018, the White House Press Secretary released a blunt statement: In June 2017, the Russian military launched the most destructive and costly cyber-attack in history. The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, …

Sen. King calls for national doctrine of cyber deterrence (Homeland Preparedness News) Warning that the United States is engaged in or at the brink of cyber war, U.S. Sen. Angus King (I-ME) called for a national doctrine of cyber deterrence during two separate hearings on Thursday. King spoke about the importance of …

As midterms heat up, lawmakers feeling good about ballot box security (Washington Examiner) Partisan tensions flared on Feb. 27 with Adm. Mike Rogers' testimony before the Senate Armed Services Committee that he hasn't received a di...

Let Industry Lead on Grid Cybersecurity Defenses, ex-NSA Expert Says (RTO Insider) The Senate Energy and Natural Resources Committee held a hearing on cybersecurity, with one witness advising a pause in CIP standards.

Cyber security to be newly taught at Czech army's university (Prague Monitor) The Czech University of Defence will newly teach its students cyber security, Defence Minister Karla Slechtova told after meeting the university management and students on Friday

NY National Guard soldiers deploy for cyber security duty (Idaho Statesman) Twenty-five New York Army National Guard cyber security team members are mobilizing for federal duty.

The joys of changing Privacy Laws (SANS Internet Storm Center) There are a few privacy changes that have occured and will occur. You may be affected, so I've summarised it here. Please keep in mind I'm not your legal counsil so as always, check yours.

Litigation, Investigation, and Enforcement

Cellebrite executive says unlocking the iPhone is for the public good (Phone Arena) Just the other day, we told you that Israeli tech company Cellebrite said that it can now unlock all Apple iPhone models running up to iOS 11.2.6, which happens to be the last public release of the OS. The company's chief marketing officer, Jeremy Nazarian, recently told Forbes that there are good reasons to have this capability. The executive read some of these off as though he was reciting the list of plagues during a Passover sedar...

Mysterious $15,000 'GrayKey' Promises To Unlock iPhone X For The Feds (Forbes) Just a week after Forbes reported on the claim of Israeli U.S. government manufacturer Cellebrite that it could unlock the latest Apple iPhone models, another service has emerged promising much the same. Except this time it comes from an unkown entity, an obscure American startup named Grayshift, which appears to be run by long-time U.S. intelligence agency contractors and an ex-Apple security engineer.

Jailed Russian: Here’s How I Hacked The U.S. Election (Fast Company) From a cell in a high-security prison outside Moscow, Konstantin Kozlovsky reveals more about the software he claims disrupted the 2016 election.

Christopher Steele, the Man Behind the Trump Dossier (The New Yorker) How the ex-spy tried to warn the world about Trump’s ties to Russia.

Expert: Farce involving Russia’s US elections breach needs resolving (Security Brief) Multiple US officials have announced the intelligence community had evidence that states had been compromised by Russia but didn't tell anyone.

Chuck Todd: Mueller Indictment Contradicts McDonough's Claim That Obama's Warning to Putin Was 'Impactful' (Washington Free Beacon) NBC's “Meet the Press” host Chuck Todd on Sunday pushed back against Barack Obama's former White House chief of Staff Denis McDonough for his claim that Obama's warning to Russian President Vladimir Putin was 'impactful.'

Lessons from the Carphone Warehouse cyber-attack (Essential Retail) How can retailers learn from the Carphone Warehouse attack and tackle poor security before disaster strikes?

Angry Coinbase users sue over claimed security failings, insider trading (Ars Technica) In one case, man called what he thought was Coinbase's customer support—it wasn't.

The Pirate Bay suffers 40% traffic drop after domain ban in Netherlands (HackRead) The Pirate Bay is in hot water once again - This time the reason is the Netherlands where authorities have blocked The Pirate Bay resulting in 40% traffic drop.

Penn. AG sues Uber over breach, delayed notification (SC Media US) Pennsylvania's attorney general is suing Uber for delaying disclosure for more than a year of a breach that exposed the personal information, such as drive

Uber 'Surprised' by Totally Unsurprising Pennsylvania Data Breach Lawsuit (WIRED) Pennsylvania’s attorney general filed a lawsuit against the ride-hailing giant Monday for failing to disclose a massive hack for over a year—and may not be the last

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

upcoming Events

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the knowledge and resources to develop, manage, or enhance an ITP. The course will help not only organizations required to maintain and submit an ITP, but any business or organization concerned with Insider Threat Risk Mitigation. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused on identifying solutions to Cybersecurity challenges.

AFFIRM and USCC 5th Annual Cybersecurity Summit (Arlington, Virginia, USA, March 8, 2018) The 5th Annual Cybersecurity Summit is a place for important discussions about the challenges with cyber-security and is also a significant benefit both for the AFFIRM scholarship program, which helps students focused on IT skills and is the largest support for USCC's summer camp program, which focuses on cybersecurity. Cybersecurity is a dynamic and crosscutting field that is ever changing and increasingly challenging to address. This in-depth, half-day session will gather an all-star line-up of chief information officers, chief information security officers, and other thought leaders from government and industry who will explore growing threats as well as innovative approaches to attract and retain the best cyber talent.

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Fancy Bear still in Montenegro? Iranian cyber ops. Developing a deterrence strategy. What the browser knows.