Greetings!

THE CYBERWIRE (Friday, July 14, 2017)—WikiLeaks has released a manual for "HighRise" (a.k.a. "TideCheck") allegedly a CIA app that enabled interception of SMS messages in earlier versions of Android. The Vault7 leak is dated December 2013; it purports to describe a tool effective against Android versions 4.0 through 4.3 (Ice Cream Sandwich and Jelly Bean).

Now that consensus has come to regard NotPetya as almost surely a Russian operation, observers repeat the conventional Clausewitzian wisdom that warfare is politics by other means, and so cyberattacks track geopolitical interests. In the case of Russia those interests often involve fostering chaos and degrading trust, from which one may infer that Russian cyber operations will cast a wide net. (See NotPetya.)

They also have financial consequences. French company Saint-Gobain, a NotPetya victim, probably lost $230 million in sales due the attack.

After the Verizon-Nice Systems breach, experts advise Verizon customers to change PINs. Experts also advise everyone to pay more attention to how their AWS S3 buckets are configured. 

London-based Bupa, the healthcare firm that disclosed a data breach Wednesday, says it wasn't hacked—a rogue insider, now fired, exposed the information.

In the UK, GCHQ has established a second security accelerator. The US Defense Department seeks to streamline cyber acquisition, and the US Army considers direct commissions to Cyber Branch.

AlphaBay, Silk Road's successor as market leader in the dark web contraband souk, now really is gone, taken down by Canadian, US, and Thai authorities. Its alleged proprietor is dead, an apparent suicide in a Thai jail.

[250]

Today's edition of the CyberWire reports events affecting Australia, Canada, China, India, Iran, Israel, Pakistan, Qatar, Russia, Saudi Arabia, Singapore, Thailand, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.

Cylance is proud to be the CyberWire sustaining sponsor for 2017. Learn more about how Cylance prevents cyberattacks at cylance.com

On the Podcast

In today's podcast our partners at Palo Alto Networks (in the person of Chief Security Officer Rick Howard) tell us about their new initiative with the Girl Scouts for cyber security merit badges. Our guest, Raj Samani, chief scientist from McAfee, discusses NotPetya, the destructive attack that wasn't really ransomware.

Sponsored Events

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

Become a patron today.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Vault 7: CIA Developed Android Malware That Works as an SMS Proxy (BleepingComputer) WikiLeaks published today the manual of another CIA hacking tool part of the Vault 7 leak series. This tool is referenced internally at the CIA under the name of HighRise and is an Android application for intercepting and redirecting SMS messages to a remote web server.

How CIA Agents Covertly Steal Data From Hacked Smartphones (Without Internet) (The Hacker News) WikiLeaks has unveiled that how CIA covertly steal data from hacked Smartphones using highrise project without Internet

The Unfortunate Many: How Nation States Select Targets (Recorded Future) Every nation is developing cyber capabilities, and each has its own objectives. Threat intelligence helps determine whether your organization is a target.

Analysis | Cyberwarfare has taken a new turn. Yes, it’s time to worry. (Washington Post) Cyber attacks create chaos, and challenge the prevailing international order.

No Free Pass for ExPetr (SecureList) Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won’t write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it’s plain and simple nonsense.

Cyber Attack Likely Cost Saint-Gobain 1% of First Half Sales (TheStreet) The French building firm probably lost about $230 million of sales from the cyber attack but said it might make some of them back in the third quarter.

Schumer: nuclear power plants vulnerable to cyber attack (Watertown Daily Times) U.S. Sen. Charles E. Schumer, D-N.Y., said Wednesday that upstate New York’s nuclear power plants are vulnerable to cyberattack.

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data (Threatpost) An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data.

How did the data of 14m Verizon customers end up online? (Naked Security) Verizon says the loss is ‘overstated’, but if you’re a customer, you might want to change your PIN – just to be on the safe side

Security experts recommend Verizon customers change their PINs (KREM) SPOKANE, Wash. -- Verizon confirmed Wednesday about six million customer accounts were made publicly available.

"Particle" Chrome Extension Sold to New Dev Who Immediately Turns It Into Adware (BleepingComputer) A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware.

LeakerLocker ransomware threatens to leak victims' smartphone secrets (Computing) Android malware was embedded in two popular apps

751 domains hijacked to redirect visitors to exploit kit (Help Net Security) An unknown attacker has managed to modify the name servers assigned to 751 domains, redirecting visitor to a site hosting the Rig Exploit Kit.

NemucodAES and the malspam that distributes it (SANS Internet Storm Center) During the past two weeks or so, I've noticed a significant increase in malicious spam (malspam) with attached zip archives disguised as delivery notices from the United Parcel Service (UPS). These zip archives contain JavaScript files designed to download and install NemucodAES ransomware and Kovter malware on a victim's Windows computer.

Bupa: Rogue staffer stole health insurance holders' personal deets (Register) Names, phone numbers, emails released into the wild

Bupa Employee Fired After 547,000 Customers' Data Compromised (Infosecurity Magazine) Employee inappropriately copied and removed information from one of the company’s systems

Industrial Robots Vulnerable To Cyberattacks, Study Finds (Industrial Distribution) Recent analysis by security software firm Trend Micro found that the software used to operate industrial robots is often outdated, reliant on weak authentication or based on vulnerable operating systems or libraries.

Gone Phishing: The Top 10 Attractive Lures (Credit Union Times) What are the most-clicked email subject lines for phishing attacks? A new report lists the top 10.

Beware of These Top 10 Phishing Emails. Would You Fall for Them? (Fortune) Always be on guard.

Thieves Used Infrared to Pull Data from ATM ‘Insert Skimmers’ (KrebsOnSecurity) A greater number of ATM skimming incidents now involve so-called “insert skimmers,” wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot.

If you use public Wi-Fi, you've probably put your private info at risk (NBC News) Almost 70 percent of Americans feel their personal information is safe when using a Wi-Fi hotspot — but we've almost all put ourselves at risk.

Study: Backdoors Found on 73% of Compromised Websites (Dark Reading) No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.

Security Patches, Mitigations, and Software Updates

Microsoft Adds Protection Against Process Hollowing and Atom Bombing (BleepingComputer) Microsoft has worked on adding security protections against two forms of code injection techniques known as process hollowing and atom bombing.

Cyber Trends

Improving The Return On Investment Of Identity Governance (Information Security Buzz) Research firm, the Ponemon Institute, recently presented the findings of its study, “Global Trends in Identity Governance & Access Management,” a study designed to understand companies’ ability to protect access to sensitive and confidential information and what they believe is necessary to improve the protection. The report offers several insights and trends have been picked up …

Machine Learning Is Transforming Data Security (CIO) Ever-changing security attacks and the rising volume of threat data make it impossible for security teams to keep up on their own. They need to continuously protect sensitive data without inhibiting business innovation and growth. A data-centric security strategy aided by artificial intelligence will help.

Poll result: What’s stopping Aussies from preparing for cyber attacks? (CRN Australia) We asked, you answered.

Marketplace

CFOs Can Expect Pain When Hit With a Security Breach - Financial Executives International Daily (Financial Executives International Daily) The CFO of cybersecurity company Centrify reveals the shocking cost of a data breach on a company’s bottom line based on recent research.

SC Media asks the industry: Is cyber attack insurance worth it? (SC Media UK) With warnings about stress testing response mechanisms, the Prudential Regulation Authority is putting the insurance industry on notice as to what it expects from the cyber risk market.

Cybersecurity Breaches Have Shed Light On This ETF (Benzinga) Over the past several years, and even months, a spate of high-profile cybersecurity breaches have turned attention to investments focused on the cybersecurity theme, allowing some...

Eugene Kaspersky reassures partners after US feud (CRN Australia) Cyber security founder essentially calls the claims fake news.

Jolera poised to transcend anonymous IT service success (Financial Post) Toronto-based IT solutions provider Jolera focuses its efforts on developing and delivering cloud-based services available by subscription

Teradata Acquires San Diego’s StackIQ to Strengthen Cloud Business | Xconomy (Xconomy) Dayton, OH-based Teradata (NYSE: ]), which has roughly 1,000 employees at its Teradata Labs engineering unit in San Diego, says today it has acquired Stack

Security Startup HyTrust Secures $36 Million (NewsCenter.io) HyTrust announced the close of $36 million in Series E financing. Nine investors participated in the round: Advance Venture Partners, Sway Ventures, EPIC Ventures, Vanedge Capital, Trident Capital Cybersecurity, Cisco Investments, Fortinet, Intel Capital, and VMWare. HyTrust offers IT managers and administrators of virtual infrastructure …

Why 4 Cybersecurity CEOs Are Backing This Carbon Black Vet's New Startup (BostInno) A new cybersecurity startup founded by former Carbon Black CTO Harry Sverdlove and former Endeca exec Peter Smith has come out of stealth mode with $7 million in funding from three venture capital...

If we could just get a word in Edgewise... New kid says it can do data center firewalls better (Register) Upstart exits stealth this week with 'reinvented' protections

Microsoft-Backed Security Startups Outsmart Hackers with Hackers (WIndows Pro) To beat a hacker, you have to think like a hacker, and in some cases, even work with them, according to two Microsoft Ventures’ startups who spoke during the Microsoft Inspire 2017 event this week.

Microsoft is forming a grand army of experts in the artificial intelligence wars with Google, Facebook, and Amazon (Business Insider) Microsoft has gathered 100 AI experts into a new unit within its elite Microsoft Research labs.

Indian firm explores secure quantum communications from Russia (The Economic Times) Moscow, July 13 (IANS) Kolkata-based Srei Infrastructure Finance is currently exploring acquisition of Russian technology emerging from research at the frontiers of science and which will shape the future of computing and cyber security.

GCHQ Launches Second Security Accelerator for Start-ups (Infosecurity Magazine) GCHQ is launching its second cyber security start-up scheme - a nine month programme

Rapid Reaction Technology Office Seeks Cyber Solutions (SIGNAL Magazine) The U.S. Defense Department’s Rapid Reaction Technology Office (RRTO) will conduct a solutions meeting in late October.

A Golden Age in Federal Technology Procurement (SIGNAL Magazine) The National Institute of Standards and Technology's benchmark for encryption modules has seen recent innovation, opening the playing field for competition.

Lockheed Martin officially opens £3m UK Cyber Security Centre in Gloucester (BDaily) Lockheed Martin, the US-headquartered global aerospace, defense, security and advanced technologies company, has opened a £3m Cyber Security Centre in Gloucester.

Why this cloud security vendor is now 100 per cent channel (Channelweb) The vendor was 100 per cent direct less than three years ago. CRN spoke to its channel boss to find out why it is now exclusively channel-focused.

Women necessary in closing cyber security skills gap (Information Age) The issue of the gender gap pervades most industries, but within cyber security the problem is hitting new lows

Hackers can take a hidden test to become mid-grade officers in the US Army's Cyber Command (Business Insider) In the next few months, qualified hackers could undergo "direct commissioning" and become "mid-grade officers" in the Army's Cyber Command.

With cybersecurity in-vogue, GCHQ is hunting for more spies (The Memo) Cybersecurity has never been so sexy.

Singtel moves to boost cyber security talent (iTWire) The parent company of Optus, Singtel, has set up a cyber education portal, called Singtel Cyber Security Experience or CSX, to strengthen Singapore's...

Stephen Moore Joins SecureAuth’s Advisory Board (SecureAuth) SecureAuth Corp., the leader in adaptive access control, today announced the addition of Stephen Moore to its Advisory Board. Moore, the Staff Vice President of Cyber Security Analytics at Anthem, Inc., will provide advice to the SecureAuth team, board and customers on innovative ways to address cybersecurity challenges by addressing white space between security and identity solutions.

Ryan Naraine Joins Bishop Fox as Chief Marketing Officer (PRNewswire) Bishop Fox announced today that Ryan Naraine has joined the firm in the newly...

Products, Services, and Solutions

New infosec products of the week​: July 14, 2017 (Help Net Security) New infosec products for this week include releases from Bitdefender, Entrust Datacard, HPE, IDrive Online, Pramati Technologies, and Twistlock.

Aetna Adds Behavior-Based Security to Customer Application (Wall Street Journal) The insurance giant is rolling out a new security measure to its mobile and web applications that will monitor user behavior in real time.

Beyond Platform Achieves Commercial-Grade Security for Peer-to-Peer Lending Platform with Best-in-Class Encryption (Thales) Korea-based, Beyond Platform is an internet-based financial services technology company offering an innovative platform for peer-to-peer (P2P) lending. Beyond Platform entered into a memorandum of understanding with NongHyup Bank (NH Bank) an agricultural and retail bank in South Korea, to develop a mid-level interest loan product: the 30CUT-NH Loan.

BanduraONE™ Global Management Console Launches (PRNewswire) Bandura®, LLC, a trusted cybersecurity innovator and maker of...

Cybersecurity Solutions Provider FoxGuard Protects Nation's Power Grid (PRNewswire) FoxGuard Solutions, Inc. and partner TDi Technologies recently...

DOJ Moves to Get Rid of Passwords via Okta’s Single Sign-On (FedTech) The Justice Department starts to reap the benefits of putting its identity management system in the cloud.

SandBlast Mobile simplifies mobile security (CSO Online) Check Point's SandBlast Mobile fits in between mobile device managers and security event log analyzers, and actually makes it easier to manage the overall security footprint of your entire mobile device fleet.

Forcepoint enhances government IT modernization and security capabilities (Financial News) Global cybersecurity leader Forcepoint has made enhancements and third-party validations that advance the mission of government agencies worldwide to modernize their IT systems and harden cyber defense capabilities, the company said.

Technologies, Techniques, and Standards

US Army Looking to Integrate Network Soldiers with Tactical Units (Defense One) Brigades are working out various ideas at training centers, says the head of the service’s Cyber Command.

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 5: Open remote management interfaces (ERPScan) In most cases, enterprise applications provide functionality for remote administration of the systems as well as access to various technical services. Such services can be available for connection from the Internet, and, in case of unsafe settings, be remotely managed without any authentication procedure.

Expert: Corporate culture may have to change to improve cyber security (Midland Reporter-Telegram) “The situation, as it stands today, is that all companies, all networks, are getting scanned,” said Philip Lieberman, president and chief executive officer of Lieberman Software.

Design and Innovation

Blockchain becoming an integral part of some defence technology (Financial Review) Experts say blockchain's compelling element for military commanders is its distributed node system, with participants being allowed layers of activity inside a cryptographically-sealed network.

Cardless ATMs are cool, but you still may get ripped off (CNBC) Major banks are hoping smart ATMs will help protect consumers' cash. Will they?

Research and Development

BluVector Receives Patent for Zero-Day Malware Detection (NewsFactor) BluVector, a leader in network security monitoring and analytics, today announced that it has been issued a new patent for "System and Method for Automated Machine-learning, Zero-day Malware Detection" (U.S. Patent 9,665,713). BluVector is the first company to obtain this type of patent in the cybersecurity industry.

Research findings not driven by marketing, says security pro (iTWire) Marketing has no influence on the findings that security researchers make; in fact, it is the other way around, according to Noushin Shabab, a securit...

Is IBM's Watson Overhyped & Soon to Be Outdone? (Light Reading) While Watson is an early and mature AI platform, it's facing increased competition and challenges, according to a note from Jefferies.

Legislation, Policy, and Regulation

China’s National Cyber Threat Response Plan -part of Cyber arsenal (CyberDB) China’s National Cyber Threat Response Plan is another Arrow in Its Cyber Diplomacy Quiver

What Singapore can learn from Israel’s cyber security playbook (ComputerWeekly) A former Unit 8200 captain from the Israel Defense Forces shares what Singapore can learn from Israel’s approach to cyber security

Hackers wannacry? Cyber cops are here to track you (The Economic Times) “The Centre will monitor the flow of traffic and analyse if there is some attack coming and take action in real time,” said Ajay Kumar, Additional Secretary, ministry of electronics and IT.

Why cyber capabilities are more important than strategy (FCW) The Senate version of the 2018 defense bill calls for the creation of a cyber strategy, but one former DOD official says the U.S. must focus on capabilities and authorities first.

Opinion | The question about Islam that has vexed the world for a decade (Washington Post) To resolve the Middle East turmoil over the Qatar boycott, the United States must deal with the anger that fueled it.

Why you should care about the govt's encryption crackdown (iTnews) And why the new laws are unlikely to make a difference.

Democrats back effort to block U.S.-Russia cyber deal (The Washington Times) A Democratic bid to block the United States from establishing a cybersecurity alliance with Russia is gaining steam in Congress after President Trump discussed and then dismissed creating an “impenetrable” cybersecurity unit this week with his Kremlin counterpart.

Securing Elections Remains Surprisingly Controversial (WIRED) One would think that keeping elections safe would be an issue everyone backed. It's not that simple.

Democrats signal support for quick vote on FBI nominee Wray (POLITICO) Feinstein, the top Democrat on the Judiciary Committee, said she believes Wray should get a committee vote next week.

Navy Information Operations Command Texas Holds Change of Command (DVIDS) Capt. Clarence Franklin Jr. relieved Capt. David M. Houff as commander, Navy Information Operations Command (NIOC) Texas during a change of command ceremony held July 7 at Mitchell Hall on Joint Base San Antonio, Tx.

Litigation, Investigation, and Law Enforcement

The Biggest Dark Web Takedown Yet Sends Black Markets Reeling (WIRED) But law enforcement's raid on AlphaBay won't end the darknet's vibrant drug trade.

Canadian drug suspect found hanged in cell (Bangkok Post) Canadian drug suspect Alexander Cazes, 26, found dead in a cell at the Narcotics Suppression Bureau in Laksi district on Wednesday morning, is believed to have hanged himself, police said.

DNC Server May Hold Key to Investigation into Russian Involvement in 2016 Election (In Homeland Security) Many members of Congress still believe Russia was responsible for the hacking of the DNC servers. But why has no federal investigator seen or examined the DNC servers?

Special counsel brings on FBI official who oversaw Clinton email investigation (CNN) Justice Department Special Counsel Robert Mueller has brought on Peter Strzok, a senior FBI official who oversaw the Hillary Clinton email investigation.

Exclusive: DOJ let Russian lawyer into US before she met with Trump team (TheHill) The Russian lawyer who penetrated Donald Trump’s inner circle was initially cleared into the United States by the Justice Department under “extraordinary circumstances” before she embarked on a lobbying campaign last year that ensnared the president’s eldest son, members of Congress, journalists and State Department officials, according to court and Justice Department documents and interviews.

Trump: Son's Russia meeting 'standard campaign practice' (WBIR) The president wrote off his son's meeting with a Russian attorney as standard campaign practice. 

Edward Snowden's leaks has NSA in damage-control mode, spy agency official tells Lancaster audience (LancasterOnline) A high-ranking official of the National Security Agency said in a talk here Wednesday that the electronic surveillance agency is working to improve its public relations in the wake of

The CIA’s Secret 2009 Data Breach, Revealed For The First Time (BuzzFeed) The inspector general’s 2010 report, obtained by BuzzFeed News through a Freedom of Information lawsuit, details an incident that “could have caused irreparable damage.”

Leopold FOIA CIA Source Code Inspector General Report (CIA Inspector General) Disposition memorandum: unauthorized dissemination of classified material

Putin critic Navalny says security service tracking his children (Reuters) Russian opposition leader Alexei Navalny complains his wife and two children are being tracked by the security services, but says he's not afraid to challenge Vladimir Putin for the presidency whatever the risks.

Hawaii soldier held without bail on terrorism charges (Army Times) A U.S. soldier accused of wanting to commit a mass shooting after pledging loyalty to the Islamic State group believed the moon landing was faked, questioned the assassination of President John F. Kennedy and thought the Sept. 11 terrorist attacks were an inside job coordinated by the U.S. government, according to a former Army bunkmate.

Release of the FISC Opinion Approving the 2016 Section 702 Certifications and Other Related Documents (IC on the Record) Today the ODNI, in consultation with the Department of Justice, is releasing three sets of Foreign Intelligence Surveillance Act (FISA) Section 702 documents in redacted form.

Who gets gold stars for looking after your privacy? (Naked Security) Who’s got your back when it comes to willingness (or otherwise) to hand over your data to third parties? Some of the results from the EFF’s report are surprising

Biometrics catches violent fugitive 25 years on the run (Ars Technica) Like it or not, facial-recognition tech has become an everyday part of society.

Dark Web Child Pornographer Avoids Jail Due To Asperger Syndrome  (HackRead) In normal circumstances, a pedophile receives harsh punishments, but in this case, a 24-year-old child abuse pornography offender has skipped jail time bec

Not for the first time, Microsoft’s fonts have caught out forgers (Ars Technica) If you’re going to pretend a document is from 2006, you should use Times New Roman.

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Deep Instinct - Black Hat - (7/22-27/17)

Upcoming Events

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

THE CYBERWIRE
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is published by Pratt Street Media and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.