The CyberWire Daily Briefing, 3.26.20

Special Section

News for the cybersecurity community during the COVID-19 emergency

NIST has used its March ITL Bulletin to offer some timely advice about secure teleworking. The advice is pitched to enterprise IT organizations, not individual users. Microsoft's Roger Halbheer blogs a useful compendium of advice for smaller organizations and individuals. IoT World Today has thoughts on crisis management. And Brian Krebs points out that a lot of US Government sites aren't setting the best example with respect to communicating an informed understanding of security—as is so often the case, the large print giveth and the small print taketh away.

If you're a security professional with some enforced time at home on your hands, here's something to consider: the SANS Institute has a large number of online, "no-travel" courses available for professional development and certification.

Slack's CEO has shared an interesting Twitter thread in which he outlines how COVID-19 and the measures taken to control it have affected his company through the month of March.

The CyberWire intends to keep publishing on schedule during the coronavirus emergency. Stay healthy and, as always, stay in touch. (Virtually, not physically.)

Summary

By the CyberWire staff

Tupperware is the latest high-profile victim of the Magecart online card-skimmer. Malwarebytes found the malicious activity last Friday and notified the company. As Computing censoriously observes, Tupperware didn't do much about the issue until Malwarebytes took their discovery public yesterday.

Bitdefender yesterday reported discovering an attack campaign that’s changing DNS settings on home routers to redirect traffic to a site that purports to be an alert from the World Health Organization. The bogus WHO note urges those redirected there to download an app that will give them “the latest information and instructions about coronavirus (COVID-19).” Doing so in fact installs the Oski info-stealer.

The attack begins by brute-forcing vulnerable routers (mostly Linksys and D-Link devices) to get management credentials. The next step is altering the routers’ DNS IP addresses and redirecting a specific set of pages or domains to the phony WHO site. The malware is stored in Bitbucket, and TinyURL is used to conceal the Bitbucket link. And the final stage is delivery of the malicious payload. ZDNet advises checking routers' admin panel for 109.234.35.230 and 94.103.82.249. If either should appear, remove them, and change the administrative password.

Adobe has patched a vulnerability in its Creative Cloud Desktop Application for Windows. Exploitation of the flaw (rated "critical") could result in file deletion. And Apple has issued what Naked Security calls a "something for everyone" update that fixes issues in iOS, iPadOS, macOS, watchOS, and tvOS.

The White House has this week released the US National Strategy to Secure 5G.

April 2 Dragos Webinar: Ransomware in an Industrial World

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, European Union, France, Mexico, Russia, Slovakia, United Kingdom, and United States.

Bring your own context.

Spare a thought for a help desk under pressure. It's not easy to cope with a surge in telework. How should you prepare? Or if you're in the midst of things, how should you adapt?

"Normally, this is something that you'd have months or even a year to plan out and go on, you know, and get implemented. You've had to do this in a week. There are going to be mistakes. There are going to be holes. There are going to be problems that people run through. And that is going to create other problems.

"So, you know, you'll obviously have support problems because you'll have an overwhelmed support staff that is suddenly fielding, ten, twenty times more calls than they normally do. You'll also have employees that have trouble getting things set up, and so they may try to do workarounds, which means you could expose sensitive data. So there's all kinds of potential problems there.

"And then, as with the COVID-19 example, because of all the confusion and uncertainty, the employees may actually be more likely to click on a phishing email, especially one that purports to be from your IT team, because right now, you're probably expecting a lot of communication from your IT team. And so you get an email that says, VPN instructions - open this Word document. So you open it, and turns out you've installed something malicious on your desktop that now connects in.

"The best thing that you can do to sort of answer your original question is have a very well-documented plan that's communicated as early as possible, and then have backup plans if those don't work. So in other words, send out to your newly minted workforce, here are the steps you need to do to get connected. Only follow advice that comes from this specific email address. Don't ignore anything that is, companyname-support@gmail.com or anything like that. So warn people that these may be coming.

"So you do need to be adaptable in security and IT right now. Understand the real-world problems that people are having and give them the tools they need to do their job and feel confident that they're doing it in a secure way."

—Allan Liska, senior analyst at threat intelligence firm Recorded Future, on the CyberWire Daily Podcast, 3 .24.20.

Planning and rehearsal always are best, but in a crisis intelligent improvisation can still work wonders.

CyberWire Pro delivers timely briefings about developing news.

Take a look at CyberWire Pro, our new subscription program designed for security professionals and all others who want to stay abreast of cybersecurity news. CyberWire Pro is a premium service that will save you time and keep you informed.

Simple, secure identity and access management for your business.

LastPass Identity provides simple control and visibility across every entry point to your business through single sign-on, password management and multi-factor authentication in one unified solution. LastPass Identity provides a holistic view of end user activity to simplify security for IT, all while delivering the passwordless login experience employees want. Start a free LastPass Identity trial today.

On the Podcast

Hey—we get it: you're probably teleworking, just like us. But whether you're telecommuting or doing your usual morning drive, there's no need to miss a good podcast.

For your consideration: today's CyberWire Daily Podcast, out later this afternoon. We'll be speaking with our partners at the Johns Hopkins University's Information Security Institute, as Joe Carrigan talks about stimulus check scams. Our guest is Rachael Stockton from LogMeIn (LastPass), discussing the future of business network access security.

Interested in more? Hacking Humans is also up. In this week's episode, "Paging Dr. Dochterman," Dave shares an example of modern-day snake oil, Joe brings us his favorite old-time scams, the Catch of the Day is straight from Dr. Dochterman—you really can't make this stuff up—and later in the show Joe speaks with Scott Knauss - a security consultant who was targeted by scammers.

Sponsored Events

COVID-19: Immediate Secure Remote Work Response Summit by Attila (Online, March 31, 2020) Learn how you can quickly get your organization and its employees up and running with a secure remote work solution during the coronavirus. Register now to attend this one day virtual summit featuring tracks for the government, government contractors and the private sector.

Free Webinar: Ransomware in an Industrial World (Online, April 2, 2020) Ransomware has become one of the most common methods of profit for cybercriminals – and a major cause of computer disruptions. Join Dragos and the CyberWire on April 2 to hear strategies to combat this new cyber risk.

Georgetown University Programs in Cybersecurity Webinar (Online, April 9, 2020) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on Thursday, April 9, at noon ET to learn more.

Selected Reading

Dateline

NIST Cybersecurity Recommendations for Working from Home (Security Magazine) The Information Technology Laboratory (ITL), a component of the NIST Computer Resource Center, has issued a bulletin that reiterates NIST standards for teleworking.

Cybersecurity Crisis Management During the Coronavirus Pandemic (IoT World Today) Cybercriminals thrive on chaos, making cybersecurity crisis management vital.

COVID-19 Part 2: Data Tells the Story (PerimeterX) This blog dives deeper into recent traffic surges and the rise in ATO and skimming attacks in e-learning and travel respectively.

Surge in online traffic increases risk to businesses (Imperva) Imperva Research Labs has been monitoring the data across our thousands of customers since the outbreak of COVID-19. In reviewing anonymized data from our CyberThreat Index, we see new risks and several initial security implications from this pandemic for our customers and global businesses.

Tech Companies Weren't Hoarding Masks, They Were Protecting Employees From Wildfire Smoke (Reason) Plus: Kudlow says total stimulus package will cost $6 trillion, jails free nonviolent offenders, more...

[Slack CEO Butterfield on his company's COVID-19 experience] (Twitter) My day job (also: night job) is CEO of Slack, a publicly traded company with investors to whom I am a fiduciary, 110k+ paying customers of all sizes, and thousands of employees I care about very, very much. The last few weeks have been 🤯😳😢 Here’s what it's been like. [Thread]

COVID-19 & Voting: When Paper is the Safest Election Technology (McAfee Blogs) There are concerns that the COVID-19 pandemic will discourage voters from turning out to vote in person for this year’s U.S. presidential primaries and

Authoriti to Provide Free Fraud Protection to State and Local Government Agencies (Globe Newswire) This strategy will help local government agencies to preempt costly Business Email Compromise attacks during the coronavirus crisis

Businesses Can Quickly Assess Third Parties During COVID-19 With ProcessUnity’s Pandemic Questionnaire (Yahoo) ProcessUnity, a leading provider of cloud-based applications for risk and compliance management, today released a complimentary pandemic assessment for businesses to assess their third parties, vendors and suppliers to understand the effect of COVID-19 on critical business operations. ProcessUnity’s

SixFifty and Wilson Sonsini Launch Free Automated Legal Tools to Help Businesses Manage Employment Issues Created by COVID-19 (PR Newswire) SixFifty, the technology subsidiary of the law firm Wilson Sonsini Goodrich & Rosati, today announced the release of free automated legal tools...

SANS is offering fully certified cybersecurity training – without leaving your bunker (Register) Isolation is the perfect time to learn new skills

Secure Working from Home – Some Ideas and Guidance (Roger Halbheer on Security) There is plenty of information out there how to secure a “Home Office” environment in these days and I do not want this to be another one. However, I tried to compile a few resources, which might h…

Keeping Your Network Safe (Untangle) We have consolidated several check lists, guides, and best practices that you can implement at work or at home to ensure that networks can remain secure and vulnerabilities minimized.

Internet Archive launches National Emergency Library with no waitlists (TechSpot) The Internet Archive is doing its part during the Covid-19 outbreak by suspending its waitlists and creating a National Emergency Library to help serve what it calls displaced learners.

Cyber Attacks, Threats, and Vulnerabilities

Mexico's economy ministry hit by cyber attack (Reuters) Mexico's economy ministry detected a cyber attack on some of its servers on...

U.S. cybersecurity experts see recent spike in Chinese digital espionage (Reuters) A U.S. cybersecurity firm said Wednesday it has detected a surge in new cyberspy...

Hackers are messing with routers' DNS settings as telework surges around the world (CyberScoop) Attackers have discovered a way to change DNS settings in Linksys routers, pointing users to websites with what looks to be information about COVID-19.

D-Link and Linksys routers hacked to point users to coronavirus-themed malware (ZDNet) Hackers hijack routers' DNS settings to point users to malware-infected downloads.

New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer (Bitdefender Labs) Bitdefender researchers have recently found a new attack that targets home routers and changes their DNS settings to redirect victims to a malware-serving website that delivers the Oski infostealer as a final payload. What’s interesting about the attack is that...

Apple iOS users served mobile malware in Poisoned News campaign (ZDNet) As we all devour online news sources in the current climate, cyberattackers are waiting to spring.

Dark web hosting provider hacked again -- 7,600 sites down (ZDNet) EXCLUSIVE: Dark web hosting provider shuts down after getting hacked for the second time in 16 months.

Tupperware Website Hacked to Steal Credit Card Numbers (PCMAG) According to Malwarebytes, the credit card skimmer on Tupperware.com has been active for days now—until the antivirus company published today's report on the attack.

Tupperware accused of ignoring warnings over ecommerce website compromised by web-skimming JavaScript (Computing) Tupperware finally gets round to cleaning its ecommerce site days after being told that it had been compromised by a credit-card-stealing Magecart group

GE Employees Lit Up with Sensitive Doc Breach (Threatpost) Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.

Ginp banking malware takes advantage of coronavirus crisis: Kaspersky (TahawulTech.com) Kaspersky researchers revealed that the infamous Ginp banking Trojan has acquired a new functionality - that takes advantage of the coronavirus outbreak.

Security firm warns of increased phishing attacks on streaming services (Rapid TV News) There has never been so many people at home at any one time and there has never been so many in demand on-demand video services but these dynamics are increasin...

#COVID19 Fears Drive Phishing Emails Up 667% in Under a Month (Infosecurity Magazine) More than a third of untrained end users are susceptible to such scams

MN AG warning of COVID-19 phishing scams (Austin Daily Herald) Minnesota Attorney General Keith Ellison is warning Minnesotans about a reported spike in phishing attacks related to COVID-19 and is offering advice about how to spot, avoid, and report them. “We’re all concerned right now about our own health and the health of our loves ones and our communities,” Ellison said in a …

As consumers turn online for purchases, many are targeted by pandemic-related digital fraud (Help Net Security) There has been a spike in pandemic-related digital fraud since social distancing became widespread globally, according to a TransUnion research.

Malware Disguised as Google Updates Pushed via Hacked News Sites (BleepingComputer) Hacked corporate sites and news blogs running using the WordPress CMS are being used by attackers to deliver backdoor malware that allows them to drop several second-stage payloads such as keyloggers, info stealers, and Trojans.

Warning: Hackers Trick Thousands Into Downloading Dangerous ‘Google Chrome Update’ (Forbes) As Google pauses all but security update to Chrome, hackers seek to exploit the confusion

Do not download this Android 'coronavirus safety app' – it's a scam that can steal your texts and phonebook (The Sun) A SCAM encouraging people to download an app if they want a ‘coronavirus safety mask’ is targeting Android users. Cyber-security experts found the dangerous website which states “…

More Ransomware Gangs Join Data-Leaking Cult (BankInfo Security) More bad ransomware news: Following in the footsteps of Maze, now even more cybercrime gangs are threatening to not only crypto-lock systems but also leak stolen

Ransomware and cryptocurrency: A killer duo? (Cryptopolitan) Ransomware and cryptocurrency go back a long way indeed. So long that people have actually forgotten that the two are not really directly related but yes ransomware, as the name […]

Evasive malware increasing, evading signature-based antivirus solutions (Help Net Security) Evasive malware reached record high levels, with over two-thirds of malware detected by WatchGuard in Q4 2019 evading signature-based antivirus solutions.

Hackers target Three customers with "sophisticated" phishing scam (IT PRO) Cyber criminals use elements from Three’s style and links out to its website

Warning of HMRC phishing and text scam circulating in St Helens area (St. Helens Reporter) St Helens Chamber has warned businesses be aware of a HMRC phishing scam circulating in the area.

Security Patches, Mitigations, and Software Updates

Apple iOS 13.4 offers fixes for 30 vulnerabilities (Naked Security) Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.

Adobe issues emergency fix for file-munching bug (Naked Security) Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victims’ files.

Google's Chrome will give you an 'always show full URL' setting (ZDNet) Google will give Chrome users the choice to have the browser display the www of a website's address.

Namecheap blocks registration of domains with ‘coronavirus’ and ‘vaccine’ in the name (The Verge) You can still apply manually to register a new domain

Cyber Trends

RSA 2020: A Game of "Would You Rather" (Lastline) Though RSA is officially behind us, headlines surrounding the show continue to circulate. It’s no secret that attendees walking the halls of Moscone had a lot of pressing issues to think about. Health concerns aside,

Exabeam Research Shows Companies are Embracing Cloud-based Security Tools, but Concerns Around Risk, Ease of Deployment Remain - Exabeam (Exabeam) Over half (58 percent) of organizations have migrated at least one quarter of their security tools to the[...]

SpyCloud Research: Breach Exposure of the Fortune 1000 (SpyCloud) We were able to tie more than 412 million breach assets within the SpyCloud database to employees within the Fortune 1000, providing a snapshot of the breach exposure affecting major enterprises.

Your SSN costs less than a Starbucks coffee on the dark web (Atlas VPN) Social Security number (SSN) costs as little as $4 on the darknet. Meaning, Venti latte at Starbucks costs 15 cents more than your SSN on the dark web.

Marketplace

Cybersecurity Investors Take Varying Approaches Amid Market Turmoil (Wall Street Journal) Strategies for investing in cybersecurity startups are widely differing as the coronavirus-related economic rout affects venture-capital markets.

5 ways to attract the best information security pros (TechBeacon) Organizations with the right mindset can exploit dissatisfaction in the market and land the information security talent they need. Here's how.

CGI to acquire TeraThink (Intelligence Community News) On March 25, Fairfax, VA-based CGI announced its intent to acquire TeraThink, a leading information technology and management consulting firm providing

Accenture wins Defence contracts (CRN Australia) $5m with Army and $4m with the ASD.

GSA awards $17 million task order (Federal Times) Two companies are partnering to modernize the Federal Acquisition Service's legacy websites.

Tufin Recognized as Best Cybersecurity Company of 2020 (BusinessWire) Tufin® (NYSE:TUFN), a company pioneering a policy-centric approach to security and IT operations, today announced that it received several accolades i

ForgeRock Expands Leadership Team to Extend Success in Cloud and Identity Governance (Globe Newswire) Renee Beckloff, VP of Cloud Success, and Sudhakar Peddibhotla, VP of Engineering, join digital identity leader

Cisco continues exec reshuffle with new EMEAR boss (CRN) Elisabeth De Dobbeleer steps into the role left vacant by new UK and Ireland MD

Nick Savvides joins Forcepoint (CRN Australia) Symantec veteran jumps ship.

Products, Services, and Solutions

Hunters.AI Now Available in CrowdStrike Store, Offering Users ‘XDR’ Capabilities and Extending Threat Detection Beyond the Endpoint (Globe Newswire) Hunters, an Israeli cybersecurity pioneer in autonomous threat hunting, announced CrowdStrike, a leader in cloud-delivered endpoint protection, has made Hunters.AI threat hunting solution available through the CrowdStrike Store. Hunters’ innovative approach extends threat detection beyond the endpoint and enables threat hunting at scale.

Altitude Networks Announces Free Security Assessment for Enterprises to Understand Risks to Data Stored in the Cloud (PR Newswire) Altitude Networks, the industry's first cloud-native DLP for SaaS collaboration, today announced its Rapid Security Assessment program. The...

Concerned About Wi-Fi Security? Guard Dog Solutions Premieres First AI Solution to Proactively Find and Eliminate Cyber Security Threats (StreetInsider.com) Especially critical for remote workers, Public Wi-Fi during efforts to slow the advancement of COVID-19: Proactively manages Wi-Fi vulnerability with real-time elimination of threats before they can progress into exploits -...

Onward Security promotes DevSecOps to address challenges in cybersecurity regulatory compliance (DIGITIMES) In the IoT era, device manufacturers or brands are strongly promoting network-enabled products while trying their best to shorten time-to-market. In their effort to speed up product development, they may overlook some blind spots in data protection and put devices with security vulnerabilities on the market. More often than not, such security vulnerabilities are discovered by foreign government agencies or hackers, which may not only cause harm to consumer privacy but also lead to litigations that damage to business reputation and brand image.

Technologies, Techniques, and Standards

Tokyo Olympics Postponed, But 5G Security Lessons Shine (Threatpost) Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.

US Government Sites Give Bad Security Advice (KrebsOnSecurity) Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

INSIGHT: Cyber Incidents Call for Privacy Counsel and Litigation Counsel (Bloomberg Law) Companies facing an actual or suspected cyber incident or breach often rely on outside counsel to help them navigate the legal aftermath. Robins Kaplan LLP partner Anne M. Lockner recommends general counsel hire separate privacy counsel and litigation counsel to create a strong team ready to focus on their areas of expertise.

Do DevOps Teams Need a Company Attorney on Speed Dial? (Dark Reading) In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.

Threat Simulation Overview and Setup (Active Countermeasures) Intro No software project is complete without testing. In this blog series, we’ll cover how to test if your Threat Hunting platform can …

Threat Simulation - Unexpected Protocol on Non-Standard Port (Active Countermeasures) Intro This article is 1 of 7 in a series on testing Threat Hunting software to make sure that it’s configured correctly and …

Design and Innovation

Meet the 17-year-old behind the world's most popular coronavirus tracker (The Telegraph) He may only be 17 years old, but Avi Schiffmann has already outdone Silicon Valley's best engineers in tracking the spread of coronavirus.

Governments could track COVID-19 lockdowns through social media posts (CNET) A research group scrapes more than 500,000 Instagram profiles in Italy to see if people are abiding by the quarantine.

Academia

This team wants to teach your kids cybersecurity while they're home from school (CyberScoop) The virtual "Cyber School," plans to host livestreams focused on topics including online safety, ethical hacking, and social engineering.

Legislation, Policy and Regulation

Brazil-EU Cyber Cooperation: Swinging Bridges on the Road to Stability in Cyberspace (Council on Foreign Relations) The February 20 Brazil-EU Cyber Dialogue signaled the most recent step taken by Brasília and Brussels to collaborate on advancing responsible state behavior in cyberspace.

Slovakia to track coronavirus victims through telecoms data (Financial Times) Parliament passes law as Europe weighs right to privacy against moves to contain outbreak

France announces $4.3B plan to support startups (TechCrunch) France’s Ministry of State for Digital Affairs Cédric O and public investment bank Bpifrance announced a comprehensive support plan for startups this morning. Some French startups are going to face revenue issues as well as funding issues in the coming months. The French government wants to tempora…

White House Releases National Strategy for 5G Security (Nextgov.com) The strategy focuses on four lines of effort and will guide how the government approaches 5G for the near future.

Amid pandemic, Pentagon urges ‘hyper-vigilance’ against foreign investment (Defense News) The economic situation creates

Washington Pushes for More Sanctions on Russian Businessman (Wall Street Journal) Eleven members of the U.S. House of Representatives have urged the European Union to impose sanctions on Russian oligarch Yevgeny Prigozhin, the latest attempt by lawmakers to combat alleged election meddling by the Kremlin in the U.S. and allied countries and possible disinformation about the coronavirus pandemic.

Pentagon leaders are ‘doing what we can’ to improve networks (C4ISRNET) The Department of Defense has been working to bolster its networks as the number of employees teleworking surges during the new coronavirus pandemic, senior leaders say.

Teleworking among feds ramped up but plenty of issues remain (Federal News Network) In a Federal News Network online survey of feds, 77% said they are teleworking because of the coronavirus emergency.

One senator wants vendors to ensure their internet connectivity devices are secure (Fifth Domain) The senator also called on vendors to notify users of available security updates.

‘Just Say No’ Is Not a Strategy for Supply Chain Security (Lawfare) Globalization has left Western end-users at least partially dependent on capabilities and services provided by foreign vendors that may not be entirely trustworthy.

Analysis | The Cybersecurity 202: It’s probably game over for more election security before November elections (Washington Post) The third round of security funding since 2016 came with no strings attached in the coronavirus stimulus bill.

Review: If coronavirus doesn't end us, electronic voting just might (Los Angeles Times) The documentary ‘Kill Chain: The Cyber War on America's Elections,’ directed by Simon Ardizzone, Russell Michaels and Sarah Teale, reveals that electronic voting is still woefully unsafe.

Litigation, Investigation, and Enforcement

Battling the global COVID-19 scammers and fake news hawkers (Naked Security) Europol seized 34K fake surgical masks, while the office of NY's AG wants registrars to explain how they're battling the sale of lies.

Patent board grants BlackBerry review of Facebook challenge (Seeking Alpha) The Patent Trial and Appeal Board today has granted a petition from BlackBerry (BB +6.9%) for an inter partes review of Facebook's (FB -0.8%) patent 7,302,698. That suggests it's determined that Blac

WikiLeaks Founder Assange Denied Bail Amid Pandemic (Law360) A London judge refused Wednesday to release WikiLeaks founder Julian Assange, who is fighting extradition to the U.S., from prison after his lawyers had argued he should be granted bail because he was vulnerable to contracting the coronavirus in prison.

Data Privacy Risks and COVID-19 Defense (The National Law Review) Electronic technology is protecting us from COVID-19, but is it violating our privacy? Individuals and institutions are taking drastic measures to flatten the curve of COVID-19 infections, and thes

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

National Cyber League (NCL) Spring Season (Various locations, March 19 - May 15, 2020) The National Cyber League (NCL) is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual Game and Team Game. NCL allows players of all levels to enter. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel. Registration for the Spring Season closes March 20, 2020.

SecureWorld Boston (Boston, Massachusetts, USA, March 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

Kernelcon (Omaha, Nebraska, USA, March 27 - 28, 2020) Kernelcon is the result of many motivated information security professionals who recognized the opportunity to create an awesome security conference in Omaha. The idea for Kernelcon started within the local DEF CON Group, DC402, with lots of help from other members of other local security groups such as NebraskaCERT and OWASP. We are inspired by many other conferences including DEF CON, DerbyCon, ShmooCon, etc., and wanted to bring those same experiences to the Mid-West here in Omaha.

InfoSec World (Lake Buena Vista, Florida, USA, March 30 - April 3, 2020) Join your peers and our experts at InfoSec World 2020 Conference & Expo on March 30 – April 1 to not only address the disruptive technologies and threats on the horizon, but to create a plan for managing the people, processes and tools for how your organizations react and cope with these intrusive circumstances.

4th Annual Denver Cyber Security Summit (Denver, Colorado, USA, April 2, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from the U.S. Dept. of Homeland Security, U.S. Dept. of Justice, Cisco, Darktrace, ExtraHop, and more about the latest threats facing your company.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Magecart burps Tupperware. DNS hijacking campaign delivers Oski info-stealer via COVID-19 phishbait. Patch notes. Securing 5G.

Bring your own context.

CyberWire Pro delivers timely briefings about developing news.