The CyberWire Daily Briefing 4.5.18

Summary

By The CyberWire Staff

Facebook's bad patch became, yesterday, even more horrible. The company acknowledged that it may have exposed 87 million users to Cambridge Analytica. Worse yet, various apps over recent years appear to have scraped data about 2 billion users, as close to everybody as makes little difference. Facebook says it disabled a feature apps exploited for data scraping, a search function that enabled users to look for people by entering their email address or phone number.

As the US and China squabble over tariffs, China charging protectionism and the US calling out China for IP theft and unfair practices, US officials brace for a round of renewed Chinese cyber espionage.

Russia's attempt to have its charges of provocation by Novichok validated by the Organization for the Prohibition of Chemical Weapons has failed, voted down 15 to 6, with 17 abstentions. (Lining up with Moscow's bid to demand the UK conduct a "joint investigation" of the Sailsbury nerve agent attack were China, Azerbaijan, Sudan, Algeria and Iran.) Tensions remain high with strong expectations that they'll find expression in cyberspace.

The US is said to be preparing sanctions against at least six Russian billionaire oligarchs. Outgoing US National Security Advisor McMaster's valediction was an unusually direct and forceful condemnation of Russian behavior and a call to impose costs on that country's government. More significantly, Director of National Intelligence Coats yesterday said that the US Government was seriously considering beginning a cyber offensive against Russia. Previous policy statements had concentrated, publicly, on defensive measures.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, India, Israel, Democratic Peoples Republic of Korea, Russia, Sint Maarten, United Kingdom, and United States.

Outmaneuver your most sophisticated cyber enemies—automatically.

Cyber attacks are getting more sophisticated. Cybercrime and data breach costs will reach the billions and even trillions in the next few years. These are things we already know. But what are you doing to help your cybersecurity teams (who are already stretched thin) mitigate the billions of threats? The ScoutShield threat intelligence gateway keeps your overburdened teams from throwing in the towel by blocking threats automatically – making their lives easier and saving you from cyber attacks. Watch our video to learn more.

On the Podcast

In today's podcast we speak with our partners at the Johns Hopkins University, as Joe Carrigan discusses the emerging practice of power companies charging a premium rate for bitcoin miners. Our guest is Larry Cochran from Claimatic on how driverless cars and automation are changing the landscape for insurance carriers.

Sponsored Events

CYBERTACOS San Francisco (San Francisco, California, United States, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

XM Cyber is coming to RSA (San Francisco, California, United States, April 16 - 20, 2018) Visit XM Cyber at the Israeli Pavilion, South Hall booth 635, to experience the first automated APT simulation platform to expose, assess and amend every attack path to organizational critical assets.

Cyber Job Fair, April 19, San Antonio visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, April 19, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the Cyber Job Fair, April 19 in San Antonio. Meet leading cyber employers including Bank of America, Parsons, Engility, Fulcrum and more. Visit ClearedJobs.Net or CyberSecJobs.com for details.

Third Annual Cyber Investing Summit 5/15/18 (New York, New York, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Facebook: ‘Malicious actors’ used its tools to discover identities and collect data on a massive global scale (Washington Post) Facebook said the scam likely hit most of its 2 billion users and helped hackers match email addresses or phone numbers from the so-called “Dark Web” to faces and names on Facebook.

Facebook Says Data on 87 Million Users May Have Been Improperly Shared (Wall Street Journal) Facebook says information on 87 million people may have been improperly shared with Cambridge Analytica. The figure previously was reported to be roughly 50 million.

Facebook raises number of users affected by Cambridge Analytica leak to 87 million (CNBC) Facebook issued the updated number in a lengthy post by CTO Mike Schroepfer about its privacy changes, including restricting third party app access and deleting old logs of messages.

An Update on Our Plans to Restrict Data Access on Facebook (Facebook Newsroom) Two weeks ago we promised to take a hard look at the information apps can use when you connect them to Facebook as well as other data practices. Today, we want to update you on the changes we're making to better protect your Facebook information.

In Wake of Facebook Debacle, New Appthority Report Finds Tens of Thousands of Ad-Supported Apps Are Collecting Excessive Data (BusinessWire) Appthority released a new report that found that more than 24,000 ad-supported apps are hiding their excessive data collection in plain sight.

Appthority Enterprise Mobile Threat Report Q1 2018: Ad-supported Apps: How Personal Data Collection Hides in Plain Sight & Puts Mobile Users and Enterprises at Risk (Appthority) A recent presentation at PrivacyCon, featured a professor asserting that the Facebook advertising platform is leaking users’ Personally Identifiable Information (PII).

Those Facebook videos you thought were deleted were not deleted (Naked Security) Facebook’s blamed a bug. Let’s wait and see what other critters crawl out of those data archives many of us have been downloading!

North Korean Hackers Behind Online Casino Attack: Report (SecurityWeek) The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says.

Chinese hackers targeting US firms’ financial data, report says (South China Morning Post) Cyberattacks looking to get information on bid prices, contracts and mergers and acquisitions, US-based security company claims

FireEye sees repeat cyber attacks rising in Indian companies (The Economic Times) FireEye found that 49% of customers in India and APAC, with at least one high priority breach, were successfully attacked again within a year.

Several U.S. Gas Pipeline Firms Affected by Cyberattack (SecurityWeek) Several natural gas pipeline operators in the United States affected by a cyberattack that hit a communications system provided by a third party

Cyberattack Bleeds Into Utility Space With Billing Delays (Bloomberg) A cyberattack that hobbled the operations of at least four natural gas pipeline companies starting late last week also triggered changes within the utility industry.

Cyberattack Shows Vulnerability of Gas Pipeline Network (New York Times) An attack on a shared data network forced four natural-gas pipeline operators to temporarily shut down computer communications with customers.

YouTube employee’s Twitter account hijacked during shooting (Naked Security) In less than an hour after he tweeted from a barricaded room, Vadim Lavrusik’s account was hijacked.

Establishing covert communication channels by abusing GSM AT commands (Help Net Security) Security research often starts as a hobby project, and Alfonso Muñoz's and Jorge Cuadrado's probe into mobile privacy is no exception. They ended up finding a way to establishing covert communication channels over GSM by abusing GSM AT commands.

Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files (Arbor Networks Threat Intelligence) Overview ASERT recently identified a campaign targeting commercial manufacturing in the US and potentially Europe in late 2017. The threat actors used phishing and downloader(s) to install a Remote Access Trojan (RAT) ASERT calls InnaputRAT on the target's machine. The RAT contained a series of commands that

The Twitter Botnet Bitcoin Con: Why Is It So Easy To Steal Cryptocurrency? (Medium) Amidst all the controversy about Russian bots interfering with the U.S. presidential election, Twitter botnets are being used with a much…

CertUtil.exe Could Allow Attackers To Download Malware While Bypassing AV (BleepingComputer) Windows has a built-in program called CertUtil, which can be used to manage certificates in Windows. Using this program you can install, backup, delete, manage, and perform various functions related to certificates and certificate stores in Windows.

UPDATE: Govt. services shut down due to yet another cyber attack (Daily Herald) Residents and businesspeople were greeted by closed doors at the Government Administration Building on Pond Island this morning due to what is said to be yet another cyberattack on the administration’s IT network.

The Billion-Dollar Hacking Group Behind a String of Big Breaches (WIRED) Fin7, also known as JokerStash, Carbanak, and other names, is one of the most successful criminal hacking groups in the world.

Urban Bungle: Atlanta Cyber Attack Puts Other Cities on Notice (Scientific American) The city has spent the past two weeks restoring online services disrupted by ransomware that held encrypted data hostage

58% of Organizations Have More Than 100,000 Folders Open to Every Employee, Reveals Varonis Data Risk Report (Varonis) Despite enormous consequences of this addressable challenge, companies continue to expose sensitive information to insider threats, ransomware and other risks

Data Under Attack: 2018 Global Data Risk Report (Varonis) Each year, Varonis conducts over a thousand risk assessments for customers and potential customers.

Weak White House email domain security 'poses a national security risk': Study (Washington Examiner) More than 95 percent of emails domains overseen by the Executive Office of the President are at risk of being attacked by phishers and poses a "national security risk," according to a new study.

Free Virgin Atlantic tickets? No, it’s a WhatsApp scam (Naked Security) Two free tickets for every family? It sounds great! It has to be a scam.

Security Patches, Mitigations, and Software Updates

Facebook Removes Feature It Says Was Being Used to Scrape User Data (Fortune) 'we believe most people on Facebook could have had their public profile scraped in this way'

Critical Vulnerability Patched in Microsoft Malware Protection Engine (SecurityWeek) An update released by Microsoft for its Malware Protection Engine patches a vulnerability that allows hackers to take control of systems by scanning a malicious file

Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs (BleepingComputer) Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether.

Cyber Trends

Winning the Game (McAfee) Cybersecurity defenses are under unprecedented levels of attack. From old malware foes and newer types, such as ransomware, to sophisticated advanced threats and statesponsored cyberattacks, breaches are, sadly, now an everyday reality.

Only 1% of media companies are 'very confident' in their cybersecurity (TechRepublic) Media organizations are facing SQL injections, DNS attacks, pirated content, and DDoS attacks, according to an Akamai report.

Media Organizations’ Security Practices, Threats & Concerns Examined in New Akamai Research Report (Akamai) ‘The State of Media Security’ Survey Finds that Few Media Organizations are ‘Very Confident’ in their Current Security Measures

Ethics Moves Front and Center in AI Debate (EnterpriseTech) The breakneck pace of machine intelligence development is prompting welcome assessments of the ethical implications of a technology that will have a profound effect on workers, consumers and most every other segment of society. With that sobering reality in mind, a new risk assessment released by federal contractor

2018 Trustwave Global Security Report (Trustwave) Download the 2018 Trustwave Global Security Report, the industry’s most comprehensive account of cyberthreat and attack data, criminal motivations and trends, and advice for moving forward.

US spanks EU businesses in race to detect p0wned servers (Register) 175 days from breach to action could prove very expensive when GDPR kicks in

How artificial intelligence went from an advantage to a worldwide threat (C4ISRNET) Once considered one answer to preserving U.S. military superiority, AI is now seen by national security leaders as a danger to military operations — and the need to invest in decision-making technologies is accelerating.

Cyber Claims Study (NetDiligence) The annual NetDiligence® Cyber Claims Study uses actual cyber liability insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective. Our objective for this stu…

2018 IBM X-Force Report: Shellshock Fades, Gozi Rises and Insider Threats Soar (Security Intelligence) The latest IBM X-Force report highlighted threats stemming from misconfigured cloud servers and inadvertent insider negligence and examined malware trends from 2017 that could continue into 2018.

Netwrix Survey: 69% of healthcare providers plan to move more data to the cloud, disregarding insider threat (Netwrix) 2018 Netwrix Cloud Security: In-Depth Report reveals that, despite concerns about unauthorized access to PHI, healthcare organizations are still ready to move data to the cloud

Almost half of UK businesses are vulnerable to IoT hacking (Computing) IT managers often neglect to change the default password - but want to increase the spend on IoT devices

Marketplace

Google Staffers Demand End to Work on Pentagon AI project (PCMAG) Over 3,100 employees have signed the letter protesting Google's involvement in Project Maven, a Pentagon effort to use AI systems to analyze drone footage.

RSA Acquires Behavior Analytics Startup Fortscale (CTECH) The Israel-based startup was acquired for less than investors had put into the company, a person familiar with the matter told Calcalist

ESET opts for two-tier approach to support ambitious channel growth plans (MicroscopeUK) The endpoint protection player is looking for ambitious channel growth and has turned to distribution to support that aim

Microsoft to pour $5bn into IoT (CRN) Investment comes soon after Satya Nadella announced a restructuring at Microsoft,Vendor ,Microsoft

Threat X Closes $8.2 Million Series A Funding Round Co-Led by Grotech Ventures and Access Venture Partners (BusinessWire) Threat X Closes $8.2 Million Series A funding round co-led by Grotech Ventures and Access Venture Partners.

American Bankers Association hires cybersecurity expert (Financial Regulation News) The American Bankers Association (ABA) named Paul Benda as its new senior vice president of risk management policy. Paul Benda In this position, Benda leads ABA’s policy initiatives in cybersecurity, physical security, and risk management practices. Benda joins the association from Global Security and Innovative Strategies (GSIS), where he served as partner and chief technology …

Products, Services, and Solutions

2018 Could be the Year When Consumers Crush Ransomware (Financial IT) Consumers finally have a chance to get the edge on ransomware gangs that have amassed billions of dollars in the past few years.

Infoblox Enhances SaaS based Security to Address the DNS Cybersecurity Blind Spot (PR Newswire) Infoblox Inc., the network control company that provides...

ForeScout Expands Device Visibility Platform to Secure the Extended Enterprise (GlobeNewswire News Room) Supports up to 2 million devices in a single enterprise manager for industry-leading scalability and increased visibility across entire enterprise environment, including operational technology and critical infrastructure

Device Authority and Gemalto Drive Internet of Things Security for Enterprise Solutions (BusinessWire) Device Authority and Gemalto have partnered to enable companies to protect data and digital identities across endpoint devices, gateways and clouds

Digital Defense Launches AWS-Based Frontline.Cloud Platform (PRWeb) Pioneer of Cloud Solutions Further Simplifies Assessing Security of Hybrid Networks

LogicHub announces ThreatGPS™ for GitHub, The World's First Automated Threat Detection and Response Solution for Source Code Management System (PRNewswire) First out-of-the-box intelligent threat detection solution that continuously monitors GitHub repositories, available to protect the 80 million repositories in the cloud worldwide

New CompTIA Advanced Security Practitioner Certification Takes on Latest Cyber Threats (Markets Insider) CompTIA, the leading provider of vendor-neutral, performance-based certifications for the information technology (IT) industry, today introduced a new version of its CompTIA Advanced Security Practitioner credential.

Security Compass Releases New Risk Dashboard Capability in the Latest Version of its SD Elements Platform (GlobeNewswire News Room) SD Elements Version 4.12 Makes it Easy for Organizations to Demonstrate Clear Governance of Software Security and Compliance Activity

ShiftLeft: Fully automated runtime security solution for cloud applications (Help Net Security) ShiftLeft provides fully automated secure development and runtime protection for cloud applications. It extracts "Security DNA" from applications, maps how sensitive data is flowing from applications to data sinks and shows you how that flow is being handled, and shows potential problems.

WISeKey Defines its ICO for the WISeCoin Cryptocurrency (GlobeNewswire News Room) WISeKey International Holding Ltd ("WISeKey", SIX: WIHN), a leading cybersecurity and IoT company announced that it will launch its WISeCoin in Q4 2018.

Verint launches new FaceDetect solution to automate intelligence gathering (TechObserver) Verint FaceDetect is powered by computer-based, multi-layered algorithms designed to operate in challenging security scenarios, said company.

Swimlane Augments Its Automated Security Platform With Lastline Integration (GlobeNewswire News Room) Swimlane expands its capabilities in security orchestration, automation and response by integrating with industry-leading malware detection platform

StorMagic Adds Affordable Data Encryption for Edge Computing Environments () StorMagic®, simplifying storage at the edge, today introduced StorMagic SvSAN with Data Encryption, the most cost-effective encryption solution for st

Technologies, Techniques, and Standards

NCCIC Growth Helps Tackle 'Most Serious and Enduring Strategic Risks' (Homeland Security Today) Goals include expanding the scale and number of vulnerability scans, cyber hunt activity, and risk assessments to protect election security.

Blockchain gets renewed focus with IT modernization funding in place (Federal News Radio) Blockchain is generating a lot of buzz in government IT offices these days, and it does more than serve as the technology behind Bitcoin.

Here’s What Government Gets Wrong About Bug Bounties (Nextgov.com) Congress has gone bananas for bug bounties, but they may not always be the right choice.

How to Detect App Threats to Protect Your Business (Arxan) 1. Start with a brilliant high-value app idea.

Securing software: Why we're all coders now (Computing) DevSecOps may be a clunky label but it can help start a necessary conversation, says Christian Beegden of Sumo Logic,DevOps,Security ,devsecops,Sumo Logic,Graham Cluley,DevOps,Security

How do you solve a problem like ransomware? Invest up front (The Parallax) Without investing in technology and personnel to implement preventative measures, experts say, ransomware like the SamSam attack in Atlanta will continue to wreak havoc across computer systems and networks.

Research and Development

Tortuga Logic to Develop Novel Hardware Security Solutions with Support from DARPA Program (BusinessWire) Chips security firm that targets issues like Meltdown and Spectre Receives DARPA Contract - Tortuga Logic to Develop Novel Hardware Security Solutions

Legislation, Policy and Regulation

U.S. Reported Poised To Impose New Sanctions On Russian Billionaires (RadioFreeEurope/RadioLiberty) The United States plans to impose a new round of sanctions on Russia, this time targeting Russian billionaires with ties to President Vladimir Putin, media are reporting.

Top intel official: We're about to go on offense in cyberwar with Russia (Hot Air) "There is more going relative to this issue than I think has been reported."

McMaster Unleashes on Russia in Final Speech (Foreign Policy) The outgoing national security advisor took one last swipe at Putin’s efforts to undermine Western democracies.

Lt. Gen. H.R. McMaster: The Toughest Man on Russia? (Atlantic Council) US national security advisor says West has "failed to impose sufficient costs" on Moscow for its aggressive behavior US President Donald J. Trump assured the leaders of the Baltic states—Estonia, Latvia, and Lithuania—at a White House meeting on...

New Chinese defense minister says China will ‘support’ Russia against US: Tass (Asia Times) Quoted at Moscow security conference

With trade war looming, Chinese cyberattacks may follow (Cyberscoop) Cybersecurity and policy experts say government-backed cyberattacks between the U.S. and China may spike after years of calm.

Separating Kim Jong Un from his Elites (The Cipher Brief) “What South Koreans want is an unconditional withdrawal of U.S. troops from the South, an unwelcome guest that poses a threat to peace and security on the Korean Peninsula.” -14 March 2018, Rodong Sinmun, North Korea Newspaper After decades of effort, North Korea is close to being able to credibly threaten the United States with …

Facebook and Twitter may be forced to identify bots (Naked Security) If passed, the bill would give platforms 72 hours to investigate reports of bots seeking to mislead Californians and to remove or disclose them.

Litigation, Investigation, and Enforcement

Russian bid for joint spy probe rejected (BBC News) A proposal for a new inquiry into the Salisbury poisoning fails at the chemical weapons watchdog.

UK locates source of novichok nerve agent used in Salisbury (Times) Russia’s culpability in the Salisbury poisoning is “beyond reasonable doubt”, the security minister said today as Russia took the spiralling row to the United Nations Security Council. Sergei...

Useful idiots are letting Putin off the hook (Times) If it wasn’t so bloody serious, you’d have to laugh at the irony of it. Back in August 2004, the then MP for Henley joined a small group of parliamentarians calling for the prime minister, Tony...

Threatening legal fight, Nunes demands document that kicked off FBI Trump-Russia investigation (Washington Examiner) House Intelligence Committee Chairman Devin Nunes, R-Calif., has sent a letter to Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray demanding an uncensored copy of the document the bureau used to formally begin its investigation into alleged collusion between Russia and…

Inside the takedown of the alleged €1bn cyber bank robber (WIRED UK) The Carbanak cybercrime group is accused of stealing more than €1bn from banks around the world. Last week, police arrested the man they think is its mastermind

Catching a Chinese IP Thief: How the FBI Tracked and Caught Sinovel (The Cipher Brief) This victory in court exposes a more difficult problem. Is the U.S. government willing to back the ruling with a meaningful deterrence strategy?

PayPal fraudster's £50,000 in Bitcoin seized on proceeds of crime confiscation (Computing) Gabriele Pearson sentenced to 15-month jail term last week among the first to have Bitcoins confiscated under Proceeds of Crime Act,Security,Threats and Risks ,PayPal,Gabriele Pearson,Economic Crime Unit,Surrey Police,Second Life

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cybersecurity: A Shared Responsibility (Auburn, Alabama, USA, April 8 - 10, 2018) During the 2018 SEC Academic Conference, we will explore three themes within cyber security: the underlying computer and communication technology; the economic and physical systems that are controlled by technology; and the policies and laws that govern and protect the use of information that is stored in, transmitted by, and processed with technology.

Sea-Air-Space: The Navy League’s Global Maritime Exposition (National Harbor, Maryland, USA, April 9 - 11, 2018) Join us this April for Sea-Air-Space, the largest maritime exposition in the U.S., with 275+ exhibitors displaying the latest in maritime, defense and energy technology. This year’s theme, “Learn. Compete. Win.” reminds us that every day our men and women in uniform are learning new strategies, tactics and energy technology to compete against the world's best, where winning is the only option. The challenge is always on, and Sea-Air-Space is your place to participate in interactive exhibits, professional development sessions, and open forums disclosing timely information. Hear from active duty military, government and industry leaders on key issues and future strategies for the U.S. Navy, Marine Corps, Coast Guard U.S.-flag Merchant Marine.

2018 Mississippi College Cybersecurity Summit (Clinton, Mississippi, USA, April 10 - 11, 2018) The 2018 Mississippi College Cybersecurity Summit is a conference designed to engage, educate, and raise awareness about cybersecurity across the nation. The 2018 Cybersecurity Summit will provide valuable cybersecurity tools and resources for a variety of industries and topics, including: critical infrastructure, healthcare, government, education, large and small business issues, and cryptocurrencies.

ISC West 2018 (Las Vegas, Nevada, USA, April 11 - 13, 2018) ISC West is THE largest security industry trade show in the U.S. At ISC West, you will have the chance to network with over 30,000 security professionals through New Products & Technologies encompassing everything from access control to unmanned vehicles from over 1,000 Exhibitors & Brands.

Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language (Arlington, Virginia, USA, April 12, 2018) With the support of the Hewlett Foundation, the National Security Institute is excited to host “Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language.” This networking event brings together technologists and leading policymakers to bridge the gap between non-technical and technical cyber professionals.

CYBERTACOS San Francisco (San Francisco, California, USA, April 16, 2018) CYBERTACOS is back and becoming one of the biggest cybersecurity networking events! Register today and join us for networking, food and drinks. This event includes a 45-minute meet the press panel made up of influential security reporters who will discuss what they are covering and how to best work with them.

RSA Conference 2018 (San Francisco, California, USA, April 16 - 20, 2018) Take this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you.

Our Security Advocates (San Francisco, California, USA, April 17, 2018) OUR Security Advocates highlights a diverse set of experts from across information security, safety, trust, and other related fields. OURSA is a single-track, one-day conference with four topic sessions. In each session, you'll hear short talks from multiple experts followed by a moderated discussion.

5th Annual Cybersecurity Summit (McLean, Virginia, USA, April 24, 2018) Join the Potomac Officers Club for the Fifth Annual Cybersecurity Summit to hear from public and private sector leaders on how federal agencies can improve their respective data security measures.

Secutech (Taipei, Taiwan, April 25 - 27, 2018) To meet the rising demand for intelligent and customised solutions, Secutech converges security and safety, ICT, IoT, artificial intelligence, big data, edge computing, intelligent video analytics and deep learning to enable you to create new value in the rapidly evolving market, and provide intelligent solutions in factory, retail, healthcare, transportation, home, building and safe city sectors.

Industrial Control Systems (ICS) Cyber Security Conference Asia (Singapore, April 25 - 27, 2018) The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region. Three days of multi-track training & workshops for days for operations, control systems and IT security professionals to connect on SCADA, DCS PLC and field controller cyber security.

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster a close-knit, casual and open environment for speakers and attendees. There are no sponsored talks, panels or other gimmicks, just two days of carefully vetted, highly technical talks which present new research in advanced exploitation techniques, vulnerability discovery, malware/implant design, anti-forensics and persistent access. Speakers include hackers from all across the offensive spectrum. The conference also hosts advanced training classes in web hacking, exploit development, cryptanalysis, kernel exploitation, Java attacks and other techniques (April 22-25). Now in its eighth year, the two-day, single track conference is organized by Dave Aitel and Immunity Inc., and is held in warm, sunny Miami Beach.

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners to discuss the increasingly complex and interdependent relationships between smart vehicles and ever-expanding smart infrastructures. The SANS Automotive Cybersecurity Summit was created to develop and foster a culture of cyber-awareness in organizations across the vehicle supply chain as we work together to understand risks, safeguard organizations, their products, and their customer from the evolving threat landscape.

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will discuss the legal processes of projecting power in the domain of cyberspace and what capabilities require legal review relating to Defensive Cyberspace Operations (DCO) -- both Internal Defense Measure (IDM) and Response Actions (RA) -- as well as Offensive Cyberspace Operations (OCO).

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring together high-level representatives from around the globe to create a cybersecurity roadmap for the future. Attendees will come from all areas of cybersecurity for the healthcare, medical devices and pharmaceutical sectors. Experts will examine the cybersecurity landscape in these three industries, with a particular focus on strategies for protection and incident response, as well as on business/regulatory considerations. Central to the aims of this event is facilitating collaboration and cooperation amongst the diverse stakeholders that will be in attendance.

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to tackle today's threats, as well as arm them with the knowledge, tools and expertise to protect their organizations and advance their careers. Registered attendees will be immersed in two days of insightful, strategic cybersecurity knowledge.

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for kinetic cyber attack. Be part of defining solutions and illuminate risks aimed at critical national Infrastructure. Hack NYC is about sharing big ideas on how we will fortify our daily life and economic vitality. The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products and services over the next five years from 2017 to 2021. Panels will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. Speakers include leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. Attendees will have the opportunity to network with key influencers in the investment and cyber security industries. A cocktail reception will be held following the presentations.

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and gain insight into technological advancements within the industry, as well as unique strategies utilised by to meet demands of rapidly changing energy consumer/prosumer market.

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.