The CyberWire Daily Briefing 3.22.18

Summary

By The CyberWire Staff

Kaspersky Lab's description of "Slingshot" malware is said, by anonymous US officials, to have burned a long-running Joint Special Operations Command (JSOC) operation against the Islamic State and Al Qaeda. JSOC is thought to have abandoned the intelligence-collection effort.

German authorities join other governments in requesting explanations from Facebook over the Cambridge Analytica data use scandal in which the company is embroiled.

Yesterday Facebook founder and CEO Mark Zuckerberg broke his public silence on the affair, but most observers think this was too little and too late, and a good lesson in how not to respond to the public about a very public incident. Reports to the contrary, Zuckerberg did indeed (on CNN) say he was sorry the whole thing had happened, and promised to do better with customer data. He framed the incident as being fundamentally about third-party apps, and it appears that Facebook's response will initially at least concentrate on reining those in.

Zuckerberg indicated his intent to testify before US Congressional panels investigating the company's data protection practices. So far, however, testimony has come from elsewhere in Facebook's leadership.

Shareholders are filing lawsuits against Facebook. The data handling incident has severely hit the company's value.

The Cambridge Analytica affair continues to prompt calls for more regulation of social media.

Fake news is seen by some as posing war risks as well as the chance of election manipulation.

Major US electronics retailer Best Buy, evidently responding to security concerns about the Chinese company, has stopped selling Huawei phones.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Afghanistan, Australia, China, Estonia, European Union, Finland, France, Germany, India, Indonesia, Iraq, Jordan, Kenya, Kuwait, Pakistan, Russia, Singapore, Somalia, Sudan, Taiwan, Tanzania, Turkey, United Kingdom, United States and Yemen

A note to our readers: the CyberWire is happy to have been selected as a finalist for the Maryland Cybersecurity Diversity Award (and the Cybersecurity Association of Maryland's People's Choice Award). You can find out more about the awards (and how to vote for us, if you'd like) here. Voting has been extended now that weather has postponed the event until March 27th.

Don’t be liable for your third party’s data breach

Third party risk has spiked in the past few years, and with new regulations – GDPR, NY Cyber Regulations, etc. – in place, organizations need to be as informed as possible to arm themselves against a third party breach. However, third party risk exists across a spectrum – and not all vendors require the same level of attention. Read more in our eBook to learn how to match your solution to your third party risk.

On the Podcast

In today's podcast we talk to our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan responds to a listener's inquiry about job hunting. Our guests are Chad Seaman, Senior Engineer, Security Intelligence Response Team, and Lisa Beegle, Senior Manager, Security Intelligence, both of Akamai, describing the record-setting DDoS attack they recently experienced and helped mitigate.

Sponsored Events

CYBERTACOS San Francisco (San Francisco, California, United States, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

XM Cyber is coming to RSA (San Francisco, California, United States, April 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Selected Reading

Dateline

Common risks, common responses, and the ambivalence of innovation. (The CyberWire) The remarks of policy leaders who spoke at the third annual Billington CyberSecurity Summit, held March 21st, 2018, in Washington, DC, exhibited in both content and tone a striking agreement on the normalization of cyberspace, more evidence of the domain's having become a regular part of government and industry planning and operations.

Cyber security essential to Singapore's survival: CSA chief David Koh (The Straits Times) As a gateway to South-east Asia and the larger Asia-Pacific region, Singapore is a small but highly connected nation-state, and cyber security is essential to the Republic’s continued prosperity and survival, Cyber Security Agency chief David Koh said on Wednesday (March 21). . Read more at straitstimes.com.

CSA chief David Koh recognised for contributions to Singapore's cybersecurity prowess (Security Brief) “It shows that Singapore’s cybersecurity efforts have not gone unnoticed. I look forward to growing and strengthening the cyberspace together."

Cyber Attacks, Threats, and Vulnerabilities

Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation (Cyberscoop) CyberScoop has learned that Kaspersky's 'Slingshot' is an active, U.S.-led counterterrorism cyber-espionage operation used to target ISIS and Al-Qaeda.

US officials: Kaspersky “Slingshot” report burned anti-terror operation (Ars Technica) Joint Special Operations Command ran campaign against ISIS, Al Qaeda for at least 6 years.

Report unveils Muslim Cyber Army’s modus, purpose (The Jakarta Post) While recent arrests of alleged Muslim Cyber Army (MCA) members has shed light on the group’s network and online operations, several questions remain: what is this organization and how does it operate?

Fake news will lead to cyber war (SecurityInfoWatch.com) To put it bluntly, fake news is a form of cyber attack and will only grow significantly in 2018 and beyond

The next major DDoS battleground: DNSSEC a 'significant new risk' (Security Brief) "Improperly configured DNSSEC-enabled nameservers may be a new plague for unprepared teams," comments Nexusguard's chief technology officer.

Bitcoin’s blockchain tainted with links to child abuse imagery (Naked Security) Are there legal landmines engraved into the Bitcoin blockchain?

TrickBot Banking Trojan Gets Screenlocker Component (BleepingComputer) The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware's operators might soon start holding victims for ransom if infected targets don't appear to be e-banking users.

Digital Defense, Inc. Issues Disclosure of Zero-Day Vulnerabilities Identified in ManageEngine Products (Benzinga) Digital Defense, Inc. Vulnerability Research Team uncovers six previously undisclosed vulnerabilities affecting three ManageEngine products.

Can you buy chemical weapons on the dark web? (Sky News) Drugs, guns and stolen financial information are all available on criminal sites - so what about nerve agents?

Why the military needs to take 3-D printer cybersecurity seriously (Fifth Domain) If a 3-D printer is hacked or infected with a virus, it could be programmed to add imperfections to weapons or vehicles, imperfections that could have dangerous consequences.

Security Patches, Mitigations, and Software Updates

Introducing new ways to protect and control your GCP services and data (Google Cloud Platform Blog) They say security is a process, not a destination, and that cert...

Cyber Trends

ISTR 23: Insights into the Cyber Security Threat Landscape (Symantec) Coin mining, ransomware, targeted attacks, mobile security, and attacks leveraging the software supply chain. These are just some of the topics that made headlines in infosec in 2017 and which are covered in ISTR 23, your comprehensive guide to the cyber security threat landscape...

Excessive alerts, outdated metrics, lead to over-taxed security operations centers (Help Net Security) A report from Dr. Chenxi Wang finds that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers.

Global WAN survey highlights the importance of network simplification (Help Net Security) Cato Networks, provider of the global SD-WAN as a service Cato Cloud, released the findings of its enterprise WAN market study. The report, “State of WAN 2018: Too Complex to Ignore,” predicts SD-WAN will grow 200% year-over-year. At the same time, the additional abstraction layer that is SD-WAN and its impact on the

True data scientists don't exist, says EE's head of data and insight (Computing) Analysts are either good with data or good at storytelling, but very rarely both says Richard Tate

Supo: Cyber and traditional espionage more common than before in Finland (Helsinki Times) The Finnish Security Intelligence Service (Supo) says it detected a number of state-backed cyber espionage campaigns in Finland in 2017.

Marketplace

Worldwide IoT security spending to reach $1.5 billion in 2018 (Help Net Security) To protect against those threats Gartner forecasts that worldwide spending on IoT security will reach $1.5 billion in 2018, a 28 percent increase from 2017 spending of $1.2 billion.

Facebook picked mid-level staffers to face angry US lawmakers over Cambridge Analytica (Quartz) Meanwhile, Mark Zuckerberg and Sheryl Sandberg have been silent.

Facebook "made mistakes": Mark Zuckerberg speaks out on massive data breach (CRN Australia) 50 million Facebook users' data allegedly accessed by Cambridge Analytica.

Advertisers threaten to quit Facebook over Cambridge Analytica scandal (Times) Advertisers threatened to abandon Facebook last night as Mark Zuckerberg apologised for mistakes it made over the Cambridge Analytica scandal. Mr Zuckerberg, co-founder and chief executive of the...

Scoop: In blow to Huawei, Best Buy will stop selling its smartphones (CNET) The Chinese company, the world's third-largest smartphone maker, is already shut out of US carriers.

No, Trump killing Qualcomm takeover won’t stall tech M&A (Washington Examiner) The scuttled tech deal was a special case, and could actually encourage more deals

Tenable hires Morgan Stanley to prepare for IPO-sources (Reuters) Cybersecurity software maker Tenable Network Security Inc has hired investment bank Morgan Stanley to lead an initial public offering (IPO) that could come as early as this fall, according to people familiar with the matter.

NTS founders return with new security VAR (CRN) Jonathan Lassman and Phillip Dick form new security partner four years after selling NTS to Capita

AT&T Won Secret $3.3 Billion NSA Contract Despite More Expensive Bid (Nextgov.com) Legal documents shed light on one of NSA's most important tech contracts.

Saudi Cyber Security and Programming Federation Signs MoU with Booz Allen Hamilton (الشرق الأوسط) The Saudi Cyber Security and Programming Federation signed on Wednesday a Memorandum of Understanding (MoU) with Booz Allen Hamilton company, in a move that aims to exchange knowledge, transfer technology and localize capabilities, reported the Saudi

RSA Conference Announces Finalists for 2018 Innovation Sandbox Contest (BusinessWire) RSA® Conference, the world’s leading information security conferences and expositions, today announces the 10 finalists for its annual RSAC Innovation

For Second Consecutive Year, DataTribe-Backed Startup Is Named Finalist in RSA Conference Innovation Sandbox Competition (PR Newswire) DataTribe --a cybersecurity and data science startup studio that invests...

Fortanix Selected as Finalist for 2018 RSA Conference Innovation Sandbox Contest (BusinessWIre) Fortanix® Inc., the leader in Runtime Encryption, today announced that it has been named one of 10 finalists for the 2018 RSA® Conference Innovation S

Averon Closes New Funding Round Bringing Raise to $13.3 Million (PR Newswire) Averon, developer of the world's first mobile identity verification...

US endpoint security vendor Ziften enters Australian market with Insentra partnership (CRN Australia) Company will be led by Greg Kieser.

Deloitte Hires Head of Intelligence Agency to Help Run Booming Cyber Business (Bloomberg.com) Europol Executive Director Rob Wainwright is leaving the EU intelligence agency he’s led for almost a decade to help run Deloitte LLP’s cybersecurity practice, as companies wake up to the growing “systemic” threat of cyber crime.

Colorado cybersecurity company CEO leaving, COO promoted to role (Denver Business Journal) Colorado cybersecurity company Coalfire named a new CEO on Wednesday and announced the departure of the executive who led the company since 2015.

Benchmark Executive Search Names New Members to its Cybersecurity & National Security Advisory Board (BusinessWire) Benchmark Executive Search Names New Members to its Cybersecurity & National Security Advisory Board

Products, Services, and Solutions

QuintessenceLabs qStream 100P PCIe card integrates high-entropy, quantum-based true random numbers to servers (GlobeNewswire News Room) Small form factor delivers full-entropy random numbers at 1Gb/s

Launching the Netflix Public Bug Bounty Program (Medium) Netflix’s goal is to deliver joy to our 117+ million members around the world, and it’s the security team’s job to keep our members, partners and employees secure.

Rivetz Partners with Enrich Media Group to Provide Advanced Security Capabilities (PR Newswire) Decentralized mobile security solutions provider Rivetz...

Qualys Integrates with Security Command Center for Google Cloud Platform (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of...

RedLock Announces Support for New Security Command Center for Google Cloud Platform, Helps Enterprises Mitigate Threats to Cloud Environment (BusinessWire) Cloud Threat Defense company, RedLock, announces technology integration with Cloud Security Command Center for Google Cloud Platform.

New CompTIA Network+ Certification Focuses on Key Concepts in Cloud Computing, Cybersecurity, Virtualization and More (PR Newswire) CompTIA, the leading provider of vendor-neutral,...

Bridging the Gap between the Centralized and Decentralized Worlds (DNotes Global) DNotes Global, Inc. today announced the release of the DNotes white paper, which provides a comprehensive examination of the digital currency’s purpose, objectives, and strategy.

Introducing Fortigis - The Ultimate AI-Driven Security Router for Protecting a User's Connected Home Network, Devices, Data and Privacy (PR Newswire) Fortigis Inc., today announced the launch of Fortigis, a cloud-enabled...

Technologies, Techniques, and Standards

Microsoft and OCP Friends Push Open Hardware Security Standard (SDxCentral) Microsoft and other Open Compute Project (OCP) members are working to implement Project Cerberus forward, the company's open hardware security initiative. A

8 security tools and tips for journalists (CSO Online) Journalists have a giant red target on their backs. How can we defend ourselves?

Facebook fallout: How to protect your data (Naked Security) Is it time to end your Facebook life? At the very least, it’s time to check Facebook privacy settings/audit apps/turn off API sharing.

7 Ways to Protect Against Cryptomining Attacks (Dark Reading) Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.

The Case for Integrating Physical Security & Cybersecurity (Dark Reading) Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.

Building Up Hospitals’ Immunity To Cyber Security Breaches (University of Cinncinati) As healthcare cyber attacks become more frequent, here’s how hospitals can build immunity for stronger cyber security.

US anti-terror training abroad includes K-9, cybersecurity (Defense News) A U.S. State Department program is helping countries with anti-terrorism efforts through K-9 and police training, cybersecurity, call centers, drones, and surveillance.

Research and Development

Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory (Science Direct) A solution for trusted detection of unknown ransomware in VMs is proposed.

The US Military Is Making Lasers That Create Voices out of Thin Air (Defense One) Within three years, the Pentagon's non-lethal weapons lab hopes to have a direct energy weapon that can produce an effect like a haunted walkie-talkie or the biblical burning bush.

IBM thinks its 1mm² computer could lead to smart everything (Computing) The salt-grain-sized chip could support AI programs on just about any device

Physicists Reveal Material for High-Speed Quantum Internet (Research & Development) Industry giants, such as Google, IBM, and Microsoft, and leading international research centers and universities are involved in the global effort to build a quantum computer.

Academia

The cyber warriors (The Hindu) IIS trains students in cyber security systems through practical exercises

Legislation, Policy and Regulation

Jean-Claude Juncker faces criticism for ‘nauseating’ letter to Vladimir Putin (Times) Jean-Claude Juncker threatened to scupper British efforts to establish a Europe-wide alliance against Russia yesterday by congratulating Vladimir Putin and urging closer ties. Mr Juncker, president...

Russia attacks ‘poisoned’ Boris Johnson over comparison with Hitler (Times) Russia claimed that Boris Johnson was “poisoned with hate and boorishness” last night after he compared President Putin hosting the World Cup to Adolf Hitler staging the Olympics. The foreign...

Facebook Just Blocked This Cambridge Analytica Affiliate. Why Does It Still Have a State Department Contract? (Defense One) Strategic Communications Laboratories worked with Cambridge Analytica, which reportedly used social-media data to target likely Trump voters.

Facebook's trust crisis: Has it harmed democracy? (Help Net Security) Barraged by accusations of spreading divisive fake news and amid new allegations that it handed over personal information on up to 50 million users without their consent, Facebook is losing the faith of the Americans people.

Social media’s wild west needs to be tamed (Times) ‘There never was a king or emperor upon the earth, so cheered and followed by crowds.” Thus wrote Charles Dickens describing his reception in Boston, Massachusetts, in 1842. Yet while the author...

Inability to audit U.S. elections a 'national security concern':... (Reuters) Not having a verifiable way to audit election results in some states represents a "national security concern," the Trump administration's homeland security chief said on Wednesday, looking ahead to U.S. midterm elections in November.

Election security: Most state election officials lack clearance to learn of cyber threats (USA TODAY) Only 21 of 150 top state election officials have the security clearance to receive classified information, homeland security officials said.

Not all state election officials want the DHS' help. (CNET) Despite reports of widespread hacking efforts, only 19 states have asked Homeland Security for assistance.

Storm coming from Beijing despite calm: Taiwan spy chief (Asia Times) Taiwan’s top security official has warned that a more bellicose Beijing under “Emperor” Xi might attempt a pre-emptive strike on the island

White House will announce tariffs cracking down on Chinese theft of intellectual property (CNBC) The White House plans to announce tariffs Thursday as President Donald Trump aims to punish China for intellectual property theft.

Pakistan Is Feeling US Pressure. Now What? (The Cipher Brief) We are now witnessing the latter stages of an opening bid in a coercive negotiation with Pakistan. Washington made its move—what happens next?

New bill would prepare US for artificial intelligence threat (Defense News) Warning artificial intelligence will revolutionize warfare, a key House lawmaker has opened the pod bay doors to legislation aimed at preparing for the threat posed by intelligent machines.

Senators to colleges: Reveal foreign agents on campus (Washington Examiner) American universities need to reveal “the malign influence of foreign propaganda” on campus, according to a trio of Republican lawmakers.

GOP senator blocking Trump's Intel nominee (TheHill) Sen. Chuck Grassley (R-Iowa) is blocking President Trump's pick to be the intelligence community's top lawyer.

Litigation, Investigation, and Enforcement

Investors sue Facebook as data harvesting row grows (Times) Investors are suing Facebook, claiming that the company made “false and misleading statements” about its policies that failed to prevent a disgraced British firm obtaining the data of 50 million...

Germany summons Facebook over user data safety concerns: report (Reuters) Germany's justice minister Katarina Barley has asked Facebook to clarify whether the personal data of the social media site's 30 million users in the country were protected from unlawful use by third parties, according to a report in the Funke group of German regional newspapers.

Zuckerberg says he’s ‘happy’ to testify before Congress (POLITICO) In a TV interview about Cambridge Analytica, the Facebook CEO also says his company is open to ad regulation.

Mark Zuckerberg has regrets: 'I'm really sorry that this happened' (CNNMoney) "I'm really sorry that this happened," the Facebook CEO told CNN's Laurie Segall in an exclusive interview on Wednesday.

Mark Zuckerberg finally speaks out on Cambridge Analytica, forgets to apologize (Quartz) "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you."

Whistleblower Sandy Parakilas says Facebook knew risks but failed to act (Times) The Facebook leak to Cambridge Analytica was “worse than a data breach” because the company failed to safeguard users even after it understood the risks, a whistleblower said. Sandy Parakilas, 38...

Former French President Nicolas Sarkozy: 'I am accused without physical evidence' (CNN) The former French President is being questioned by police over allegations he accepted money from Libya to finance his 2007 election campaign.

Bomb hoax sent to 400 schools blamed on warring Minecraft gamers (Naked Security) The kids were just collateral damage: the real target was to discredit gaming server VeltPvP in an ongoing gamer spat.

Radio Hacker Who Interrupted Police Chase Gets 21 Months in Prison (BleepingComputer) Australian authorities have tracked down, arrested, charged, and sentenced a man who hacked a police radio system and interrupted a police chase at the end of August 2017.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 22, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Women in CyberSecurity 2018 (Chicago, Illinois, USA, March 23 - 24, 2018) Through the WiCyS community and activities we expect to raise awareness about the importance and nature of cybersecurity career. We hope to generate interest among students to consider cybersecurity as a viable and promising career option.

Northeast Regional Security Education Symposium (Jersey City, New Jersey, USA, March 23, 2018) The Professional Security Studies Department at New Jersey City University (NJCU) will hold its Northeast Regional Security Education Symposium on Friday, March 23, 2018, from 8 am to 2 pm. The symposium will feature discussions about national, corporate and cybersecurity implications related to the public and private sectors. This year’s symposium will take place at the NJCU School of Business’ Skyline Room, 147 Harborside Financial Center in Jersey City, NJ, with stunning views of Manhattan across the Hudson River. The event will feature a dark web overview, national security and media coverage, careers in security, and risk assessment and security.

KNOW Identity Conference 2018 (Washington, DC, USA, March 26 - 28, 2018) The premier global event for the identity industry, the KNOW Identity Conference is the nexus for identity innovation, offering a uniquely differentiated, powerful, and immersive event that convenes the world’s most influential organizations and smartest minds across industries to shape the future of identity.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.