The CyberWire Daily Briefing 3.29.18

Summary

By The CyberWire Staff

Ecuador has cut off WikiLeaks' founder Julian Assange's Internet access, saying he violated a written promise not to do things that would damage Ecuador's international relations while he enjoyed asylum in their London embassy. They yanked Assange's connection because of his recent tweeting in Russia's interest and against Britain's in the ongoing matter of the Salisbury nerve agent attacks.

Russia has promised to retaliate in response to the more than twenty-five countries who have taken diplomatic measures to protest the Salisbury assassination attempts, but hasn't so far done so. Kremlin representatives say they reserve the right to do so at "some appropriate time."

The retaliation that most concerns Western countries, particularly the UK and the US, is the prospect of Russia executing a cyberattack against electrical power grids that's been long under preparation.

WannaCry has resurfaced, infecting a Boeing 777 assembly line in South Carolina yesterday. Boeing says the infection's been contained, was minor, and didn't interrupt production.

A new keylogger, which Cybereason calls "Fauxpersky" because of the code's rather lame attempt to impersonate a Kaspersky splash screen, is circulating in the wild. Built on AutoHotKey, the malware is, according to Cybereason researchers, unsophisticated but efficient, with a large appetite for data and not much stealth.

Facebook pushes some new privacy tools, policies, and settings, to mixed reviews and some gloating by Apple, which reminds everyone that if you're not paying for the product, you are the product.

A European police sweep takes up alleged members of a phishing gang.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, Ecuador, Japan, NATO/OTAN, Russia, Switzerland, Turkey, United Kingdom, and United States.

Struggling with your DLP? It's time to rethink your data loss prevention strategy.

Traditional data loss prevention tools aren’t cutting it anymore. Why? They are high-maintenance and require endless fine-tuning. They often miss insider threats. They stymie communication between security and other departments. And they slow down endpoints, leading to crashes and failures that drive users crazy. Learn from ObserveIT why DLP tools aren’t getting the job done in 2018 and how you can stop data loss in its tracks. Read Now.

On the Podcast

In today's podcast we hear from our partners at Webroot. First-time security conference goer? First timer at RSA? Webroot's David Dufour has advice for you. And our guest, Deral Heiland from Rapid7, provides us with an overview of smart sensors.

Sponsored Events

Register for the Women in Tech Social on April 5 from 5:00-7:30pm in Howard County, MD. (Woodstock, Maryland, USA, Apr 5, 2018) Women working in or pursuing a technology/cybersecurity career in Maryland: join us for delicious food and drink as you connect with other fabulous women in tech. This friendly and casual gathering promises to be fun for one and all!

XM Cyber is coming to RSA (San Francisco, California, United States, Apr 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Ecuador cuts off Julian Assange's internet access at London embassy (the Guardian) Government accuses WikiLeaks founder of putting international ties at risk by failing to abide by deal not to interfere in other countries

The Infiltration of U.S. Control Systems (Automation World) CERT Alert TA18-074A removed any doubts that hostile nation states are actively targeting U.S. industrial control systems.

Here Are The Clever Means Russia Used To Hack The Energy Industry (Forbes) Last July, officials from the Federal Bureau of Investigation and the Department of Homeland Security revealed that Russian hackers were behind cyber intrusions into the U.S. energy power grid.

Boeing hit by WannaCry virus, but says attack caused little damage (The Seattle Times) Though news of the attack by the WannaCry virus triggered widespread alarm within Boeing and among airline customers during the day Wednesday, by evening the company was calling for calm.

Mysterious 'MuslimCrypt' App Helps Jihadists Send Covert Messages (WIRED) The unfortunately named MuslimCrypt uses steganography to pass discreet messages through images online.

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives (Cybereason) Cybereason researchers discovered a credstealer written with AutoHotKey that masquerades as Kaspersky Antivirus and spreads through infected USB drives. We’ve named it Fauxpersky.

ChessMaster Adds Updated Tools to Its Arsenal (TrendLabs Security Intelligence Blog) In this blog post, we analyze ChessMaster's current status, including the updated tools in its arsenal — with a particular focus on the evolution of ANEL and how it is used in the campaign.

Hajime Botnet Makes a Comeback With Massive Scan for MikroTik Routers (BleepingComputer) If you've been following the infosec Twitter community for the last few days, you couldn't ignore the constant talk about the massive scans currently taking place online, carried out by a Hajime IoT botnet looking to mass-infect unpatched MikroTik devices.

3-month old flaw in iPhone camera app takes users to phishing sites (HackRead) The bug in iPhone camera app’s QR code scanning system takes users to phishing sites that can result in malware and credentials stealing attacks.

HiddenMiner Android Monero Mining Malware Cause Device Failure (HackRead) This time, the malware not only comes with Monero mining capabilities but its continuous mining process drains the targeted device.

University Networks Become Fertile Ground for Cryptomining (Dark Reading) Sixty percent of cryptomining detections in a Vectra study occurred on higher-education networks.

The Tesla Hack is a Serious Cryptojacking Warning (Infosecurity Magazine) The Tesla infection shows how cyber-criminals are continuing to develop more sophisticated techniques to target large organizations.

Enterprises wear large targets in cloud cryptomining hacks (SearchAWS) Cloud cryptomining attacks are on the rise. As cryptojackers target vulnerable permissions, learn what you need to do to protect cloud resources.

Yet another Apple password leak – how to avoid it (Naked Security) Passwords in plaintext – again! Here’s Apple’s latest macOS password bug – plus a handy workaround to deal with it.

Security flaws in gay dating app Grindr expose users’ location data (NBC News) The availability of users' location data, experts say, could lead to increased harassment — especially in places where homosexuality is criminalized.

Atlanta Ransomware Attack Shows Cities Not Prepared for Long-Term Security Breaches (Observer) Atlanta is being held hostage by hackers.

Commentary: Atlanta’s Cyber Attack Shows the New Security Risks the U.S. Needs to Address—and Fast (Fortune) Cyber hackers too often appear to be one step ahead of the rest of us.

Only 26% of US companies that paid ransomware attackers had files unlocked (TechRepublic) The average estimated business cost of a ransomware attack is more than $900,000, according to a SentinelOne report.

Omitting the “o” in .com Could Be Costly (KrebsOnSecurity) Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go.

Thousands of B[*]stiality Users Exposed in Hack (Motherboard) In a sign of just how hackers can obtain really sensitive data, image boards are circulating email addresses and other alleged account details on users...

Security Patches, Mitigations, and Software Updates

Cisco Patches Two Critical RCE Bugs in IOS XE Software (Threatpost) Cisco releases 22 patches as part of its semiannual Cisco IOS and IOS XE software security advisory.

Drupalgeddon: Critical Flaw Exposes Million Drupal Websites to Attacks (SecurityWeek) Drupal patches highly critical remote code execution vulnerability that allows hackers to easily hijack websites. Over one million sites affected and exploits could be created any minute

Microsoft Patches for Meltdown Introduced Severe Flaw: Researcher (SecurityWeek) The Meltdown patches released by Microsoft in January and February for Windows 7 and Windows Server 2008 introduced an even bigger vulnerability, researcher warns

Facebook Reveals the "Access Your Information" Data Tool and New Privacy Shortcuts (BleepingComputer) In its first step to try and restore confidence in its platform after the Cambridge Analytica fiasco, Facebook has unveiled more organized privacy settings and a new data management tool called "Access Your Information".

Facebook is cutting third-party data providers out of ad targeting to clean up its act (Recode) Facebook says it’s going to stop using data from third-party data providers like Experian and Acxiom.

Facebook is rushing out a new design for privacy settings (Quartz) Facebook hopes the new settings will make you less mad at it.

The Facebook Privacy Setting That Doesn’t Do Anything at All (WIRED) For years, Facebook has left a privacy setting on its site that addresses a problem that no longer exists.

Cyber Trends

2018 Attacker Behavior Industry Report (Vectra) The Attacker Behavior Industry Report provides a first-hand analysis of active and persistent attacker behaviors inside cloud, data center and enterprise environments.

Businesses suspect their mobile workers are being hacked (Help Net Security) Most organisations are concerned their growing mobile workforce presents an increasing number of mobile security challenges. Overall, 81% of respondents said they had seen Wi-Fi related security incidents in the last 12 months.

No Room For Cyber-Complacency (Information Security Buzz) No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims Over a quarter of businesses that have been hit by a Distributed Denial of Service (DDoS) attack don’t think they were the intended target, highlighting that businesses can’t afford to be complacent when it comes to today’s threat landscape. According to research from …

Compliance functions make a turn towards innovation-fueled strategies (Help Net Security) Accenture has conducted the Compliance Risk Study every year since 2013. Over that time, compliance functions have made a dramatic turn towards innovation-fueled strategies, as they seek to deliver the risk management outcomes required in an era of digital transformation.

Know Your Data: 2nd Annual GDPR Readiness Report Reveals That 60% of Organizations Are in the Dark (PRWeb) AvePoint, an industry leader in data protection solutions, and the Centre for Information Policy Leadership (CIPL), a global privacy and cybersecurity thi

Report: Macro-less Word Document Attacks on the Rise, Zero Day Malware Variants Jump 167 Percent (PR Newswire) WatchGuard® Technologies, a leader in advanced network security solutions,...

WatchGuard’s Threat Lab Analyzes the Latest Malware and Internet Attacks (WatchGuard) The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Their smart, practical security advice contained in the Internet Security Report will enable you to better protect your organization in the ever-changing threat landscape.

Cybersecurity Awareness Doesn’t Fuel Better Preparation: Report (Infosecurity Magazine) Businesses still lack the knowhow and resources to defend against data breaches

Cyberattacks Now #1 Threat To Swiss Banks (Information Security Buzz) It has been reported that cyber-attacks pose the biggest threat to the Swiss financial system with risks from hacking incursions on the rise, watchdog FINMA warned on Tuesday, calling on Switzerland to step up its national defences against the menace. FINMA said on the whole Swiss banks seemed aware of the risks and were well equipped…

Marketplace

Innovation in the Old Line State: the Maryland Cybersecurity Awards (The CyberWire) On Tuesday, March 27th, 2018, the Cybersecurity Association of Maryland met for its second annual awards celebration. Convening again at Baltimore's Visionary Art Museum at Federal Hill beside the Inner Harbor, Maryland Cybersecurity celebrated some of the state's leading innovators and practitioners in information security.

VMware buys E8 Security to bolster AI-assisted security tools (ZDNet) VMware plans to integrate E8's technology into its Workspace ONE platform.

Aella Data Emerges from Stealth Mode Ahead of RSA® Conference 2018, Unveils Industry’s First AI-Driven Pervasive Breach Detection System (BusinessWire) Aella Data, a leading innovator in AI-driven cybersecurity solutions, officially exits stealth mode today with the launch of Starlight™ Pervasive Brea

Investment firm ESW Acquires Business Unit from Mobile Forensics Company Cellebrite (CTECH) Israel-based Cellebrite, whose core clientele are law enforcement agencies, offloads a business unit that focuses on commercial customers

Israeli Surveillance Company Verint Considers an IPO for its Security Intelligence Division (CTECH) After a failed attempt to sell the division, Verint mulls an IPO of the sub-unit according to a market value of $800 million

Here's what a Tenable IPO could mean for Maryland's cyber market (Baltimore Business Journal) Analysts and investors hope a high-profile IPO by Tenable Inc. could provide a needed "shot in the arm" for Maryland's cyber industry.

Why's Symantec Stock Reacting Poorly? (Seeking Alpha) The market is currently not happy with Symantec's revenue miss and lowered forecast. Increasing competition and consolidation also have affected the stock. What

Here are 5 Atlanta Companies Making Money Moves with Blockchain (AtlantaInno) The words “blockchain” and “cryptocurrency” are hitting headlines left and right, and the country’s Southern FinTech hub has taken the moment to cash in on the trend.

Forcepoint hunts new breed of partner for human-centric security shift (CRN) Rise of user and entity-based behaviour analytics calls for partners that can sell to the C-suite, Forcepoint's Neil Lillywhite tells CRN

Tim Cook says Apple’s customers are not its product, unlike Facebook (Ars Technica) "The truth is, we could make a ton of money if we monetized our customer."

Apple's Position on Privacy Is Paying Off (Motherboard) Silicon Valley is reeling with algorithmic and privacy-related controversies. Meanwhile, Apple is laughing.

Corelight Welcomes Seasoned Security Executive to Lead Product Strategy (Globe Newswire) Brian Dye Joins from McAfee; Brings Years of Product Leadership to the Company’s Executive Bench

Mike Ruettgers Joins Virsec Board of Directors (GlobeNewswire News Room) Virsec, a cybersecurity company delivering a radically new approach to protect against advanced attacks, today announced that Mike Ruettgers has joined its Board of Directors.

Fortinet Australia promotes new channel chief to replace Genevieve White (CRN Australia) Replacing Genevieve White.

Equifax taps Mark Begor as CEO following cyber attack that exposed data for 148M consumers (USA TODAY) Mark Begor takes Equifax's top executive job as the embattled credit reporting giant faces class-action lawsuit and other fallout from the cyber breach disclosed last year.

Appointment of Chief Executive Officer (Regulatory News, RNS - London South East) The Board of Blancco Technology Group plc is delighted to announce that, following an extensive selection process, Matt Jones is joining the Company today as Chief Executive Officer and Board Director.

Crypto Expert Kathryn Haun Joins Board of HackerOne (Fortune) Bridging crypto and cybersecurity

Products, Services, and Solutions

STEALTHbits Strengthens Real-Time Threat Analytics and Alerting Platform with Enhancements to StealthDEFEND (GlobeNewswire News Room) Purpose-Built User Behavior Analytics (UBA) for Unstructured Data

Skybox Security and Jirasek Security Announce New Partnership to Support Deployment of the Skybox Security Suite (GlobeNewswire News Room) Jirasek delivers services wrapped around Skybox’s security management platform

Carbon Black Unveils Cb Integration Network, Delivering Stronger Cybersecurity via Open APIs (BusinessWire) Carbon Black, a leader in next-generation endpoint security, today unveiled the Carbon Black Integration Network (CbIN), a technology partner program

Yubico and Duo Security Accelerate Federal Cybersecurity Modernization and Smart Card Replacement (GlobeNewswire News Room) Revisions to federal cybersecurity requirements open door for transition to modern and more effective methods to secure government data

Pulse Secure NAC Integrates with Fortinet Security Fabric to Enrich Endpoint Intelligence and Automate Threat Response (GlobeNewswire News Room) Pulse Policy Secure (NAC) and Fortinet FortiGate (NGFW) interoperability enhances perimeter controls and reduces threat mitigation time for non-compliant and malicious devices

Endgame 2.6 Achieves Unprecedented Stopping Power with 99.5% Prevention Efficacy, 85% MITRE ATT&CK™ Coverage, First and Only Security Chatbot Interface (PR Newswire) Endgame, the leader in endpoint protection against targeted attacks,...

Unisys Leverages Cylance’s Advanced Endpoint Protection Solution (Security Boulevard) The new Unisys Advanced Endpoint Protection Solution incorporates Unisys consulting and managed security services as well as Cylance advanced threat prevention technology to leverage artificial intelligence and machine learning to prevent malware attacks on endpoints.

How SentinelOne Ensures Unparalleled Next-Gen Security Through Its Endpoint Protection Platform (Forbes) SentinelOne is a next-gen cybersecurity company focused on protecting the enterprise through the endpoint.

Verizon Talks Up Private Core as AT&T Launches FirstNet (Express Newsline) AT&T said FirstNet has gone live, timed to the one-year anniversary of the telco securing the contract for the public-private interactive broadband emergency communications network funded with FCC auction proceeds.

CensorNet Launches New Platform to Consolidate Sophisticated Protection against Web, Email and Cloud Application Threats (BusinessWire) CensorNet launches new platform to consolidate sophisticated protection against web, email and cloud application threats

Sports world adapts to growing cybersecurity threats (Sportsnet.ca) Imagine the fallout if the NHL was hacked and its star players -- think Sidney Crosby, Auston Matthews and Connor McDavid -- had their home addresses, phone numbers and other personal information made accessible online.

Technologies, Techniques, and Standards

There is no way to fix Facebook. So how do we protect ourselves from it? (NBC News) Last week’s Cambridge Analytica revelations have ignited a torrent of outrage at Facebook and the company’s data practices. Siva Vaidhyanathan, professor of media studies at the University of Virginia, weighs in on what he thinks the public’s next steps should be.

Should Listed Companies Provide More Cyber Risk Testing Info? (Computer Business Review) IBM Security’s GM emphasised an effective response to a cyber incident requires the training & rehearsal you'd get in a hospital preparing for emergencies.

Here’s What a Company’s Data Breach Game Plan Looks Like (Nextgov.com) Companies should know who to call in law enforcement and which data is most valuable before a breach occurs, the Chamber of Commerce says.

Risky Business: The Fifth Element (SecurityWeek) While security-as-a-service for functions like WAF and DDoS protection are well-established, they are just the beginning of a new industry that is emerging around consumption-based security models.

IT Modernization is a Road Trip - Don’t Forget to Pack Your Security (The Duo Security Bulletin) On the journey toward IT modernization, what kind of security technology can make agency life a lot easier as they move forward? Here's our recommendations to enable agency agility, as well as better management and security.

Design and Innovation

The Blockchain Solution to Our Deepfake Problems (WIRED) Technology to hack videos will only keep getting better. A decentralized ledger might help us know when we're seeing the truth.

Public Key Decryption (Medium) Offering an algorithm forcing authorities to reach out to the public to read encrypted messages.

Research and Development

Reverse engineering consciousness: Is the brain a quantum computer? (The Next Web) Sir Roger Penrose believes consciousness comes from quantum processes deep inside the human brain. If our brains are quantum systems we're gonna have to change the way we approach artificial intelligence.

Legislation, Policy and Regulation

Russia 'will definitely retaliate' against the West over diplomatic expulsions (CNBC) Russia will definitely retaliate for the expulsions of Russian diplomats by multiple Western and east European governments, Kremlin Spokesman Dmitry Peskov said Wednesday.

Russia and NATO: Talking Their Way Out of Another Cold War (Bloomberg Quint) Top NATO and Russian military commanders have agreed to meet. Here’s what they need to discuss.

How Will Trump Punish Russia Next? (POLITICO Magazine) When it comes to sending diplomatic messages, presidents have a standard bag of tricks to choose from.

Turkey's internet censorship is not only censorship (Ahval) Censoring the internet is a game of cat-and-mouse, and the ease with which blocks can be circumvented makes many people happier to find ways to get around the problem than discuss it.

Push for legal mandate to unlock phones revived by DOJ (Naked Security) The Feds have been meeting with security researchers who are working on “a safe enough way” to unlock data on encrypted phones.

GOP chair urges passage of Homeland Security cyber legislation (TheHill) Bill would reorganize, rename office tasked with securing critical infrastructure from cyberattacks.

An important first step to protect our elections (TheHill) The omnibus spending bill allocates $380 million to shore up our voting system, and states now have important choices to prepare against threats to the system.

Litigation, Investigation, and Enforcement

Why are Russia and the West allowed to spy on each other? (Deutsche Welle) The expulsion of Russian diplomats from the UK, US and several other NATO states has cast a light on the world of espionage. DW looks at why spies are allowed to even operate in a targeted country in the first place.

Nerve agent was left on front door of Sergei Skripal’s home (Times) A deadly nerve agent that poisoned a former Russian double agent and his daughter in Salisbury was left on the front door of his home, police revealed last night. Scotland Yard said that Sergei and...

Ukrainian Police Bust Online Market For Military Equipment (RadioFreeEurope/RadioLiberty) Amphibious armored-personnel carriers and infantry fighting vehicles, off-road transport trucks, tanker trucks, and trailers were among some 200 objects that have been seized by Ukrainian police after being offered for sale online.

Judge Denies Mueller Request for Protective Order (Courthouse News) A federal judge has denied Special Counsel Robert Mueller’s request for a protective order for materials gathered during discovery for the upcoming trial of former Trump campaign manager Paul…

Ex-Skadden Associate Charged in Mueller's Russia Probe Seeks Nonjail Sentence (New York Law Journal) Alex van der Zwaan told a federal judge that his career is destroyed and that his extended stay in the U.S. has essentially been the equivalent to serving time. The Justice Department counters that he presents a scarcity of mitigating factors and several aggravating circumstances.

Documents suggest possible coordination between CIA, FBI, Obama WH and Dem officials early in Trump-Russia probe: investigators (Fox News) Newly uncovered text messages between FBI officials Peter Strzok and Lisa Page suggest a possible coordination between high ranking officials at the Obama White House, CIA, FBI, Justice Department and former Senate Democratic Leadership in the early stages of the investigation into alleged collusion between the Trump campaign and Russia, according to GOP congressional investigators.

Did Facebook’s ‘favors’ for the Obama campaign constitute a violation of federal law? (Fox News) Controversy continues to swirl around how the consulting firm Cambridge Analytica obtained personal data from over 50 million Facebook users without their knowledge and used it to target ads to individuals in an effort to help Donald Trump be elected president in 2016.

20 hackers arrested in EUR 1 million banking phishing scam (Help Net Security) 9 individuals in Romania and 11 in Italy remain in custody over a banking fraud netted EUR 1 million from hundreds of customers of 2 major banking institutions.

Lizard Squad member found guilty of offering DDoS-for-hire and jailed (WeLiveSecurity) A member of the notorious group Lizard Squad, known for their distributed denial-of-service (DDoS) attacks against websites, has been jailed for three months after being described as providing a "hacker-for-hire" service.

Cyber crook must pay £69,000 or face another two-year prison sentence after selling hacking tool (Computing) Mudd could face an extended jail term if he fails to cough up cash.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will discuss the legal processes of projecting power in the domain of cyberspace and what capabilities require legal review relating to Defensive Cyberspace Operations (DCO) -- both Internal Defense Measure (IDM) and Response Actions (RA) -- as well as Offensive Cyberspace Operations (OCO).

upcoming Events

National Cyber League Spring Season (Chevy Chase, Maryland, USA, Mar 30 - May 25, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Regular Season and Postseason. NCL allows players of all levels to enter. Between Easy, Medium and Hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season is 2/26/18-3/25/18.

4th Middle East Cyber Security Summit (Riyadh, Saudi Arabia, Apr 4 - 5, 2018) The summit will feature state of the art presentations, hackathons and technology showcasing from regional and international experts and leading technology providers. One of the focus areas of the summit will be block-chains & artificial intelligence in existing technical infrastructure in order to protect organizations from external attacks. The need of the hour is to create an ecosystem of trust aided with cybersecurity capabilities.

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, Apr 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, Apr 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, Apr 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, Apr 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

CYBERTACOS San Francisco (San Francisco, California, USA, Apr 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, Apr 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, Apr 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

5th Annual Cybersecurity Summit (McLean, Virginia, USA, Apr 24, 2018) Join the Potomac Officers Club for the Fifth Annual Cybersecurity Summit to hear from public and private sector leaders on how federal agencies can improve their respective data security measures.

Secutech (Taipei, Taiwan, Apr 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, Apr 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, Apr 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to tackle today's threats, as well as arm them with the knowledge, tools and expertise to protect their organizations and advance their careers. Registered attendees will be immersed in two days of insightful, strategic cybersecurity knowledge.

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for kinetic cyber attack. Be part of defining solutions and illuminate risks aimed at critical national Infrastructure. Hack NYC is about sharing big ideas on how we will fortify our daily life and economic vitality. The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Ecuador cuts Assange's Internet access. Concerns over grid vulnerability. "Fauxpersky" malware's lame spoofs. Facebook updates.