The CyberWire Daily Briefing 3.28.18

Summary

By The CyberWire Staff

University researchers have found a new vulnerability affecting Intel chips. This one, called "BranchScope," involves a susceptibility to side-channel attacks. Intel has been working on the issue and thinks the bug probably amounts no big deal.

More diplomatic reprisal against Russia for what US Defense Secretary Mattis calls the "attempted murder" in Salisbury bring the number of countries taking action above twenty-five. Russia denounces the moves as "senseless" and "boorish," and promises a response of its own. The US expulsion of sixty Russian diplomats is the Americans' largest such punitive action, ever.

Thales is making a run to acquire Gemalto, and Gemalto's board is commending the deal to shareholders.

Canadian advertising and software development firm AggregateIQ has denied connections with Cambridge Analytica as well as involvement in the ongoing data scandal. But code found by UpGuard in an exposed AggregateIQ database suggests there may be some connection. In the code was a string, "Ripon," and a username "SCL" (the name of Cambridge Analytica's corporate parent). The findings are small and circumstantial, but also interesting in the light of Cambridge Analytica whistleblower Christopher Wylie's testimony in the UK that AggregateIQ was involved in US campaign operations.

Facebook puts its money where its mouth is with respect to its view that the data scandal is essentially an app scandal. It's offering researchers bug bounties for finding and reporting apps that collect and misuse data.

Members of Parliament affect shock at Facebook CEO Zuckerberg's refusal to testify before Westminister's inquiry into fake news.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, Ireland, Luxembourg, Moldova, NATO/OTAN, Qatar, Russia, Saudi Arabia, United Kingdom, United States

Struggling with your DLP? It's time to rethink your data loss prevention strategy.

Traditional data loss prevention tools aren’t cutting it anymore. Why? They are high-maintenance and require endless fine-tuning. They often miss insider threats. They stymie communication between security and other departments. And they slow down endpoints, leading to crashes and failures that drive users crazy. Learn from ObserveIT why DLP tools aren’t getting the job done in 2018 and how you can stop data loss in its tracks. Read Now.

On the Podcast

In today's podcast, we speak with our partners at Virginia Tech's Hume Center, as Charles Clancy discusses the security of analogue devices in cyber-physical systems. Our guest is Liv Rowley from Flashpoint, who takes us through Dark Web refund fraud.

Sponsored Events

Register for the Women in Tech Social on April 5 from 5:00-7:30pm in Howard County, MD. (Woodstock, Maryland, USA, April 5, 2018) Women working in or pursuing a technology/cybersecurity career in Maryland: join us for delicious food and drink as you connect with other fabulous women in tech. This friendly and casual gathering promises to be fun for one and all!

XM Cyber is coming to RSA (San Francisco, California, United States, April 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Academics Discover New CPU Side-Channel Attack Named BranchScope (BleepingComputer) A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users' CPUs.

Intel CPUs Vulnerable to New 'BranchScope' Attack (SecurityWeek) Researchers have discovered a new side-channel attack method called "BranchScope" that can be launched against devices with Intel processors.

New vulnerability in Intel CPUs uncovered by security researchers (Computing) New branch prediction processor attack found affecting computer CPUs

Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX (Register) Been there, mitigated that, got the class actions, says Chipzilla

Canadian Firm Linked to Cambridge Analytica Exposed Source Code (SecurityWeek) Canadian advertising and software development firm AggregateIQ denies ties to controversial Cambridge Analytica, but leaked source code suggests otherwise

AggregateIQ accused of using purloined Facebook data to target US voters (Computing) AgreggateIQ is latest company to be drawn into Facebook/Cambridge Analytica scandal

New "ThreadKit" Office Exploit Builder Emerges (SecurityWeek) A newly discovered Microsoft Office document exploit builder kit called ThreadKit has been used for the distribution of a variety of malicious payloads.

CSRA hit by job recruiting scam (Baltimore Business Journal) Scammers posing as CSRA Inc. executives and board members have been conducting fake interviews with job candidates in hopes of getting their banking information and other personal credentials.

Tax-themed email campaigns steal credentials and spread banking Trojans, RATs, and ransomware (Proofpoint) In 2018, Proofpoint researchers have observed another strong season for tax-themed email lures, and the payloads of these campaigns are representative of broader malware trends and highlight notable differences compared to last year.

In-Browser Cryptojacking Is Getting Harder to Detect (BleepingComputer) Cryptojacking actors find new ways to evade detection by antivirus solutions, ad blockers, and dedicated browser extensions.

Coin Miner Reports Outrank Ransomware by Two Orders of Magnitude, According to Bitdefender Telemetry (Security Boulevard) Bitdefender telemetry revealed that from September 2017 until February 2018, ransomware reports have followed a descending curve, while coin miner reports have increased by 130 percent by January 2018.

Mayor of Atlanta Holds Press Conference on Cyber Attack (WSB Radio) Atlanta Mayor Keisha Lance-Bottoms and other city leaders held a news conference at City Hall Monday afternoon updating the public on the hacking issue which persists at City Hall.

Atlanta employees now allowed to turn on computers after cyber attack (WSBTV) City of Atlanta workers are using their computers for the first time Tuesday following last week's ransomware attack.

Officials: Atlanta beginning to recover from cyberattack (MDJOnline.com) The city of Atlanta is making progress as it recovers from last week’s cyberattack in which one or more hackers installed ransomware on the city’s computer system.

A Cyberattack Hobbles Atlanta, and Security Experts Shudder (New York Times) Atlanta’s city government has been struggling for days with ransomware that has crippled its computer networks and forced it back to doing business with ink and paper.

Statistics Say Don't Pay the Ransom; but Cleanup and Recovery Remains Costly (SecurityWeek) A survey of 500 security and risk professionals found that fifty-three percent of U.S companies infected by ransomware in 2017 blamed legacy AV for failing to detect the ransomware.

Baltimore 911 dispatch system hacked, investigation underway, officials confirm (Baltimore Sune) Baltimore’s 911 dispatch system was hacked by an unknown actor or actors over the weekend, prompting a temporary shutdown of automated dispatching and an ongoing investigation into the breach, Mayor Catherine Pugh’s office confirmed to The Baltimore Sun on Tuesday.

This security firm found rogue crypto mining infecting 1,000 customers (MIT Technology Review) Darktrace’s AI tools found one crypto side business operating under the floorboards of a bank’s data center.

Security Patches, Mitigations, and Software Updates

Microsoft's Windows 7 Meltdown fixes from January, February made PCs MORE INSECURE (Register) You'll want to install the March update. Like right now – if you can avoid broken networking

Facebook Wants Security Researchers to Hunt Down Apps That Misuse User Data (BleepingComputer) In the wake of the Cambridge Analytica data misuse scandal, Facebook has announced important changes to its app platform, along with improvements to its official bug bounty program that will incentivize and reward security researchers for hunting down third-party Facebook apps that misuse user data.

Cyber Trends

What the Internet of Things means for consumer privacy (Economist Intelligence Unit) What the Internet of Things means for consumer privacy discusses the findings of an Economist Intelligence Unit (EIU) research programme, sponsored by ForgeRock, that explores the privacy concerns and priorities of global consumers stemming from the Internet of Things (IoT) and related technologies.

iPass Mobile Security Report: Half of Organizations Suspect Their Mobile Workers Have Been Hacked in the Last 12 Months (iPass) Cafés see highest number of Wi-Fi related incidents

The Top Vulnerabilities Exploited by Cybercriminals (SecurityWeek) Cybercriminals are shifting their focus from Adobe to Microsoft consumer products, and are now concentrating more on targeted attacks than on web-based exploit kits.

Analysis of 560 incidents demonstrates need for cyber resilience (Help Net Security) Many entities face the same types of security incidents – some are viewed as handling the incident well, and for some it’s a disruptive and costly lesson. The ones that fare better have prepared for an incident and use lessons-learned from prior incidents.

You can't hide from this top trend at RSA Conference, no matter where you operate (Help Net Security) While the speakers have yet to take the podium, based on the sessions announced, one can expect GDPR-related conversations to permeate the walls of the Moscone Center in San Francisco and venture into boardrooms and C-Suite offices alike across the world.

Most top UK firms fail to disclose cyber risk testing details (ComputerWeekly) Most of the largest UK companies do not reveal their testing of cyber protection plans and do not share security updates with the board regularly, a Deloitte report reveals.

Arab Countries Facing The Highest Number Of Cyber Attacks (Forbes Middle East) Saudi Arabia faces the highest number of cyber attacks in the Arab region

Marketplace

3 Top NASDAQ Cybersecurity Stocks Year-to-Date (Investing News Network) As Q1 2018 nears its end, here's a look back at the top performing cybersecurity stocks on the NASDAQ year-to-date.

Raytheon's big bet in government services is on itself. Don't expect a major M&A play. (Washington Business Journal) Raytheon Co. hasn’t followed the lead of other big defense companies and sold off its $6.2 billion government services business. Does it want to double down on the space a la General Dynamics?

Thales Launches Its Offer on All Gemalto Shares (BusinessWire) Regulatory News: With the publication of the Offer Document today and with reference to the joint press release dated 17 December 2017, Thales (Eurone

Eurobites: Proximus Snaps Up Managed Security Specialist (Light Reading) Also in today's EMEA regional roundup: Deutsche Telekom goes large on FTTH; Hrvatski Telekom gets symmetrical in Croatia; Facebook faces European flak.

Products, Services, and Solutions

Verizon Risk Report Transforms Security Decision Making (GlobeNewswire News Room) Risk assessment framework enables better security decisions based on unparalleled cyber-threat data

RSA® to Resell RiskLens’ Flagship Application as RSA Archer Cyber Risk Quantification® (GlobeNewswire News Room) RiskLens, the leading provider of cyber risk quantification solutions, today announced that the company’s Cyber Risk Quantification (CRQ) application will be re-sold as the RSA Archer Cyber Risk Quantification® solution.

McAfee Enhances Product Portfolio, Unveils New Security Operations Centers (SecurityWeek) McAfee unveiled a new version of the Enterprise Security Manager (ESM 11), and enhancements to its Behavioral Analytics, Investigator, Advanced Threat Defense, and Active Response products.

Aporeto Launches First Comprehensive Microservices Security Solution (Aporeto) Aporeto Enterprise 2.0 Introduces Application Identity to Make Security Infrastructure Agnostic Aporeto, a Zero Trust security solution for microservices, containers and the cloud, today announced the release of Aporeto Enterprise 2.0

WISeKey and Japanese Toppan Printing Team Up to Securely Connect Inert Objects to the Internet (IoT Business News) WISeKey's VaultIC NFC security module combined with Toppan's smart tag technology provides objects with secure data processing capability for authentication and customer engagement. WISeKey and Toppan Printing Co., today announced that they are collaborating to provide

Technologies, Techniques, and Standards

VirusBay Aims To Make Malware Analysis More Social (BleepingComputer) For those looking to learn about and share malware samples, a site called VirusBay may be what you are looking for. VirusBay's goal is to make malware analysis more social by providing a place for researchers to upload samples, request samples, and discuss them with other researchers.

Accountants can help companies meet SEC demand for cybersecurity disclosures (Accounting Today) CPAs can provide attest services to make sure businesses are taking steps to mitigate tech risks.

Parallax Primer: How to dodge a spear-phishing attack (The Parallax) Spear phishing differs from its more prevalent counterpart, phishing, in that it casts a smaller, more targeted net. Its tactics are also much more sophisticated.

Using deception to gain enterprise IoT attack visibility (Help Net Security) IoT devices make easy targets for automated scanning to develop large botnets when default access remains unchanged or open vulnerabilities exist.

The malicious uses of AI: Why it's urgent to prepare now (TechRepublic) In an extensive report, 26 experts offer artificial intelligence security analysis and tips on forecasting, prevention, and mitigation. They note the AI-security nexus also has positive applications.

Closer to the fight: Inside the Corps’ plan to deploy tech experts alongside grunts (Marine Corps Times) Being close to the fight isn’t just for grunts anymore.

Why The Army's New Palantir Contract Won’t Fix Battlefield Intelligence (Task & Purpose) The change in battlefield intelligence systems brought by Palantir presents the military intelligence community a great opportunity to modernize

Design and Innovation

Microsoft’s neo-N[*]zi s[*]xbot was a great lesson for makers of AI assistants (MIT Technology Review) Yandex’s head of machine intelligence says Microsoft’s Tay showed how important it is to fix AI problems fast.

Why Does Data Exfiltration Remain an Almost Unsolvable Challenge? (SecurityWeek) Enterprises must embrace AI technologies that evolve with our organizations, strengthen its defenses over time, and identify data exfiltration tactics before our sensitive information is long past the network perimeter.

Once you understand the blockchain, you wonder why no one thought of it before (Dezeen) The blockchain may not be pretty, but it is a design classic

Research and Development

DARPA to use artificial intelligence to help commanders in ‘gray zone’ conflicts (Military Times) The Defense Advanced Research Projects Agency has launched a new program aimed at gauging what the adversary is up to during 'gray-zone' conflicts.

Academia

Booz Allen Forms Partnership for Cyber Education Effort in Saudi Arabia (GovCon Wire) Booz Allen Hamilton (NYSE: BAH) has entered into a partnership w

College of Southern Idaho board endorses bachelor's degree proposal (Twin Falls Times-News) College of Southern Idaho trustees endorsed a proposal Monday to offer two bachelor’s degrees — possibly starting in fall 2019.

Registration Opens Today for U.S. Cyber Challenge's Annual Cyber Quests Competition (US Cyber Challenge) U.S. Cyber Challenge (USCC) opened registration today for the 2018 Cyber Quests online competition. The annual Cyber Quests competition determines who qualifies for the

Legislation, Policy and Regulation

Russia warns government over ‘senseless’ diplomat expulsion (Times) Leo Varadkar has defended the government’s decision to expel a Russian diplomat, saying that it was done “in solidarity” with the UK. The Russian ambassador in Dublin said that the decision was...

Britain shared ‘unprecedented’ intelligence over spy attack (Times of Israel) NATO, Belgium join 25 other countries and expel Russian intelligence agents amid growing response to killing of ex-spy

Nato slashes Russia staff after poisoning (BBC News) It joins more than 20 countries that have made the same move after a nerve agent attack in the UK.

NATO joins wave of Russian diplomat expulsions (Military Times) NATO on Tuesday joined a wave of countries and groups expelling Russian diplomats over the nerve-agent attack on a former spy in Britain. Russia denounced the actions as “boorish” and pledged to retaliate.

These are the countries expelling Russian diplomats (CNN) More than 20 countries are expelling Russian diplomats over the poisoning of a Russian ex-spy in the UK.

Mattis: Poisoning in Britain is 'attempted murder' by Russia (Military Times) The poisoning in Britain of a former Russian spy and his daughter amounts to “attempted murder” by the Russian government and furthers a pattern of Russian efforts to divide the U.S.-led Western alliance, Defense Secretary Jim Mattis said Tuesday.

Why this round of expulsions may bring US, Russia to breaking point (The Christian Science Monitor) The expulsion of 60 Russian diplomats from the US and the anticipated retaliation in kind from Moscow is expected to fuel hostile narratives and heighten public suspicions, leaving dwindling channels of communication. Allegations of espionage seem likely to lengthen the rupture.

Has a New Cold War Really Begun? (Foreign Affairs) Contemporary politics is full of false analogies, and the return of the Cold War seems to be one of them.

Fewer Russian spies in U.S. but getting harder to track (Reuters) The U.S. decision to expel 60 alleged spies is unlikely to cripple Russian spying in the United States because others have wormed and hacked their way into American companies, schools, and even the government, current and former U.S. officials said.

Kicking Out Russian Spies May Give US Intel Black Eye (The Cipher Brief) "We need to find better ways to push back against specifically Vladimir Putin."

Is counter-attack justified against a state-sponsored cyber attack? It's a legal grey area (The Conversation) The international community should set bright line rules on appropriate responses to cyber attacks before an expansive reading of the “self-defense” clause triggers war.

To Learn How to Protect America From Digital Threats, Look to Europe (Defense One) European nations are charting the way, adopting whole-of-society methods for dealing with this new challenge.

China hackers ordered to report software holes to spy agency (Financial Times) Beijing looks to tighten grip over internet, data and technolog

Regulator aims to shield US telecoms networks from cyberespionage (South China Morning Post) Ajit Pai, the chairman of the Federal Communications Commission, has proposed new rules to bar use of funds from a government programme on companies that pose ‘a national security threat’ to US telecoms networks

U.S. Government to Carriers: You Want Federal Funds? Better Ditch Huawei. (Entrepreneur) FCC chairman Ajit Pai is proposing eliminating government subsidies for U.S. telecom carriers that buy from suppliers that could pose a national security risk.

In U.S. Brawl With Huawei, Rural Cable Firms Are an Unlikely Loser (Wall Street Journal) A brawl between the U.S. government and Huawei is putting America’s rural internet providers in a bind. Many of them rely on Chinese telecom equipment, which faces potential new restrictions from the FCC and Congress.

Homeland Security Chief Warns Adversaries Against Election Meddling (New York Times) In a closed-door meeting, Kirstjen Nielsen, the homeland security chief, also vowed retaliation against nations that interfere in the midterm elections this year.

Litigation, Investigation, and Enforcement

Zuckerberg's refusal to testify before UK MPs 'absolutely astonishing' (the Guardian) Chair of committee investigating fake news urges Facebook head to ‘think again if he has any care for users’

DOJ moves to dismiss Kaspersky lawsuit against congressional ban (TheHill) The Department of Justice is pushing back on Kaspersky Lab’s lawsuit claiming that Congress acted unlawfully in its decision to ban products from the Russian-based global cybersecurity firm.

FTC Confirms It's Investigating Facebook For Possible Privacy Violations (NPR) The agency will look at whether the social network violated a 2011 consent decree when users' data was revealed to political strategists.

FBI has unit solely devoted to its 'going dark' problem (Cyberscoop) The FBI has formed a unit to specifically address law enforcement's efforts to bypass encryption on various internet-connected devices.

IG finds communications failures in FBI handling of San Bernardino shooter’s phone (Federal Times) The Inspector General report found that although the FBI director was truthful in his 2016 testimonies that the FBI was incapable of unlocking the phone, lack of communication meant that some avenues to do so were not pursued.

€1 Billion Stolen From Banks Worldwide and Laundered via Cryptocurrency (Finance Magnates) Europol arrests the leader of the criminal gang responsible.

Trump fundraiser sues Qatar over hacked emails (Reuters) Elliott Broidy, a top Republican fundraiser, sued Qatar on Monday, accusing the Gulf state of pilfering and leaking emails in retribution for his attempts to influence the Trump administration in favor of regional rivals of Qatar.

Singapore's data breach fines are the most brutal in Asia (Singapore Business Review) It enforces fines of up to $1m for non-compliance with data protection rules.

Ex-Goldman Sachs Coder Asks Appeals Court to Toss Theft Conviction (New York Law Journal) Hearing an appeal by a former Goldman Sachs computer engineer convicted of stealing code from the bank New York Court of Appeals judges Tuesday questioned defendant Sergey Aleynikov’s assertion that he did not make a tangible copy of the code because he had saved it on a hard drive.

Hynes Agrees to $40K Fine for Political Use of City Email as Brooklyn DA (New York Law Journal) Former Brooklyn District Attorney Charles “Joe” Hynes has agreed to pay a $40000 fine for improper use of his official email account during his failed 2013 run for a seventh term in office.

Corporate Cybersecurity: What Are Your Legal and Ethical Obligations? (TG Daily) While personal cybersecurity is important, corporate cybersecurity, as we’ve seen over the last two years, is doubly so. With breaches occurring too often, and personal information leaked, it’s now more vital than ever that a company secure its clients’ information and uphold ethical and legal standards of information security.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

National Cyber League Spring Season (Chevy Chase, Maryland, USA, March 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, April 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

5th Annual Cybersecurity Summit (McLean, Virginia, USA, April 24, 2018) Join the Potomac Officers Club for the Fifth Annual Cybersecurity Summit to hear from public and private sector leaders on how federal agencies can improve their respective data security measures.

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to tackle today's threats, as well as arm them with the knowledge, tools and expertise to protect their organizations and advance their careers. Registered attendees will be immersed in two days of insightful, strategic cybersecurity knowledge.

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for kinetic cyber attack. Be part of defining solutions and illuminate risks aimed at critical national Infrastructure. Hack NYC is about sharing big ideas on how we will fortify our daily life and economic vitality. The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.