The CyberWire Daily Briefing 3.16.18

Summary

By The CyberWire Staff

Researchers fear a second, deadlier round of attacks with the Triton/Trisis ICS malware used against Saudi petrochemical targets late last summer.

Iran shows continued activity in spearphishing targets in Asia and the Middle East. The threat group Temp.Zagros, more often known as MuddyWater (no connection with the similarly named hedge investment firm), has stepped up its distribution of malicious Word documents. Palo Alto Networks, FireEye, and Trend Micro are all tracking the group.

CTS Labs, discoverers of vulnerabilities in AMD chipsets that may or may not be serious, defends its controversial disclosure, but admit they might have done a better job getting independent verification of their research. They don't address the other concern observers have raised: short-sellers at Viceroy Research Group received a copy of the vulnerability research. They released a report on AMD the same day CTS Labs issued its findings, and in that report predicted that AMD's value would essentially go to zero.

NATO has placed itself firmly behind the UK in its nerve agent dispute with Russia. TASS is authorized to state that "sources" tell it NATO's Article 5 won't be invoked, presumably because the chemical attack was too small and too ambiguous.

The US Administration also issued sanctions yesterday in reprisal for both NotPetya and 2016 election meddling.

Yesterday FBI and Department of Homeland Security analysis resulted in US-CERT issuing a Joint Technical Alert warning of Russian government intrusion into US Government and energy sector networks. The campaign is said to involve preparation for ICS attacks.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, France, Germany, Iran, Latvia, NATO/OTAN, Russia, Saudi Arabia, United Kingdom, and United States.

A note to our readers: the CyberWire is happy to have been chosen as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here.

Intelligent response to doing more with less

Phishing, ransomware, and data breaches plague organizations of all sizes and industries, but the financial services market has always had the largest target on its back. How do you fend off these attacks when you don’t have the budget or resources for everything you need to protect your organization: data feeds, tools, analysis and mitigation? Learn more in our webinar on Wednesday, March 21 @ 2pm ET. Sign up now!

On the Podcast

In today's podcast we speak with our partners at the SANS Institute, as Johannes Ullrich (also of the SANS Stormcast) explains credential stuffing. Our guest is Rico Chandra from Arktis, and he discusses securing radiation detectors.

Sponsored Events

Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) Billington International Cybersecurity Summit, March 21, Washington, D.C. Cybersecurity leaders from Asia, Europe, the Middle and U.S. on global threats and best practices, including Acting DoD CIO and Singapore Cyber Commissioner-designate. Sponsor Opportunities: Sandy Nuwar at 443-994-9832

The Startup Journey: From Public Service to Successful Entrepreneurship (Fulton, Maryland, USA, March 22, 2018) At this DataTribe Meetup, Will Grannis, Managing Director Google CTO Office, will discuss his professional experiences spanning across entrepreneurship, public service, and Silicon Valley. Free food & beverages will be provided.

Cyber Security Summits: Denver on March 22 & May 15 in Dallas (Denver, Colorado, USA, March 22, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. (NYTimes) Petrochemical companies were hit by a series of cyberassaults last year. The worst of them, against a widely used safety system, could have set off an explosion.

Pro-establishment Iranian hackers gaining prominence in the Persian Gulf (SC Magazine) The rising capabilities of Iranian hackers came to the fore in 2017 when hacker groups like Helix Kitten, Charming Kitten, and Volatile Kitten launched several crippling cyber-attacks on Saudi Arabian entities.

Iran-Linked Group 'TEMP.Zagros' Updates Tactics, Techniques In Latest Campaign (Threatpost) An Iran-linked group is linked to a massive spear phishing campaign that sends malicious Word Docs to victims in Asia and the Middle East.

Apple Bans Iran from the App Store (BleepingComputer) Iranian users have not been able to access Apple's App Store all day today, in what appears to be a ban put in place by the US company.

DHS warns of new Russia hacks as US sanctions Russia over election interference (Ars Technica) DHS alert warns of Russian government malware targeting critical infrastructure.

Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors (US-CERT) Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

If the US and Russia had a cyberwar, Russia would win: Cybersecurity CEO (CNBC) A top cybersecurity CEO tells Jim Cramer that if a cyber war broke out between the U.S. and Russia, then Russia would win.

Chinese Hackers Hit U.S. Firms Linked to South China Sea Dispute (Bloomberg) Chinese hackers have launched a wave of attacks on mainly U.S. engineering and defense companies linked to the disputed South China Sea, the cybersecurity firm FireEye Inc. said.

Chinese Crooks Assembling Massive Botnet of Nearly 5 Million Android Devices (BleepingComputer) A Chinese malware operation is currently building a massive botnet of nearly 5 million Android smartphones using a strain of malware named RottenSys.

The hacker, hacked: national criminals attack Russian banks (Financial Times) The country is now keen to change the idea that it is a cyber crime paradise

CTS Labs Provides Clarifications on AMD Chip Flaws (SecurityWeek) As a result of massive backlash from the industry, CTS Labs has provided some clarifications about the AMD processor vulnerabilities and its disclosure method

Malware attack on 400k PCs caused by backdoored BitTorrent app (Ars Technica) Once the stuff of spy novels, supply chain attacks are becoming common.

PSA: Beware of Windows PowerShell Credential Request Prompts (BleepingComputer) A new PowerShell script was posted on Github recently that prompts a victim to enter their login credentials, checks if they are correct, and then sends the credentials to a remote server. This allows an attacker to distribute the script and harvest domain login credentials from their victims.

Hackers Can Abuse Text Editors for Privilege Escalation (SecurityWeek) Researchers analyzed several text editors and found that many of them can be exploited for privilege escalation. Affected vendors not planning on releasing patches

Walmart Jewelry Partner Exposes Data of Millions of Customers (HackRead) Unsecured Amazon S3 Bucket Claims Another Victim - This Time, Private Data of 1.3 Million Limogés Jewelry Customers Have Been Exposed.

Hacking SAP CRM: 2 vulnerabilities in SAP NetWeaver AS Java (ERPScan) SAP NetWeaver AS Java is a widely used platform that supports numerous SAP applications. One of these applications is SAP CRM. A security issue in default component may lead to mass hacking of thousands of companies and millions of dollars losses.

DDoS Amplification Attacks Skyrocketed in Q4, Revealed by Nexusguard Research (BusinessWire) DDoS attacks using domain name server (DNS) amplification increased more than 357 percent in the fourth quarter of 2017, according to Nexusguard.

4 answers you need to know about the dawn of 1Tbps DDoS attacks (CIO Dive) Historically smaller DDoS attacks were not able to harness the same kind of bandwidth accessible to memcached servers seen in the recent attacks.

Hackers have self-driving cars in their headlights (Financial Times) Greater connectivity gives criminals more access

What To Do If Your 'Fortnite' Account Was Hacked, And How To Avoid It In The First Place (Forbes) Recently, numerous Fortnite players have reported that their accounts have been hacked.

Cellebrite competitor GrayKey raises security concerns with iPhone unlocking device (SC Media US) A product made by Cellebrite competitor GrayKey is raising security concerns over a standalone device capable of unlocking iPhones.

Potential PHI Exposure at BJC HealthCare Impacts 33K (HealthITSecurity) Recent potential healthcare data breaches include PHI exposure from a data server error, a stolen laptop, and a likely phishing scam.

Scam Of The Week: Phishing Madness! (KnowBe4) Beware of March Madness, criminal hackers are at it again, after Valentine's Day their phishing agenda has moved to the next topic.

Security Patches, Mitigations, and Software Updates

Intel Shares Details on New CPUs With Spectre, Meltdown Protections (SecurityWeek) Microcode patches for Spectre are available for all Intel CPUs launched in the past five years. The company provided more details on future processors that will include protections against these types of attacks

Cyber Trends

Microsoft Publishes Bi-annual Security Intelligence Report (SIR) (SecurityWeek) Microsoft has published its 23rd bi-annual Security Intelligence Report, which draws on data analysis of Microsoft's global estate since February 2017.

“Truly frightening” IoT security should motivate CSOs to reconsider their endpoint strategies (CSO) More than a few Israeli security researchers are reconsidering their personal purchase of home security cameras, baby monitors, doorbells and thermostats after a hackathon revealed “truly frightening” security vulnerabilities ...

Hackers learn to hurdle two-factor authentication (Financial Times) Biometrics, apps and machine learning are adding layers of security

70% of firms would fail a privileged account management audit (Security Brief) Firms believe privileged account management is important for security - but why are they still doing it wrong?

The Latest Strains of Attacks on the Pharmaceutical and Healthcare Sector (SecurityWeek) Security teams need visibility outside the organization and across the widest range of data sources possible to mitigate digital risk and better protect the organization.

Marketplace

'Panama Papers' Law Firm Shuts Down Operations (SecurityWeek) Mossack Fonseca, the law firm at the heart of the "Panama Papers" will shut down operations, citing negative press and what it called unwarranted action by authorities.

Palo Alto Networks picks up Evident.io for $300M cash (Silicon Valley Business Journal) Santa Clara-based network security company Palo Alto Networks is buying Pleasanton-based Evident.io for $300 million in cash, both companies said Wednesday.

Critical Start to Buy Advanced Threat Analytics (Dark Reading) Firms previously had teamed up in SOC services.

The red-hot AI hardware space gets even hotter with $56M for a startup called SambaNova Systems (TechCrunch) Another massive financing round for an AI chip company is coming in today, this time for SambaNova Systems …

Automox Inc. closes on $2M for its automated cyber protection (BizWest) Jay Prassl, chief executive of Boulder-based tech firm Automox Inc., is looking to make cybersecurity less reactive and more proactive, by focusing less on the detection of hacks and more on protecting your system from them.

CACI, ManTech Win Spots on $17.5B DISA Encore III IT Services IDIQ; Ken Asbury, Daniel Keefe Comment (GovCon Wire) CACI International (NYSE: CACI) and ManTech International (Nasdaq: MANT) have secured positions on a

Most Connected Devices Are Easy to Hack. This Company Says It Can Fix That (Bloomberg) SecureRF wants to make all that “smart” stuff less dumb.

Cisco, Symantec Takeover Buzz Sends This Cyber Stock Soaring (Investor's Business Daily) FireEye popped on Thursday amid speculation the rebounding cybersecurity company could be acquired by Cisco Systems or Symantec.

Private equity finds profit in lucrative cyber businesses (Financial Times) ‘Buy-and-build’ can bring strong returns, but results are hard to replicate

Products, Services, and Solutions

Limelight Networks Helps Companies Defend against Cyber Threats with New Bot Management Solution (BusinessWire) Limelight Networks, Inc. today announced a new Advanced Bot Manager option for its Limelight Application Firewall Solution.

NH-ISAC and Anomali Join Forces to Accelerate Cyber Threat Detection and Sharing for Healthcare Industry (BusinessWire) Anomali, the leading provider of threat management and collaboration solutions, announced today a strategic partnership with the National Health Infor

enSilo's Endpoint Security Platform First To Add Orchestration Features, Delivering Custom Response Actions to Fight Hidden Breaches (PR Newswire) enSilo, the company that protects endpoints pre- and post-infection to...

Intelisecure Partners with Digital Guardian, Netskope to Meet Surge in Demand for Managed Critical Data Protection (NASDAQ.com) Partnerships Enable InteliSecure to Combine Two Unique Capabilities: World-Class Data Loss Prevention and Cloud Security Access, Forming a Powerful.

Certified in the Governance of Enterprise IT - IT Certification - CGEIT (ISACA) CGEIT certification is designed for IT professionals who manage, provide advisory and assurance services and who support the governance of an enterprise’s IT.

Trustonic Secures Mobile Banking OTP Authentication in Korea (Trustonic) Korea’s centralised One Time Password (OTP) authentication service provider, KFTC, has launched an OTP service with KDB Bank and made it available nationally to make consumers’ lives simple.

Coalfire Labs R&D Team Releases Icebreaker Tool (PR Newswire) Coalfire, a trusted provider of cybersecurity advisory services,...

Australian email security vendor MailGuard to launch blockchain-based cybersecurity solution GlobalGuard (CRN Australia) Will combine Mailguard experience with a neural network.

Google Reviews Over 50 Billion Android Apps Daily (SecurityWeek) Google's Play Protect uses machine learning to help detect mobile malware and protect users from Potentially Harmful Apps (PHAs).

Dobler Consulting Becomes Member of MSP Alliance (AB Newswire) Dobler Consulting joins vibrant global consortium of cloud, managed service providers and technology enabling vendors.

Keeper Launches Secure Chat Platform (Mobile ID World) Keeper Security, the company behind the Keeper password manager app, has announced a new secure communications platform called KeeperChat.

Technologies, Techniques, and Standards

NIST Cybersecurity Framework Getting a Facelift, Looking to Make Adoption Easier (Security Boulevard) One of the biggest obstacles to securing the nation's critical infrastructure components, as well as to securing enterprise environments, is poor coordination...

Pwn2Own: Microsoft Edge and Apple Safari fall on day 1 (CSO Online) On day one of Pwn2Own, Microsoft Edge and Apple Safari were pwned, and the hack of Oracle VirtualBox was a partial success.

Ransomware Resilience: Detect and Respond (Infosecurity Magazine) When ransomware tore through businesses last year, questions were raised about how companies could react to such attacks and be able to better detect and respond in the future.

Online Ads vs. Security: An Invisible War (Dark Reading) Why visiting one website is like visiting 50, and how you can fight back against malvertisers.

Expert Roundup: The Impact of Software Monocultures on Security Across Organizations (Heimdal Security Blog) We asked cybersecurity experts about the impact of software monocultures on security and their answers provided great insights. They talked about the risks of using it in the organizations and why a multi-vendor approach is a better option.

Rush to the Cloud Risks Security Breaches (Infosecurity Magazine) Over half of cybersecurity professionals are reporting misalignment between them and the rest of the business when it comes to the cloud and security issues, according to new research by Palo Alto Networks.

Research and Development

The Last Barrier To Ultra-Miniaturized Electronics Is Broken, Thanks To A New Type Of Inductor (Forbes) In the race for ever-improving technology, there are two related technical capabilities that drive our world forward: speed and size.

IARPA: Encryption-busting quantum computers coming in near future (FederalNewsRadio.com) The head of IARPA, the intelligence community's advanced research agency, is looking at new encryption standards that can withstand future breakthroughs in quantum computing.

Washington waking up to threats of AI with new task force (TechCrunch) Elon Musk has been one of the few Silicon Valley luminaries to place intense attention on the potential dangers of AI, raising a billion dollars with Y Combinator’s Sam Altman to found OpenAI . Musk has continued the drumbeat on AI’s dangers, telling a crowd at SXSW this week that “A.I. is far more…

Academia

Imperial students to take on Inter-ACE cyber security challenge (Imperial News) Students from Imperial will be taking on competitors from 17 of the UK’s other leading universities in a two-day cyber security competition.

Northrop Grumman Foundation Congratulates Top 28 Teams Advancing to CyberPatriot National Finals Competition this April in Baltimore (Northrop Grumman Newsroom) The Northrop Grumman Foundation, presenting sponsor for the Air Force Association’s (AFA) CyberPatriot X competition, is proud to congratulate the top 25 high school and three middle school teams advancing to the...

Niwot High girls’ cybersecurity teams excel at national challenge (Left Hand Valley Courier) There’s an old saying that “To catch a thief, you have to think like one.” For five intense days, two teams of Niwot High School (NHS) girls rewired their thought

Higher ed particularly at risk of email phishing attacks, report finds (EdScoop) Eighty-eight percent of colleges and universities fail to protect students, faculty, alumni, staff, according to marketing and analytics company 250ok.

Legislation, Policy and Regulation

NATO leaders unite in blaming Russia for nerve agent attack on ex-spy (Ars Technica) Novichok, a type of nerve agent developed by Soviets, identified as weapon in attack.

NATO won’t invoke Article 5 on collective defense over UK claims against Russia — source (TASS) A source says NATO sees no reasons for using Article Five of the collective defense treaty after London’s charges against Moscow in connection with the poisoning of former GRU Colonel Sergey Skripal

West calls on Russia to explain nerve toxin attack on former double... (Reuters) Britain, the United States, Germany and France jointly called on Russia on Thursday to explain a military-grade nerve toxin attack in England on a former Russian double agent, which they said threatened Western security.

U.S. issues broad Russian sanctions citing NotPetya attack and Internet Research Agency meddling (TechCrunch) In a surprisingly robust reprimand for the Trump administration, the U.S. Treasury Department issued a set of sanctions Thursday citing interference in the 2016 election as part of a broader pattern of hostile actions undertaken by the Russian government against U.S. interests. The sanctions follow…

New White House Sanctions Finally Take Russia's Online Chaos Seriously (WIRED) From election meddling to NotPetya to grid hacking, Russia's digital provocations are no longer being ignored.

Sasse, McCain urge US to prompt NATO response to Russia (Beatrice Daily Sun) Sens. Ben Sasse and John McCain on Thursday urged the United States to join with its NATO allies in "a coordinated response to Russia's shadow operations," including its latest apparent

More countries are learning from Russia’s cyber tactics (Financial Times) Nation states look to be growing more aggressive in their capabilities to disrupt

Analysis | Most lawyers don’t understand cryptography. So why do they dominate tech policy debates? (Washington Post) Lawyers are overconfident while computer scientists are introverted — but computer scientists know what they are talking about.

Senators to grill Trump's pick for NSA chief on Russia, privacy (Reuters) U.S. senators will grill President Donald Trump's pick to lead the National Security Agency on the government's surveillance reach and a range of cyber security issues on Thursday, when he faces his second confirmation hearing to lead the electronic spy agency.

Espionage bill still threatens many despite defences for media, Law Council says (the Guardian) Dealing with or publishing protected information could lead to 20-year prison sentence

Litigation, Investigation, and Enforcement

As U.S. indicts foreign hackers, American cyber spies fear arrests in tit-for-tat action (McClatchy) As U.S. becomes a ‘punching bag’ for foreign hackers, prosecutors increasingly move to file criminal charges against state-run hackers abroad. But U.S. cyber warriors worry that they may face retaliation, too, possibly ending up in a foreign jail cell.

Can AMD Vulnerabilities Be Used to Game the Stock Market? (Motherboard) A shady financial firm tried to bury and short sell AMD based on several security vulnerabilities discovered by CTS Labs. But the tactic appears to have failed.

AMD – The Obituary (Viceroy Research Group) Viceroy analyze CTS Labs’ report exposing fatal security vulnerabilities across AMD products

SEC cyber unit eyes initial coin offerings with suspicion (Financial Times) As corporate fundraising evolves, investors need greater protection

Anti-anti-virus service provider tied to huge hacks cops plea (Naked Security) Jurijs Martisevs pled guilty to running a clearinghouse for criminal developers to see if anti-virus programs would detect their malware.

Statement of Facts: United States of America v. Jurijs Martisevs (United States District Court for the Eastern District of Virginia (via Register Media)) The United States and the defendant, JURIJS MARTISEVS ("MARTISEVS"), agree that the following facts are true and correct, and that had this matter proceeded to trial, the United States would have proven them beyond a reasonable doubt with admissible and credible evidence.

Intelligent to a Fault: When AI Screws Up, You Might Still Be to Blame (Scientific American) Interactions between people and artificially intelligent machines pose tricky questions about liability and accountability, according to a legal expert

New Orleans ends its Palantir predictive policing program (The Verge) The partnership ran for six years without public knowledge

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

upcoming Events

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges associated with cyber crisis and conflict. Part interactive learning experience and part competitive scenario exercise, it challenges teams to respond to a realistic, evolving cyberattack and analyze the threat it poses to national, international, and private sector interests.

Infosecurity Magazine Spring Virtual Conference (Online, March 21, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

3rd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 21, 2018) With confirmed speakers from Estonia, Romania, Singapore, Sweden, the United States, and Kuwait, and with attendees from many more countries, this summit brings together world-class cybersecurity thought leaders to engage in high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and live profile interviews, all fully produced and moderated by the Infosecurity Magazine editorial team. Each day event looks into the biggest industry issues and trends creating an immersive education program featuring a large selection of high calibre speakers and specialists in their field.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

KNOW Identity Conference 2018 (Washington, DC, USA, March 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the world’s most influential organizations and smartest minds across industries to shape the future of identity.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Triton to return? A different kind of responsible disclosure? MuddyWater roiling? NATO supports UK. US sanctions Russia.