The CyberWire Daily Briefing 3.12.18

Summary

By The CyberWire Staff

The UK mulls sanctioning Russia for the attempted assassination, in England, of former GRU officer (and MI6 spy) Sergei Skripal. Many think sanctions would prompt Russian retaliation by cyberattack.

A Kaspersky study sees a shift toward Asia in Sofacy's interests. (Sofacy is also known as APT28, Tsar Team, and Fancy Bear. Kaspersky describes the group as "pragmatic, measured, and agile.")

Iran may be showing greater cyber capabilities and a correspondingly larger disposition to use them for espionage and surveillance.

Bots have their uses in spreading disinformation over social media, but an MIT study suggests human gossips are overwhelmingly more active in doing so.

Is a kill-switch "the cavalry," or questionably legal interference in someone else's computer? Corero thinks the "flush_all" command is a potentially useful method of stopping Memcrash distributed denial-of-service attacks, as reported in the Register. Cloudflare and Arbor Networks told eWeek that flushing all would amount to changing the contents of a non-cooperating computer. And, of course, that's illegal in many (most?) places.

Kaspersky Lab has described Slingshot, cyber-espionage malware that for six years has quietly infested systems in the Middle East and Africa. The researchers call it sophisticated and stealthy, an elegant product, they think, of a nation-state. They don't say which nation-state, but they do note that the debug code is written in pretty good English.

The University of Toronto's Citizen Lab says that Egypt, Syria, and Turkey are adapting Sandvine products to install spyware and cryptojackers. Sandvine says it's got nothing to do with it.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Egypt, India, Iran, Democratic Peoples Republic of Korea, Latvia, Pakistan, Russia, Syria, Taiwan, Tajikistan, Turkey, United Kingdom, United States

Intelligent response to doing more with less

Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. How do you fend off these attacks when you don’t have the budget or resources for everything you need to protect your organization: data feeds, tools, analysis and mitigation? Learn more in our webinar on Wednesday, March 21 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast we hear from our partners at the University of Maryland, as Jonathan Katz offers his thoughts on Spectre and Meltdown. Our guest is Christopher Pierson from Binary Sun Cyber Risk Advisors, with a timely update on SEC cyber security guidance.

Sponsored Events

How to Sell Your Cyber Startup's Software to Large Fortune 500 Companies (Fulton, Maryland, USA, March 15, 2018) Joe Silva, VP Cyber Threat & Intelligence at TransUnion, will share his perspective on how large Fortune 500 companies approach buying software from cyber start-ups. Early stage founders and technology innovators come to learn, network & enjoy free food & beverages.

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Dateline

Emerging and enduring challenges, with a call for risk management. (The CyberWire) Several trends drew the attention of panelists and speakers at ITSEF. Two of them, resilience and the burgeoning Internet-of-things, we'll consider separately. The others we'll summarize here.

Risk management, regulation, and public policy. (The CyberWire) On March 8, 2018, Robert Rodriguez (SINET CEO) moderated a discussion between Kiersten Todt (President, Liberty Group Ventures) and Joseph Sullivan (former Commissioner, US Presidential Commission on Enhancing National Cybersecurity) both of whom worked together to formulate the Presidential Commission's recommendation on cybersecurity. They offered a broadly optimistic take on the direction of US national cybersecurity policy, but the two former Commissioners agreed that we're starting to see technologies being weaponized and used in ways we're not prepared for. They also agreed that they wanted to see more Government involvement and collaboration, but not necessarily more regulation.

Next-generation deception technology: now more "must-have" than "nice-to-have"? (The CyberWire) Deception technology has recently begun to be used as a defensive tool. It's enjoyed notable success, but it's still not widely deployed commercially on a large scale. This seems likely to change. A panel discussed the benefits their enterprises had derived from including deception in their architecture. Rick Moy (Head of Marketing, Acalvio Technologies), moderated a panel whose members included Andy Nallappan (Chief Information Officer, Broadcom), Richard Rushing (Chief Information Security Officer, Motorola Mobility), Caleb Sima (Founder, Badkode Ventures), and Abe Smith (Director, Enterprise Security, Cavium).

Cyber Attacks, Threats, and Vulnerabilities

Masha and these Bears (Securelist) Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile.

Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia (TrendLabs Security Intelligence Blog) We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia.

New attacks spark concerns about Iranian cyber threat (TheHill) Experts are sounding the alarm about new cyber activity from Iran, as hackers become more emboldened and skilled at carrying out surveillance operations and other attacks outside the country’s borders.

Information Warfare: Cyber War Slaves Serve The Mighty Kim (Strategy Page) The growing number of North Korean defectors are revealing more details of how North Korea is trying to adapt to the increasing list of economic sanctions and the opportunities for Internet based misbehavior Some of these defectors were associated with

How ISIS and Russia Manufactured Crowds on Social Media (WIRED) The Islamic State built a global brand using the power of social media. Now, Russia is following a similar playbook—and it’s all too easy.

Fake news travels faster than truth on Twitter, and we can’t blame bots (Naked Security) People prefer spreading juicy lies over the truth, according to new research from MIT.

Could AI-Driven Info Warfare Be Democracy’s Achilles Heel? (The Cipher Brief) Today, waging information warfare is a manpower-intensive effort. What if that changes?

Cryptojacking attack uses leaked EternalBlue NSA exploit to infect servers (ZDNet) RedisWannaMine is a sophisticated attack which targets servers to fraudulently mine cryptocurrency.

Telecom Egypt covertly redirecting internet users to crypto mining sites: report (Egypt Independent) Government-owned Telecom Egypt has allegedly been redirecting internet users to crypto mining sites, or displaying ads to secretly gain money, according to a report published by security researchers at the University of Toronto on Friday. According to the report titled, “Bad Traffic: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users …

Cryptomining versus cryptojacking – what’s the difference? (Naked Security) When cryptomining is done on the sly, it turns into cryptojacking – a crime that has become a serious global problem. Here’s what to do…

Cryptomining malware a genuine threat to organizations, NTT Security says (Security Brief) There are more than 12,000 Monero mining malware samples 66% of which were submitted between November and December 2017.

Cavalry riding to the rescue of DDOS-deluged memcached users (Register) Attacks tapering, as experts argue over 'kill switch'

How Creative DDOS Attacks Still Slip Past Defenses (WIRED) While some major distributed-denial-of-service attacks have been thwarted this month, the threat remains as critical as ever.

DDoS explained: How distributed denial of service attacks are evolving (CSO Online) A distributed denial of service (DDoS) attack is when attackers attempt to make it impossible for a service to be delivered, typically by drowning a system with requests for data. They have been part of the criminal toolbox for twenty years, and are only growing more prevalent and stronger.

Taiwan hit hard by ransomware (Taipei Times) Taiwan was one of the countries worst hit by ransomware attacks last year, falling victim to millions of attacks, according to Trend Micro Inc’s (趨勢科技) annual security roundup.

Sophisticated Cyberspies Target Middle East, Africa via Routers (SecurityWeek) Slingshot is a sophisticated cyber espionage campaign that targets entities in the Middle East and Africa via routers, and the group behind the operation apparently speaks English

Potent malware that hid for six years spread through routers (Ars Technica) Nation-sponsored Slingshot is one of the most advanced attack platforms ever.

State Spy Programs, espionage & Monero mining - fingers point at Sandvine (HackRead) Sandvine Products and Technology Used by Egypt, Turkey, and Syrian Governments to Install Spyware and Monero Mining.

Bad traffic: New Citizen Lab report finds Sandvine’s PacketLogic devices used to deploy government spyware in Turkey and redirect Egyptian users to affiliate ads (University of Toronto News) A new report by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs outlines an investigation into the apparent use of networking equipment, offere

CCleaner compromise: keylogger may have been present (iTWire) Czech security company Avast says it has found evidence of ShadowPad, a specialised tool used by a specific group of cyber criminals, installed on fou...

4 Misconceptions About SQL Injection Vulnerabilities (Hacker Noon) SQL injection continues to be one of the biggest security risks that we face as developers and database professionals.

Somebody's watching! When cameras are more than just 'smart' (Securelist) The researchers at Kaspersky Lab ICS CERT decided to check the popular smart camera to see how well protected it is against cyber abuses. This model has a rich feature list, compares favorably to regular webcams and can be used as a baby monitor, a component in a home security system or as part of a monitoring system.

Autonomous AI Phone Botnets Not A Near-Term Threat: Avast (AndroidHeadlines.com) Fully autonomous botnets comprised of AI-enabled smartphones equipped with neural processing units aren't a realistic threat in the immediate future, Avast

Thousands of gas stations online are open for hackers to hit (CNET) Researchers from Kaspersky Lab have found software vulnerabilities that give them online access more than 1,000 gas stations around the world.

Ransomware for robots is the next big security nightmare (ZDNet) Researchers found they were able to infect robots with ransomware; in the real world, such attacks could be highly damaging to businesses if robotic security isn't addressed.

Password manager maker Keeper hit by another security snafu (ZDNet) The exposed server contained the company's downloadable software -- including a code-signing certificate.

U.S. More Vulnerable To Weaponized Cyberattacks Than You Think (Fast Company) Experts on a panel at SXSW warn major hacking onslaughts of our infrastructure, personal data, and businesses are coming—and we’re not ready.

Security Patches, Mitigations, and Software Updates

March Patch Tuesday forecast: In like a lamb, out like a lion (Help Net Security) The March Patch Tuesday forecast promises a lot of work since we are expecting many releases. Will we see this in March's Patch Tuesday? Let's take a look.

Cisco Patches Hard-coded Password in PCP Software (SecurityWeek) Cisco has released software updates to address a hard-coded password vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software.

Verizon rolls out Android 8.0 Oreo to LG V30 whereas LG G6 gets February security patch (The Droid Guru) LG, one of the smartphone manufacturers, that has been having tough times in the smartphone industry recently same as the other Android manufacturers released the latest smartphones in the LG G series and the LG V series last year. These smartphones were named as the LG G6 and the LG V30 respectively. Now, it is …

PlayerUnknown's Battlegrounds Rolls Back Anti-Cheat Patch (WWG) The new anti-cheat patch that was recently deployed for PlayerUnknown’s Battlegrounds has now [...]

Cyber Trends

Platform power is crushing the web, warns Berners-Lee (TechCrunch) On the 29th birthday of the world wide web, its inventor, Sir Tim Berners-Lee, has sounded a fresh warning about threats to the web as a force for good,..

Merlin International & Ponemon Institute Cybersecurity Study Signals Dangerous Diagnosis for Healthcare Industry (BusinessWire) Merlin International, in partnership with the Ponemon Institute, released the results of its healthcare cybersecurity study.

IoT attacks, ransomware, and steganography? Fortinet looks at the latest cybercrime trends (Security Brief) Fortinet says that stenography as an attack vector hasn’t had too much visibility in the last several years but it could be the start of a resurgence.

Marketplace

Deception Technology Market Innovation including key players Javelin Networks, Allure Security Technology (Industry Today) The in-depth information by segments of Deception Technology market helps monitor future profitability & to make critical decisions for growth.

The CEO behind the firm tipped to be the UK's next unicorn (City A.M.) In the heart of London, in the middle of the Strand, the office of Darktrace sits almost like a fortress; a sea of calm in the chaos and uncertainty

BioCatch closes $30M round for its ‘behavioral biometrics’ tech for banks and other transaction businesses (TechCrunch) BioCatch, the U.S./Israeli startup that has developed “behavioural biometric authentication and threat detection” tech to enable banks and other high..

Is Zscaler's IPO Overvalued? (Seeking Alpha) We will use a comparable multiples method to get an intrinsic valuation of Zscaler. We believe that the IPO is being sold at a very expensive price, as competit

CyberArk Acquires Cloud Security Provider Vaultive (Infosecurity Magazine) Deal will see CyberArk advance privileged account security for the cloud

McAfee acquires TunnelBear VPN Company (Gizbot) McAfee acquires TunnelBear VPN Company. TunnelBear added that Well also continue to collect the minimum amount of data possible to operate our service and document everything in our privacy policy.

Peter Thiel’s data company Palantir will develop a new intelligence platform for the US Army (The Verge) The platform, built in conjunction with Raytheon, will replace the Army’s aging Distributed Common Ground System

The Army turns to a former legal opponent to fix its intel analysis system (Defense News) The U.S. Army has selected both Raytheon and Palantir to build new intelligence analysis capabilities that could be worth up to nearly a billion dollars in an attempt to save the Distributed Common Ground System-Army.

Products, Services, and Solutions

U.S. Department of Defense Validates ForeScout for IoT Security (NASDAQ.com) SAN JOSE, Calif., March 12, 2018-- ForeScout Technologies, Inc., a leading Internet of Things security company, today announced that the U.S..

Microsoft Australia prepares cyber-awareness micro-credential (ARN) Microsoft Australia has partnered with the University of Adelaide and the Defence Teaming Centre to pilot and launch a cyber-awareness micro-credential.

Technologies, Techniques, and Standards

Ransomware is a growing threat, but there are things you can do to protect your firm (ABA Journal) Ransomware is a growing, $1 billion-a-year industry—and one that has already proven to be devastating to other multibillion-dollar industries around the world.

Thwart Cyber Attackers by Inverting Your Strategy (LookingGlass Cyber Solutions Inc.) When it comes to your organization’s cybersecurity, there is no “one size fits all” solution. In the face of today’s dynamic threats – bad actors constantly find new and innovative ways to circumvent existing security apparatuses – many organizations are struggling to get ahead of an attack. Yes, the more you know –, March 7, 2018

Latvian mobile operator invites cyber attackers to have a go (CSO Online) Security researchers wanting to test the kind of malware that could break public networks now have a place to do so in safety.

Checked Your Credit Since the Equifax Hack? (KrebsOnSecurity) A recent consumer survey suggests that half of all Americans still haven’t checked their credit report since the Equifax breach last year exposed the Social Security numbers, dates of birth, addresses and other personal information on nearly 150 million people. If you’re in that fifty percent, please make an effort to remedy that soon.

Design and Innovation

When should humans step aside and let AI make decisions? (C4ISRNET) The Navy's unmanned expert says autonomous systems are the future. But questions remain about what exactly that future will look like.

Progress Slows On Once-Hot Ethereum Privacy Projects (CoinDesk) The promise of private ethereum smart contracts remains undiminished, though a conference this week showcased that challenges that persisting today.

4 Things That Made Blockchain The Most Disruptive Tech In Decades (Inc42 Media) Blockchain, the revolutionary technology behind Bitcoin, has been slow to receive the fame it deserves. Hailed as one of the most disruptive technologies in decades, blockchain technology is at the heart of the shift from centralised server-based internet system to a cryptographic transparent network.

Quantum Blockchain: How Physicists Will Stage a Cryptoworld IT Revolution (Sputnik) The mastermind of the first ever quantum blockchain, Alexei Fyodorov, has detailed who might be interested in such a blend of IT innovations, as well as how quantum technology will drastically change the whole digital world.

Research and Development

Google thinks it’s close to “quantum supremacy.” Here’s what that really means. (MIT Technology Review) It’s not the number of qubits; it’s what you do with them that counts.

Academia

Thales and Indian Institute of Technology Madras sign Memorandum of Understanding (India Education Diary) Thales and the Indian Institute of Technology Madras (IIT Madras) today signed a Memorandum of Understanding (MoU) to create a jointly supervised PhD fellowship programme in coordination with CNRS. Thales and IIT Madras look forward to strengthening Indo-French scientific collaboration while contributing towards the development of highly specialised technical skills in India. The MoU …

With The Aim Of Supporting 10K Student Innovators By 2021, Gujarat University Launches Its Startup And Innovation Policy (Inc42 Media) Stepping forward in the startup ecosystem, Gujarat University recently launched its Startup and innovation policy. The launch event was attended by Union Commerce and Industry Minister Suresh Prabhu and Bhupendrasinh Chudasama, Minister of Education for Gujarat.

10 free online cybersecurity courses you should take (TechRadar) You've got nothing to lose except your data

Legislation, Policy and Regulation

Sergei Skripal: Theresa May set to hit back at Russia over spy attack (Times) Theresa May is on the verge of publicly blaming Russia for the attempted murder of Sergei and Yulia Skripal and ordering expulsions and sanctions against President Putin’s regime. An announcement...

Growing threat of cyber wars demands strengthening of our capabilities (Times of India Blog) Today cyber space occupies a crucial position in national security system. It is an interactive domain made up of digital networks that is used to store, analyse, modify and communicate information. Our dependence on cyber...

U.S. military ineffectively prepared to counter Russian cyber threats: NATO Europe commander (The Washington Times) The top U.S. general in Europe has become the latest high-ranking official to acknowledge weaknesses in the country’s ability to effectively counter Russian cyber threats.

Two votes against, three abstentions: Xi secures power in perpetuity (Asia Times) China's rubber-stamp parliament passes a constitutional amendment removing presidential term limits – thereby giving Xi Jinping almost total authority

Australia's Defence Department bans WeChat (Financial Review) The Department said it did allow limited use of Facebook.

How China Interferes in Australia (Foreign Affairs) Australia is pushing back against a campaign of political interference orchestrated by China.

Fear the great tech armoury of China (Times) If you’re reading this while commuting to the office this dank Monday, be grateful you’re not working for a “nine-nine-six” company. “Nine-nine-six”, I learnt at the Beijing smartphone maker Xiaomi...

India to set up special agency to battle cyber terrorists (DNA) India to set up special agency to battle cyber terrorists - The Internet has expanded rapidly at a global scale and has been the most powerful technological revolution known in the history of mankind.

5 things Trump could do to stop Russia’s meddling (The Columbian) Recently, the Pentagon’s cyberdefense commander was asked whether the government has done enough to protect the 2018 congressional election against Russian hacking. “We’re not where we need to be,” Ad

Susan Rice reportedly told the White House cyber team to 'knock it off' when they floated options to combat Russian meddling (Business Insider) Susan Rice did not want to "box in" then President Barack Obama if news of Russia's cyberattacks leaked.

Does the U.S. government need to protect American tech companies? (San Diego Union Tribune) A recent decision by the federal government's Committee on Foreign Investment in the United States to review the bid by Broadcom to take over Qualcomm highlights national security concerns about advancements in the tech sector.

IoT Product Safety: If It Appears Too Good to Be True, It Probably Is (Dark Reading) Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.

UK government delays erection of age-checks for p[0]rn sites (Computing) Concern over security and privacy of third-party age-verification for p[0]rn sites forces delay

Litigation, Investigation, and Enforcement

What now for UK and Russia after spy row? (BBC News) If Russian involvement is confirmed, will the UK take action and will Russia retaliate?

Sergei Skripal: ‘Forthwith’ gave MI6 telephone directory of Russian agents (Times) Sergei Skripal was a highly paid, highly valued MI6 spy codenamed “Forthwith” who provided important material to British intelligence over a ten-year period, including the entire telephone...

All of Russia’s enemies have lived in fear of the assassin (Times) After the death of Stalin, a letter was found under a newspaper in his desk drawer. Written in 1950, it was from Marshal Tito, the independent-minded Yugoslav communist leader who had consistently...

Tories break Theresa May’s vow to ban Russian donors (Times) Russian oligarchs and their associates have registered donations of more than £820,000 to the Conservative Party since Theresa May became prime minister, The Sunday Times can reveal. May promised...

Sauna security camera hacked; n[*]de videos of Dutch Women’s Handball Team leaked (HackRead) The stolen videos from hacked security cameras were leaked even when the system was removed from the sauna.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018 Middle East and Africa Forum (MEAF) provides you the information and tools to help secure payment data. They lead a global, cross industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent criminal attacks and breaches.

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

KNOW Identity Conference 2018 (Washington, DC, USA, March 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the world’s most influential organizations and smartest minds across industries to shape the future of identity.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.