skip navigation

More signal. Less noise.

Daily briefing.

The energy sector cyber recon tool that SentinalOne found associated with “Furtim” on the dark web continues to look like the work of a state security service.

xDedic, the hacker server souk that vanished temporarily has resurfaced on a Tor domain, Digital Shadows reports. You can sign up for $50 (we recommend you don’t).

In the ransomware world, Heimdal outlines a newly discovered cheap-and-nasty, “Stampado,” noteworthy because it doesn’t need ransomware to operate. ThreatTrack has a detailed report on Cerber (recently active against Office 365 users), and Kaspersky reiterates warnings against Satana (which the researcher primly notes writes better Russian than it does English). Trend Micro claims to be enjoying success blocking ransomware in Asia; it’s also opened up a ransomware hotline for victims. In the US, the Office of Civil Rights at the Department of Health and Human Services releases new HIPAA guidance suggestive of a punitive approach to healthcare ransomware victims.

Yesterday was Patch Tuesday, and Microsoft issued fixes for eleven bugs, six of them “critical.” One closed a printer drive-by vulnerability, another closed the door to some Office security feature bypasses. Adobe and Drupal also patched.

Signs suggest ISIS is preparing for the loss of its territory. Inspiration and online presence will wax in importance as conventional training and command wane.

Russian security officials voice concerns similar to those heard in the West: understaffing, not enough resources, constant pressure of ongoing cyber attacks. They also deplore officialdom’s stubborn reliance on Western software: more autarky equals more security.

Notes.

Today's issue includes events affecting Australia, European Union, Germany, Indonesia, Iraq, Israel, Malaysia, Russia, Singapore, Syria, Ukraine, United Kingdom, United States.

A note to our readers: we'll be up in New York tomorrow, covering SINET's 2016 Innovation Summit. Watch for live-Tweeting and a special issue featuring a comprehensive report on the conference.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's MC2, as Jonathan Katz tells us about "fansmitter" malware and their purported ability to exfiltrate data from air-gapped machines. We also have an interview with Scott Stables of Booz Allen Hamilton about BAH's recent report on industrial control system security. (Like the podcast? If you do, and if you'd care to review it, you can share your thoughts at iTunes.)

E8 Security at Cisco Live 2016 (Las Vegas, NV, USA, July 11 - 13, 2016) E8 Security - DETECT. HUNT. RESPOND. Cisco Live 2016

SINET Innovation Summit 2016 (New York, NY, USA, July 14, 2016) — Register with promo code SINECYB for $100 of the price of admission.

Cyber Attacks, Threats, and Vulnerabilities

Inside ISIS: Quietly preparing for the loss of the ‘caliphate’ (Washington Post) Even as it launches waves of terrorist attacks around the globe, the Islamic State is quietly preparing its followers for the eventual collapse of the caliphate it proclaimed with great fanfare two years ago

Russia reports increase in cyber-attacks by Western special services (SC Magazine) Just as Western governments are concerned about Chinese or Russian state hackers, the Kremlin worries that its government agencies are under increasing western attack, and is concerned about skill shortages in government

Researchers Found a Hacking Tool that Targets Energy Grids on the Dark Web (Motherboard) A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid’s system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum

Nation-backed malware that infected energy firm is 1 of 2016’s sneakiest (Ars Technica) Tool only drops malware after painstakingly dismantling AV and other defenses

xDedic Hacked Server Market Resurfaces on Tor Domain (Threatpost) The xDedic market has resurfaced, this time on a Tor network domain and with the inclusion of a new $50 USD enrollment fee

An online market that offered cheap hacked servers returns (PC World) The xDedic site had been offering access to hacked servers across the world

Windows Print Spooler Flaws Lead to Code Execution (Threatpost) Networked printers have always posed an interesting attack vector, mostly for academics looking for vulnerabilities, and vandals sending garbage to the print bin

Critical printer vulnerability (CVE-2016-3238) discovered in Microsoft Windows (Vectra) The Vectra Threat Labs discovered a critical vulnerability that allows printer watering-hole attacks to spread malware

Little Snitch Bug Leaves Some Mac Systems Open to Attack (Threatpost) Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems

Security Alert: New and Cheap Stampado Ransomware for Sale on the Dark Web (Heimdal Security) This cryptoware strain plays Russian roulette with your files. And doesn't need administrator privileges to encrypt your data

A Look at the Cerber Office 365 Ransomware (ThreatTrack Security Labs) Reports of a Zero-day attack affecting numerous Office 365 users emerged late last month (hat tip to the researchers at Avanan), and the culprit was a new variant of the Cerber ransomware discovered earlier this year. As with the other Zero-day threats that have been popping-up like mushrooms of late, the main methods of infection is through the use of Office macros

Petya clone Satana is the new Russian-linked 'ransomware from hell', says Kaspersky Lab (International Business Times) The ransomware not only encrypts files but also blocks Windows booting processes

10M Ransomware-Related Cyber Threats Detected, Blocked in Apac, Says Security Firm (CFO Innovation) More than ten million ransomware-related cyber threats have been detected and blocked in Asia Pacific (APAC) from January to May this year, while the total number of similar attacks exceeded 66 million globally, according to Trend Micro, Inc

Me and Mr. Robot: Tracking the Actor Behind the MAN1 Crypter (THREATgeek) With season two of Mr. Robot approaching, the storyline follows a hacker group that takes down an evil global corporation and collapses the financial market. Led by the mysterious Mr. Robot, the hackers use a variety of tricks to evade detection, and seem to cover their tracks at every turn. There are similarities shared by the show's hackers and real-life attackers

Healthcare Hacks Face Critical Condition (Dark Reading) It's not just SSNs and credit cards -- detailed patient records and full EHR databases are targeted by cybercriminals today

Healthcare Under Attack: Cybercrimials Target Medical Institutions (InfoArmor) In mid-May 2016, InfoArmor notified the National Healthcare and Public Health Information Sharing and Analysis Center (NH-ISAC), along with the appropriate parties concerning the incident, providing them with relevant information for further investigation and identification of the key bad actors

A ‘Pokémon Go’ Bug Is Reportedly Locking People Out of Their Accounts (Motherboard) The most stunning thing about Pokémon Go, Nintendo’s implausibly successful attempt at resuscitating itself, isn’t its popularity—instead, it’s the wide gulf between the fun factor of the game is and the shoddiness of the app

Fake Pokémon GO app watches you, tracks you, listens to your calls (Naked Security) Have you heard of Pokémon GO? If you haven’t, you probably will soon: it’s an online game for mobile phones, and it’s taken the world by storm

Some public places want more Pokémon Go—but the Holocaust Museum does not [Updated] (Ars Technica) Follows anecdotal police, medical reports of people using the app to their detriment

Google, Niantic to Limit Data Pokémon GO Collects (Threatpost) Niantic, Inc. – the company behind the ubiquitous, can’t-go-10-minutes-without-hearing-about-it Pokémon GO game – said Monday night it wasn’t the company’s intent to request full access permission of its users’ Google accounts

Sen. Al Franken questions Niantic over Poképrivacy policy (TechCrunch) Always with his finger on the pulse, Senator Al Franken (D-Minn.) today sent an official request to Niantic asking about particulars of the Pokémon Go privacy policy

Sicherheitstipps für Pokemon Go Spieler (Online PC) Pokémon Go: Android App-Version mit integrierter Hintertür aufgetaucht. Mit diesen Tipps sind Fans auf der Jagd nach Taubsi und Co. sicher unterwegs

UK Network Rail: British transport system had four cyberattacks in one year (International Business Times) Cyber criminals could access trains, computer networks or message boards

Hacked 3D printers could commit industrial sabotage (CSO) Hackers could introduce defects into printed products, researchers are warning

Cybersecurity risks in 3D printing (Help Net Security) 3D printing (i.e. additive manufacturing) is a $4 billion business set to quadruple by 2020

Comcast business phone service is down and small businesses are freaking out (TechCrunch) Comcast’s business phone service seems to be having a huge nationwide outage. While the company acknowledged that some customers may be experiencing problems with phone service, the issue seems to be pretty widespread, with reported outages in dozens of cities across the country

Seeking Alpha Mobile Financial App Forgoes Encryption (Threatpost) A popular mobile application that provides financial market research material operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk

IBM Discovers Vulnerability In MIUI; Fix Is Already Out (Android Headlines) The IBM X-Force Application Security Research Team recently revealed that it has discovered a vulnerability in Xiaomi’s MIUI operating system, which would technically allow for an attacker to execute code remotely on a device through man-in-the-middle attacks. The good news is that the vulnerability has been addressed by Xiaomi, and as a PSA, owners of Xiaomi smartphones are advised to update their devices to the latest available firmware

Inactive SingPass accounts a security risk? (Straits Times) About half of all 3.3 million account holders have not registered for SingPass' new two-factor authentication (2FA) feature when the July 4 sign-up deadline passed

Fortinet warns Malaysians about the Dark Web (MIS Asia) Prompted by a recent case of a British paedophile operating in Malaysia, networking security specialist Fortinet has issued an advisory warning Malaysians about the Dark Web where illicit videos and images were found posted

Security Patches, Mitigations, and Software Updates

Microsoft Patch Tuesday Summary for July 2016 (SANS Internet Storm Center) As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important

Adobe, Microsoft Patch Critical Security Bugs (KrebsOnSecurity) Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software

July 2016 Patch Tuesday: Microsoft releases 11 security updates, 6 rated critical (Network World) Lucky you, it's that time again. Happy patching!

Microsoft splats bug that turns printers into drive-by exploit kits (Help Net Security) In this month’s Patch Tuesday, Microsoft has released 11 sets of patches – 6 “critical” and 5 “important”

Microsoft Fixes Bypass of Critical Security Feature in Office Suite (Softpedia) Microsoft closes the door for macro-malware and OLE exploits

Adobe Patches 52 Vulnerabilities in Flash Player (TechCrunch) Adobe today pushed out an updated Flash Player that patched 52 vulnerabilities, most of which led to remote code execution on compromised machines

Pokémon Go updated to address privacy concerns (TechCrunch) After users and press noticed that Pokémon Go on iOS requested “full access” to a user’s Google account when signing up, Niantic promised an update to modify the permissions required. Now, less than 24 hours after Niantic made that promise, the update is live, and limits asked-for info to just “Know who you are on Google” and “View your email address”

Update Your Pokémon Go App Now to Fix That Privacy Mess (Wired) The game Pokémon Go is extraordinarily popular, with one extraordinarily unpopular drawback: Its iOS app has demanded full access to all of your Google account information. That means it could have potentially been able to “see and modify nearly all information in your Google Account,” according to Google, short of changing your password or tapping into Google Wallet. This is very bad! And now you can fix it

Drupal: Patch released today to fix a highly critical RCE in contributed modules (SANS Internet Storm Center) Drupal announced that they will release today (Wed July 13th 2016 16:00 UTC) a patch that will fix highly critical remote code execution vulnerabilities in contributed modules. Drupal core is not affected

Cyber Trends

Security vs. Privacy: Is there still a conflict? (The Hill) At a time of the global information security crisis, we often hear that in order to achieve stronger security against emerging threats, including terrorism and cyber attacks, we must accept less privacy. This should apply to our communications, financial transactions, and all other internet-powered activities. Many simply assume that more visibility and state control automatically translate into more safety

The explosive growth of the IoT security market (Help Net Security) The IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets

Opportunity knocks in cyberspace (Asia and the Pacific Policy Forum) Where prosperity and security are not so strange bedfellows

Advanced Persistent Threats Are The Next IT Security Battleground In UK Public Sector, Reveals Gigamon iGov Survey (RealWire) Study shows clear understanding of cyber risks, with 85 percent respondents reviewing security considerations

Marketplace

Bay Dynamics Announces $23 Million Series B Financing Round Led By Carrick Capital Partners (Bay Dynamics) Bay Dynamics®, a leader in cyber risk analytics, announced today that it has completed a $23 million Series B financing round led by Carrick Capital Partners, an investment firm focused on technology-enabled businesses including SaaS, Software, BPO and Transaction Processing. The round includes capital from Series A investor Comcast Ventures, the venture capital affiliate of Comcast Corporation

Imperva Q2 View May Lift Akamai, Proofpoint (Barron's) Strength for Imperva’s cloud-based security solutions is a positive read on Akamai and may be a positive for Proofpoint

Eisen bringing new technology to cybersecurity space (Phoenix Business Journal) Ori Eisen is a pioneer in the Valley’s world of cyber safety. His latest effort in providing online security is Scottsdale-based company Trusona

Portland startup sees security threats in everyday devices (Oregonian) The webcam baby monitor, the computer chips in an elevator panel, the circuitry inside medical devices: Portland startup Senrio sees these as the next frontier in online security

Paint it black: Revisiting the Blackphone and its cloudy future (Ars Technica) Layoffs, legal disputes, and a major OS update shuffle the deck for privacy-focused phone

The 'Pokémon Go' Endgame: Getting You to Walk Into Chipotle (Motherboard) Much of the news about the augmented reality smartphone game Pokémon Go currently focuses on how it's leading people out of their homes and into parks and to landmarks they might have otherwise avoided, but already there are signs of change

FCA offering hackers cash to identify security risks (Detroit News) Fiat Chrysler Automobiles NV is becoming the most recent automaker to turn to hackers and other software gurus outside the company to identify potential security issues with their vehicles and software systems

SWIFT makes big cybersecurity push following criticism over record-breaking cyber heist (CIO Dive) Dive Brief: Financial communications network SWIFT announced Monday it has hired BAE Systems and Fox-IT to help improve its own security and probe customer security incidents, according to a statement. SWIFT also recently created a dedicated internal Customer Security Intelligence team to bolster its customer information sharing initiative, which aims to help thwart cyberattacks across the network. Both efforts are part of the global financial messaging network’s recently launched Customer Security Programme, where SWIFT helps its "community" by offering "forensic investigations" related to its products and services

Pentagon punts propaganda contractor (USA Today) The Pentagon has severed its relationship with its longtime propaganda contractor in Afghanistan after spending more than $425 million on its pamphlets, broadcasts, websites and billboards

Fulcrum to Support SAIC in Cyber Operations Work With Cybercom (GovConWire) Science Applications International Corp. (NYSE: SAIC) has awarded Fulcrum a subcontract for technology and operations services in support of the former’s cyber operations contract with U.S. Cyber Command, ExecutiveBiz reported Monday

Symantec Name President and COO (Infosecurity Magazine) Symantec has announced that Michael Fey is to join the company as President and Chief Operating Officer

Forcepoint™ Solidifies Cyber Research & Innovation Leadership with Executive Appointments (PRNewswire) Team of Richard Ford, Kris Lamb and Brian Shirey position Forcepoint to help organizations solve the most advanced and evolving security threats

Products, Services, and Solutions

Trend Micro’s Free Hotline and Tools Help Consumers Combat Ransomware (Yahoo! Finance) Consumers worried about the extremely disruptive online threat called “ransomware” have a serious ally in Trend Micro (TYO: 4704; TSE: 4704), one of the world’s leading cybersecurity companies. To help U.S. consumers - whether they are Trend Micro customers or not - the company has set up a free hotline and ransomware resource center to provide education on what ransomware is and advice on how best to protect themselves against it or respond to an attack

SecureWorks Delivers Powerhouse of Security Intelligence and Threat Prevention with Palo Alto Networks Security Platform (Yahoo! Finance) SecureWorks Corp. (SCWX) today announced an integration which combines the high-fidelity portions of its proprietary Attacker Database with the Palo Alto Networks® Next-Generation Security Platform as part of the SecureWorks managed Palo Alto Next-Generation Firewall Service. This solution is designed to enhance security for organizations worldwide with additional threat intelligence

How ‘Cyber Guards’ Patrol Networks Looking For Hackers (Motherboard) Given the ever-increasing and seemingly unstoppable pervasiveness of hacks and cyber thefts, every year seems to be the year of the data breach

Cybersecurity Found Lacking in US Air Force's Troubled OCX Program (Defense News) During the eight years Raytheon developed a new GPS control station, the company fell prey to one of the pitfalls that have plagued many acquisition programs throughout history, a key Air Force official said Tuesday

Are You at Risk From Phishing Attacks? Try Phishing Yourself (eWeek) Duo Security launches a free phishing simulation tool that lets organizations test their readiness against phishing attacks

Technologies, Techniques, and Standards

CISSP certification: Are multiple choice tests the best way to hire infosec pros? (Ars Technica) Focus on skills instead of certifications like the CISSP, experts argue

Blog: The Virtual Cybersecurity Frontier (SIGNAL) It’s no exaggeration to say the networking industry is going through a period of near-unprecedented change. The explosion of software defined network (SDN) concepts over the past few years brings great promise for new networking capabilities and increased economies of scale. The rapid adoption of SDN and network functions virtualization (NFV) by global telecommunications service providers will continue to drive the rapid evolution and standardization. Additionally, SDN will bring many benefits to enterprise securities yet to be fully explored or imagined

Now it’s easy to see if leaked passwords work on other sites (Ars Technica) Freely available tool follows the release of more than 642 million account credentials

The Crooks Share Intel. So Should Your Company. (PaymentsSource) The Federal Financial Institutions Examinations Council (FFIEC) recently issued a warning for financial institutions to review their cybersecurity as it relates to fraudulent transfers and global payment networks

Keys to successful security vendor collaboration (Help Net Security) The IT manager tasked with understanding today’s complex vendor landscape is in an unenviable position. The rapid proliferation of new types of cyber security threats and general IT dynamics has, in turn, driven a near equal proliferation of products and services aimed at helping manage the associated risks. Keeping up with the categories of products and services that now make up the security vendor landscape is challenging enough, not to mention keeping abreast of the strengths and weaknesses of individual vendors

Power grid cyber deal between utility and National Guard hailed as model (FedScoop) The deal, under which Washington state's Air National Guard penetration tested the computer network of a state-owned utility, took two years to put together and could be replicated nationwide

Design and Innovation

IBM clocks up blockchain first in Singapore (IBS Intelligence) IBM is to open a blockchain innovation centre in Singapore. In conjunction with the Singapore Economic Development Board (EDB) and the Monetary Authority of Singapore (MAS), IBM will over the next three years work with government, industries and academia to develop applications and solutions which are based on enterprise blockchain, cyber security, and cognitive computing technologies. The centre will also engage with SMEs to create new applications and grow new markets in finance and trade

The hacker who makes sure 'Mr. Robot' gets it right (Christian Science Monitor Passcode) Cybersecurity researcher Marc Rogers is the principal hacking consultant on the hit TV show "Mr. Robot," which debuts its second season on the USA Network Wednesday

An interview with the anonymous founder of PostGhost (TechCrunch) PostGhost was a service that stored and displayed the deleted Tweets of celebrities and politicians. Created as a way to keep public discourse honest, Twitter shut it down with a cease and desist warning citing a failure to comply with API rules. The resulting brouhaha led me to track down the anonymous founder and ask him or her a few questions about what happened

Legislation, Policy, and Regulation

ASIO to swap spies with Indonesia to combat ISIS (Australian) Australia will exchange spies with Indonesia in a bid to confront the growing scourge of Islamic State-inspired terrorism in the region

Cyber Warfare Is Real — Should We Blame the U.S. and Israel For Starting It? (Forward) In late 2009, something almost laughably scary started happening at the Natanz nuclear facility in Iran: centrifuges — slim cylinders containing powerful rotors used to enrich uranium — began exploding

The EU-US Privacy Shield: what happens next? (Help Net Security) Yesterday the European Commission formally approved the EU-US Privacy Shield, making transfers of personal data to the US legal under European law for companies that have certified to the framework

EU’s General Data Protection Regulation Is Law: Now What? (Dark Reading) Organizations have two years to prepare to act as borrowers, not owners, of customer data. Here are seven provisions of the new GPDR you ignore at your peril

Influencers: Antihacking law obstructs security research (Christian Science Monitor Passcode) A strong 75 percent majority of Passcode’s Influencers said a US government law used to prosecute hackers overly restricts necessary security research

OCR’s HIPAA guidance on ransomware puts pressure on providers (Health Data Management) With the healthcare industry increasingly coming under attack from ransomware gambits, the Department of Health and Human Services’ Office for Civil Rights has released new HIPAA guidance on the risks of being victimized by file-encrypting malware

White House releases plan to boost cyber workforce (Federal Times) The cybersecurity challenge has a number of dimensions, not the least of which is finding enough qualified people who truly understand the problem and potential solutions. But the administration has a plan

DHS pushes for more cyber experts in the field (FCW) The Department of Homeland Security wants to expand a program that puts federal cyber and physical security experts on the ground in potentially vulnerable spots, officials told lawmakers

Army merging electronic warfare into new cyber directorate (C4ISRNET) The Army has disbanded its electronic warfare division, though this is not the end for its staff or electromagnetic spectrum capabilities. Instead, the Army will incorporate the EW division into a newly established cyber directorate at the Pentagon within the Army G-3/5/7, according to officials at Army headquarters

Energy Department Announces Up to $15 Million to Help Improve the Security and Resilience of the Nation’s Power Grid (Energy.gov) As part of the Obama Administration’s commitment to protecting America’s critical infrastructure, U.S. Deputy Energy Secretary Elizabeth Sherwood-Randall today announced new funding to strengthen and protect the nation’s electric grid from cyber and physical attacks. The Energy Department will provide up to $15 million, subject to congressional appropriations, to support efforts by the American Public Power Association (APPA) and the National Rural Electric Cooperative Association (NRECA) to further enhance the culture of security within their utility members’ organizations

Litigation, Investigation, and Law Enforcement

Senators ask FTC how it plans to stop click fraud (SC Magazine) In a letter sent yesterday to the Federal Trade Commission, U.S. Sens. Charles Schumer (D-N.Y.) and Mark Warner (D-Va.) requested that the agency turn its attention to digital ad fraud and its detrimental economic impact

Shifting the cost of security (Network World) Security teams fight a constant battle—and spends lots of money—preventing cyberattacks. We need to shift the burden and have prosecutors go after cyber criminals

For the first time, federal judge tosses evidence obtained via stingray (Ars Technica) Judge: "The Government may not turn a citizen’s cell phone into a tracking device"

FBI Agent: Decrypting Data ‘Fundamentally Alters’ Evidence (Motherboard) An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data “fundamentally alter” it, therefore contaminating it as forensic evidence?

TOS agreements require giving up first born—and users gladly consent (Ars Technica) Study says participants also agreed to allow data sharing with NSA and employers

AG Lynch stonewalls congressional hearing over Clinton e-mail scandal (Ars Technica) Attorney general testifies "it would be inappropriate for me to comment further"

Loretta Lynch Defends Her Decision on Hillary Clinton’s Emails (Time) "The matter was handled like any other matter"

Three takeaways from AG Loretta Lynch's testimony (Washington Examiner) 1. We learned nothing new

FBI to return thousands of recovered Clinton emails to State Department for potential release (Washington Post) The FBI said Tuesday that it will turn over to the State Department thousands of work-related emails recovered in the investigation into Hillary Clinton’s use of a personal email server while secretary that the State Department said it then will review for possible public release

Clinton legal team moves to block deposition in email lawsuit (Politico) Lawyers for Hillary Clinton are going to federal court for the first time to block efforts to force her to testify in a civil lawsuit related to her private email set-up

Senate investigation says top US diplomat deleted emails (McClatchyDC) A senior U.S. diplomat deleted an untold number of work emails, apparently unaware that even routine messages received and sent by a top government official should be saved, according to a Senate investigation released Tuesday

Whistle-Blower on N.S.A. Wiretapping Is Set to Keep Law License (New York Times) A District of Columbia bar committee has agreed to a deal that would let a former Justice Department lawyer keep his law license even though he said he was one of the sources for a 2005 article in The New York Times about the National Security Agency’s program of wiretapping without the court-approved warrants ordinarily required for domestic spying

Teenager admits Mumsnet password cyber attack charges (BBC) A teenager has pleaded guilty to a cyber attack on Mumsnet which caused the parenting site to reset the passwords of 7.7 million members

German Convicted of War Crime for Posing With Heads in Syria (ABC News) A German court has convicted a man of committing a war crime after he posed for photos with severed heads in Syria. The 21-year-old, a German with Iranian roots, was sentenced to two years in prison

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with...

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

CSX 2016 North America (Las Vegas, Nevada, USA, October 17 - 19, 2016) Cyber threats affect every enterprise in every industry—no one is too big or too small. Threats don’t take holidays and they are becoming more intrusive and potentially more devastating every day. To help...

Upcoming Events

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, July 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East...

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.