The CyberWire Daily Briefing, 2.27.20

Special Section

RSAC 2020

The CyberWire's CSO and Chief Analyst Rick Howard offered some observations on what he's seen so far at RSAC 2020. He found two sessions particularly worthy of notice. One of them, a panel on encryption, noted that differential privacy--a family of methods that enables data to be worked on and in some respects used without compromising privacy--was arriving faster than many had anticipated. "What's interesting," he said, "is that the US Census is using the technology in this year's census." That's a big debut for a new technology.

Howard was also struck by a point CISA Director Chris Krebs made during his discussion of election security: there are 8800 election jurisdictions that run their own election infrastructure, but only about 2000 of them actually communicate with CISA on threat intelligence and other matters affecting security. So it would appear we don't yet have our act together.

Strolling the floor is always interesting. "The floor is always like Mardi Gras," Howard said, with lots of shiny objects and all the swag you can carry. But a few new product lines caught his eye. "It's interesting to see them on the floor, because that means they're going through the stages of becoming viable." One interesting set of offerings--and there are more than one of them--uses technology that will help you with the new California Consumer Privacy Act. They aren't compliance tools for organizations, but rather consumer-facing products that enable individuals to enforce their rights under CCPA. They offer assistance to consumers who want their personal information found and removed from databases that hold it.

And there are other offerings appropriate to the age of deep fakes, shallow fakes, and old-fashioned fakes. "There's a new product that looks at audio files." Should you call a help desk, for example, "within fifteen seconds they can fingerprint you, and know that it's you." Thus it's an anti-impersonation, anti-fraud product whose presence at RSAC suggests how rapidly such technology is maturing.

Our coverage of RSAC 2020 will continue through tomorrow. See the links below for additional news from the conference.

Summary

By the CyberWire staff

Those wondering if the US policy of naming and shaming threat actors can disrupt those adversaries may find some evidence that it does by considering how the Chinese organizations named in the Equifax breach indictment seem to have vanished from cyberspace. It appears that Chinese services, at least, are sensitive to this kind of treatment. CrowdStrike founder Dmitri Alperovich said yesterday at RSAC 2020 that it appeared China's Ministry of State Security has had to "reset and retool."

CyberScoop and SC Magazine report that Dell Secureworks has concluded that Iranian cyber operations have maintained their customary steady tempo since Quds Force commander Major General Soleimani died in a US drone strike. There may have been some retaliatory surge, but for the most part the activity looks like business as usual. Researchers attribute the on-going regional cyberespionage to the Iranian threat group COBALT ULSTER (also known as MuddyWater, Seedworm, TEMP.Zagros, and Static Kitten). The governments most affected have been those of Turkey, Jordan, and Iraq, with organizations in Georgia and Azerbaijan also appearing on the target list. The typical attack method has been spearphishing.

ESET researchers report finding encryption flaws in Cypress Semiconductor and Broadcom Wi-Fi chips. While the risk is relatively limited, it remains possible that attackers could intercept data transmitted wirelessly.

According to the Washington Post, persons (possibly foreigners) impersonating the Democratic National Committee have sought to establish contact with Presidential campaigns.

The UK's National Cyber Security Centre wishes to remind all that ransomware can also affect online backups.

Webinar: 2019 Year in Review Cyber Security Threat Landscape

Notes.

Today's issue includes events affecting Australia, China, European Union, Iran, Japan, Russia, United Kingdom, and United States.

Bring your own context.

Does spearphishing scale? It sure does.

"I think the rise in spear-phishing and these highly targeted campaigns is largely to do with the fact that we put so much of ourselves online now. So I read a stat recently. Over 150 million U.S. workers have a LinkedIn profile, which is an astonishing statistic. And what that means is it's trivial for any attacker to understand who the C-suite of any organization is, and then it's trivial to emulate or spoof those identities on email. So what we're seeing is that it's really, really easy to pull off these scams.

"And actually, for attackers, it is fairly scalable to do this. You can build a LinkedIn scraper. You can be pulling names. And you can be automating the purchase of domains that look like legitimate domains but, in fact, aren't. And then you can automate the sending of those emails into organizations. And, you know, the rewards from doing this kind of thing can be enormous for attackers. So I read about that charity in the U.K. this morning who fell victim to a spear-phishing scam where they lost almost a million dollars over three transactions. So it is a huge, huge payoff for these attackers when they actually get their target to do the thing they want them to."

—Tim Sadler of Tessian, on the CyberWire's Hacking Humans podcast, 2.27.20.

The challenge is to find a way of scaling the sense that no, no, this isn't the sort of thing executive so-and-so would do. Better check it out.

CyberWire Pro is coming soon.

Our new subscription program, CyberWire Pro, is about to launch. Designed for cyber security professionals and all others who want to stay abreast of this rapidly evolving field, CyberWire Pro is a premium news service that will save you time and keep you informed.

Simple, secure identity and access management for your business.

LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.

On the Podcast

In today's CyberWire Daily Podcast, direct from Broadcast Alley at RSAC 2020, we speak with our partners at Webroot, as David Dufour shares the trends he's observed and the predictions he's prepared to make from the floor at RSAC. Our guest is Liesyl Franz from the US State Department on nation-state cyber activities and deterrence in cyberspace.

And Hacking Humans is up. In this episode, "The art of cheating," Joe shares some insights into the art of cheating travelers, Dave has a story of a woman facing drug charges trying to kidnap another woman's baby, an update on last week's bizarre phone scam, The Catch of the Day features otters, sexy ham, frustrated scammers and... you're just going to need to listen. Later in the show, our interview with Tim Sadler from Tessian on human element of cybersecurity and how to understand phishing schemes.

Sponsored Events

Dragos Webinar: 2019 Year in Review Cyber Security Threat Landscape (Online, Mar 5, 2020) Join the Dragos 2019 ICS Year in Review webinar on March 5 for recommendations to improve your cybersecurity defenses. The report authors will summarize their conclusions from real-world threat hunts, incident response and vulnerability assessments.

"I love security agents!" Said no one, ever. (Online, Mar 13, 2020) Register today for Orca Security's March 13 webinar, Two CISOs explain why if you're using scanners or agents to secure AWS, Azure, and GCP, then you're doing it wrong. It's time for a BIG CHANGE.

CyberCon 2020 (Anaheim, California, USA, Mar 30 - Apr 1, 2020) The CyberCon Industrial Cybersecurity CISO Summit & Workforce Development Conference is a solutions-based cybersecurity conference promoting networking, collaboration and sharing of solutions between cybersecurity experts and leaders in power and utility companies. Gain unprecedented access to over 40 innovative speakers covering a range of pressing cybersecurity topics and an expo featuring 100+ cybersecurity technology providers showcasing innovative solutions. A “Workforce Development Forum” will provide strategies companies need to recruit, train and retain top cybersecurity talent.

Selected Reading

Dateline

How China poses an insider threat (Fifth Domain) Officials warned that China's intellectual property theft includes using company insiders, not just cyberattacks.

Accused Chinese hackers abandon techniques after U.S. indictments (CyberScoop) Digital infrastructure associated with Chinese hackers charged in 2014, 2017 and 2018 essentially evaporated when charges in each case were made public.

RSAC 2020 Survey — API Security Attitudes & Trends (CloudVector) CloudVector attended RSA Conference 2020 to exhibit in the Early Stage Expo, a specialized pavilion for up-and-coming cybersecurity vendors away from the

Intel promises full memory encryption as it presents its data-centric security strategy (Computing) Intel promises bigger investment in security following the Meltdown and Spectre security bugs

Bishop Fox Wins Three InfoSec Awards from Cyber Defense Magazine at RSA Conference 2020 (PR Newswire) Bishop Fox, the largest private professional services firm focused on offensive security testing, today announced that it has won three InfoSec...

Cyber Attacks, Threats, and Vulnerabilities

Summer Olympics is ripe for cyberattacks (TechRepublic) Criminals will exploit the confusion and hustle and bustle of the games to their advantage, according to security researcher.

Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing (CyberScoop) Iran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks.

Iran maintaining on-going cyber efforts, no response yet to Soleimani killing (SC Media) Iranian cyberespionage operations are continuing at a steady pace, but so far no reaction has been spotted in response to the January U.S. drone strike that killed Iranian Gen. Qasem Soleimani.

Online ‘impersonator’ tried to contact campaigns, DNC says (Washington Post) The Democratic National Committee has warned its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns.

Russian hacking, spear-phishing, nondisclosure agreements: How Florida was affected in 2016 election (Tallahassee Democrat) Gov. Ron DeSantis was told during an FBI briefing that at least 2 Florida counties were hacked in the 2016 election, but he signed a nondisclosure agreement saying he would not divulge which counties were affected.

Will your vote count? Veil of secrecy makes it impossible for Florida voters to know (Tallahassee Democrat) Florida forced all 67 election supervisors to sign nondisclosure agreements in order to get training and funding to fight hacking.

Flaw in billions of Wi-Fi devices left communications open to eavesdropping (Ars Technica) Cypress and Broadcom chip bug bit iPhones, Macs, Android devices, Echoes, and more.

KrØØk vulnerability affecting Broadcom and Cypress WLAN chips could enable attackers to decrypt wireless network packets (Computing) New security vulnerability could affect nearly one billion devices worldwide

KR00K - CVE-2019-15126: Serious Vulnerability Deep Inside Your Wi-Fi Encryption (ESET) ESET researchers discovered a previously unknown vulnerability in Wi-Fi chips and named it Kr00k. This serious flaw, assigned CVE-2019-15126, causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication. In a successful attack, this vulnerability allows an adversary to decrypt some wireless network packets transmitted by a vulnerable device.

Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices (BleepingComputer) The operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim's data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon.

Ransomware victims thought their backups were safe. They were wrong (ZDNet) Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cybersecurity agency.

Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen (The Daily Beast) Clearview AI, which contracts with law enforcement after reportedly scraping 3 billion images from the web, now says someone got “unauthorized access” to its list of customers.

Apple’s iOS pasteboard leaks location data to spy apps (Naked Security) A developer has discovered that malicious apps could exploit the pasteboard to work out a user’s location.

LTE vulnerability allows impersonation of other mobile devices (Naked Security) Researchers have found a way to impersonate mobile devices on 4G and 5G mobile networks, and are calling on operators and standards bodies to fix the flaw that caused it.

PayPal accounts abused en-masse for unauthorized payments (ZDNet) All signs point to an attack exploiting PayPal's Google Pay integration.

Norton LifeLock Phishing Scam Installs Remote Access Trojan (BleepingComputer) Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus NortonLifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes.

Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them? (Help Net Security) CVE-2020-0688, a RCE bug in Microsoft Exchange Server, could become a vector for ransomware groups in coming months as it's ripe for exploitation.

SQL Dump from BGR India Shared on Hacker Forum (BleepingComputer) Hackers are currently sharing SQL databases from unsecured Amazon S3 buckets, one dump belonging to the BGR tech news site in India.

Zyxel 0day Affects its Firewall Products, Too (KrebsOnSecurity) On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products.

Cloud outages show multicloud is essential (InfoWorld) Outages are inevitable and vendors are unreliable. You can’t move fast enough unless you already have your service running on two or more clouds

Cyber attack forces cancellation of wool sales across Australia (ABC Rural) A ransomware attack, targeting software used by more than 75 per cent of the wool industry, forces the buying and trading system offline.

Slickwraps apologizes to customers after comically bad data breach (The Verge) Accessed information includes names, emails, and addresses.

Gadsden school district hit by ransomware for the second time in a year (Las Cruces Sun-News) The district has again shut down internet and phones, but it is not clear whether this is because of a new ransomware attack or the previous virus.

PUBG has been dealing with an increase in DDoS attacks and performance issues (pcgamer) PUBG Corp has explained its plans to resolve them.

Munson Healthcare Notifies Patients of Data Breach (9 & 10 News) Munson Healthcare had a data breach where employee email accounts were accessed by an unauthorized third party. After an investigation, it was found that some of the email accounts that were accessed contained identifiable personal and protected health information. Patient names, insurance information, dates of birth, treatment, and diagnostic information were impacted in the email accounts. Munson Healthcare says a...

Cyber Attack Attempts on Judiciary Top 24 Million, Congress Told (Bloomberg Law) Cyber attack attempts targeting the federal judiciary have risen sharply in recent years to more than 24 million in 2019, and some incidents have been tied to other nations, judiciary officials said in congressional testimony.

Cyber Trends

What is a cyber attack? Recent examples show disturbing trends (CSO Online) A cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Here are some of the major recent cyber attacks and what we can learn from them.

IBM Survey: Only 38% of State and Local Government Employees Trained on Ransomware Prevention (IBM Security) Two thirds of government employees concerned about cyberattacks on their workplace, threats against elections among top concern in 2020

Global Threat Trends Demonstrate Political and Economic Intentions of Cybercriminals (Fortinet) FortiGuard Labs Threat Landscape Report Reveals a New Perspective on Global Trade and the Allure of Election Disruption

Stalkerware Attacks Increased 50 Percent Last Year, Report (Threatpost) Research puts the emerging mobile threat—which monitors the whereabouts and device activity of devices users as well as collects personal data—into clearer focus.

Here's another huge reason why your smartphone needs security software (TechRadar) Mobile malware, including trojans and stalkerware, saw major rise in 2019

Marketplace

The Cybersecurity 202: Huawei official accuses U.S. of targeting the telecom to hurt China (Washington Post) The battle over Huawei is taking place face-to-face here as officials from the U.S. government got a chance to debate directly with the Chinese telecom.

Why This Microsoft Analyst Says A Security Awakening Is 'Real,' Company A 'Core Growth Holding In Cloud' (Benzinga) After attending meetings at the RSA Conference 2020 being held this week in San Francisco, one analyst at Piper Sandler came away convinced about the prospect the security segment...

Kenna Security Nearly Doubles Revenue in Year of Product Innovation (AiThority) Kenna Security, the enterprise leader in risk-based vulnerability management, grew revenue more than 90% over the last two years, with annual recurring revenue growing 150% over the same period.

SoftIron Co-Founder, Mark Chen, Returns to Lead Company's Secure Provenance Strategy as CSO (PR Newswire) SoftIron Ltd., the leader in purpose-built and performance-optimized data center appliances, announces the appointment of Mark Chen to the role...

Cybersecurity Expert Joins CrossCountry Consulting’s Board of Advisors (PRWeb) CrossCountry Consulting, a leading business advisory firm, today announced that it has named noted cybersecurity expert Matthew Devost to its Board of Adviso

Products, Services, and Solutions

Menlo Security Offers $1 Million Malware Protection Warranty for World’s First Cloud Proxy Platform Built on an Isolation Core™ (BusinessWire) Menlo Security, a leader in cloud security, today announced the launch of its 100 percent malware protection warranty. The company stands behind its a

StorCentric’s Nexsan Announces Major Performance & Connectivity Improvements for BEAST Platform with New BEAST Elite Models (Nexsan) BEAST Elite & Elite F with QLC Flash Deliver Industry-Leading BEAST Reliability with Enhanced Performance

Adaptiva Introduces Endpoint Health With 111 Health Checks for Clients and Servers (Yahoo) Adaptiva's automated solution, Endpoint Health, is proven to dramatically reduce help desk tickets and lower costs.

Malwarebytes Launches Enhanced Cloud Platform, MSP Premier Partner Program - Malwarebytes Press Center (Malwarebytes Press Center) Simplified dashboards enable easy deployment, reporting and operational control

F-Secure Expands Partnership With Nifty On Identity Protection Services (Global Security) Today, cyber security provider F-Secure and Nifty, Japan’s leading internet service provider (ISP), announced they were expanding their partnership with Nifty’s deployment of F-Secure’s identity protection services in Nifty’s “@nifty Password Manager”.

Clumio SaaS Continues to Disrupt $10 Billion Market by Redefining Backup for the All Cloud Enterprise (Globe Newswire) Company Reports Product Validation by Industry and Customers; Announces Snowflake’s Chief Revenue Officer Chris Degnan as New Board Member

Kubernetes Security Leader Alcide Simplifies PCI and GDPR K8s Compliance for DevOps and Security Teams (Yahoo) Introduces compliance playbooks to the Alcide Kubernetes Security Platform to enable automated Kubernetes compliance checks

Imperva launches Advanced Bot Protection solution (Help Net Security) Imperva announced Advanced Bot Protection, a new solution that integrates its bot management technology into the its Cloud Application Security solution.

Technologies, Techniques, and Standards

How a Hacker's Mom Broke Into a South Dakota Prison (Wired) Security analyst John Strand had a contract to test a correctional facility’s defenses. He sent the best person for the job: his mother.

Academia

Cyber Florida Helps Towns and Counties Prepare for the Growing Cyber Threat (Cyber Florida) With support from Florida Secretary of State Laurel M. Lee, Florida Attorney General Ashley Moody, and the Florida League of Cities, Cyber Florida’s efforts have already reached over 300 local public officials February 26, 2020—Tampa, FL: Cyber Florida’s ongoing efforts to help the state’s local governments improve their cybersecurity featured events in Ocala and Tallahassee …

Legislation, Policy and Regulation

EU considers sanctions against Chinese and Russian groups over hacking (South China Morning Post) The move would be the first application of the EU’s so-called cyber sanctions regime – a toolbox including travel bans and asset freezes intended to deter cyberattacks.

North Korea is relying on the internet more, creating an opening for the US (Fifth Domain) The United States should be prepared to impose sanctions on the individuals and companies in suspect countries for hosting North Korean cyber operatives.

Australian Minister Slams Gov’t for Weak Response to Ransomware ‘Epidemic’ (Cointelegraph) An Australian minister has slammed the government for failing to prioritize ransomware amid increasing attacks.

How the executive branch shaped the Cyber Solarium Commission (Fifth Domain) Members of the commission preparing to release cyber policy recommendations explained why executive branch participation was important.

FCC now collecting data on Huawei use in US networks (CNET) The info will help the US Federal Communications Commission reimburse smaller carriers for ripping out and replacing Huawei and ZTE equipment.

Democrats cancel surveillance vote over pushback to amendments (TheHill) The House Judiciary Committee on Wednesday canceled a planned vote to reauthorize a set of controversial government surveillance programs over concerns that a slew of privacy-focused amendments from Rep.

Esper won’t give up 5G spectrum to telecom firms, but he will share it (C4ISRNET) US Defense Secretary Mark Esper is pushing back against telecom companies’ efforts to claim mid-band spectrum in their race with China to build 5G networks.

Litigation, Investigation, and Enforcement

Tech Platforms Aren’t Bound by First Amendment, Appeals Court Rules (Wall Street Journal) A federal appeals court in California ruled that privately operated internet platforms are free to censor content they don’t like.

Lawyer says Assange shouldn’t face ‘political’ extradition (Washington Post) A lawyer for Julian Assange has argued that the WikiLeaks founder should not be sent to the United States because a U.K.-U.S. treaty bans extradition for political offenses

ICE has run facial-recognition searches on millions of Maryland drivers (Washington Post) The direct and largely unlimited access granted to immigration-enforcement officials marks an aggressive new step for the federal agency in regard to Americans’ photos and personal data. It also raises the risk that undocumented immigrants who applied for driver’s licenses under the state’s landmark program could have been targeted.

SoftBank’s Rajeev Misra Used Campaign of Sabotage to Hobble Internal Rivals (Wall Street Journal) The man atop the world’s biggest tech fund paid for a campaign that included negative news stories, a concocted shareholder campaign and a sexual trap, people familiar with the matter say. A Misra spokesman said he did not orchestrate the effort.

WSJ News Exclusive | Hilton’s Waldorf Beverly Hills Used a Mole to Steal Secrets From Rival, Lawsuit Says (Wall Street Journal) The Waldorf Astoria Beverly Hills is making a push to attract Middle Eastern royals and well-heeled celebrities. Now, a rival hotel is alleging the Waldorf stole corporate secrets and personal information about some of those guests in an effort to win business.

Taking a GPS tracker off your car isn’t ‘theft,’ court rules (Naked Security) This line of thinking could get absurd, Indiana’s supreme court declared. How do you “steal” something if you don’t know who owns it?

Ex-Microsoft engineer convicted of 18 felonies after stealing $10M in digital currency (GeekWire) A former Microsoft worker was convicted of 18 federal felonies after he stole $10 million worth of digital currency from his ex-employer and used the funds to finance extravagant purchases, including…

This fraud ring posed as a Navy officer (Navy Times) A Los Angeles man linked to an international fraud ring that masqueraded as a Navy official to steal millions of dollars worth of electronics will stay behind bars.

Six suspected drug dealers went free after police lost evidence in ransomware attack (ZDNet) Seventh incident of its kind when police investigations were impacted by a ransomware infection.

Click Here to Sue Everybody: Cutting the Gordian Knot of the Internet of Things with Class Action Litigation (Richmond Journal of Law & Technology) It is not hyperbole to state that the mass proliferation of the Internet of Things (IoT) will alter modern society to a degree surpassing even the Industrial Revolution.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

National Cyber League (NCL) Spring Season (Various locations, Mar 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.

CMMC Forum 2020 (Falls Church, Virginia, USA, Apr 2, 2020) During the Potomac Officers Club’s CMMC Forum 2020 on April 2nd, some of the top executives from the federal government and industry will explore the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market. The forum will feature Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, as a keynote speaker. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.

2020 Cyber Symposium (Aurora, Colorado, USA, Jun 15 - 16, 2020) In today’s ever-changing security landscape, change seems like the only constant. How do we mitigate threats, find new solutions and educate the next generation of game-changers? At the NCC’s Cyber Symposium, leaders from business, government and education will converge to share, learn and empower each other to find answers. We are Stronger Together.

upcoming Events

RSA Conference 2020 (San Francisco, California, USA, Feb 24 - 28, 2020) Be part of a conversation that has the power to change the world. Join top cybersecurity leaders and a dedicated community of peers as we exchange the biggest, boldest ideas that will help propel the industry forward. Get access to expert-led sessions, thought-provoking keynotes, in-depth trainings and tutorials, groundbreaking innovation programs, state-of-the-art product demos and countless networking opportunities.

ISSA Central MD Information Security Conference (Columbia, Maryland, USA, Feb 28, 2020) Information System Security Association's Central Maryland Chapter is hosting a day-long cybersecurity conference. Its two tracks will address: leadership in cybersecurity - why it is desperately needed; software and supply chains; phishing attacks; ransomware; and IoT botnet DDoS attacks.

SecureWorld Charlotte (Charlotte, North Carolina, USA, Mar 4 - 5, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

LBC2 (Towson, Maryland, USA, Mar 7, 2020) The third annual Loyola Blakefield Cyber Challenge is an exciting event for all participants. It will take place on March 7, 2020 at Loyola Blakefield High School. The challenge is created by students for students. Participants will be challenged with real-life scenarios that embody the specific cyber threats that are prevalent in today’s society. Whether you have had little or no training or are well-skilled in computer management, this challenge is open to everyone. The challenge will teach and assess participant’s skills and applications for handling cyber threats. Industry mentors will be on hand to make this a true teaching and learning day. If you have wanted to get involved in Cyber Security this is a great opportunity to try it out. The competition is open to all students in grades 8 thru 12. There is NO COST to attend for the day and lunch is provided. You only need to bring a laptop with you that is capable of accessing the internet wirelessly.

Techno Security & Digital Forensics Conference (San Diego, California, USA, Mar 9 - 11, 2020) Techno Security & Digital Forensics Conference provides a unique education experience that blends together the digital forensics and cybersecurity industries for collaboration between government and private sectors. The purpose is to raise international awareness of developments, teaching, training, responsibilities, and ethics in the field of IT security and digital forensics. Educational sessions cover topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, Forensics, Investigations, Information Security, and Sponsor Demos. Learn from industry experts, connect with leading suppliers, and discover the latest innovations in cybersecurity and digital forensics.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

RSAC 2020. Naming and shaming. Iranian threat actors. Wi-Fi chip bugs. DNC impersonators. Backups can be attacked, too.

Bring your own context.

CyberWire Pro is coming soon.