skip navigation

More signal. Less noise.

Daily briefing.

The ShadowBrokers are expected to launch their exploit-of-the-month club this week. The Brokers' auction of Equation Group tools has largely fizzled, prompting speculation that the Brokers' real motivations weren't financial. However, Motherboard now reports Bitcoin moving from the ShadowBrokers' collection address, which suggests someone's cashing out.

Google deals with three issues, two in Android, one in Chrome. "Judy" adware has led Google to kick forty-one infested apps from the PlayStore. The second, "Cloak and Dagger," is a family of credential-stealing attacks demonstrated by researchers at Georgia Tech and the University of California Santa Barbara. The third is a surveillance bug that doesn't trigger Chrome's red-circle-and-dot warning. Google is remediating Cloak and Dagger. The Chrome bug isn't considered a security issue (since the security measure is really the pop-up dialogue box, and that still appears) and so won't receive emergency attention.

British Airways is completing recovery from an IT glitch—not, apparently, a hack—that disrupted flights worldwide.

Someone claiming affiliation with Anonymous is working on the Houdini RAT: Recorded Future predicts Houdini's appearance in some future hacktivist op.

In the aftermath of the Manchester bombing, British media point with alarm to the large number of known wolves believed present in the country—more than twenty-thousand. Calls for regulation of encryption rise; observers wonder whether existing powers have been exercised effectively. US Homeland Security Secretary Kelly calls leaks about the investigation from the US Intelligence Community "close to treason."

A Fancy Bear sighting: Fancy may be pawing through Malta's government servers.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Czech Republic, Germany, Ghana, India, Israel, Jamaica. Malta, Philippines, Russia, Singapore, United Kingdom, United States, and Vietnam.

In today's podcast we hear from Johannes Ullrich, of our partners at the SANS Institute and the ISC Stormcast podcast. He'll talk about DNS security.

Delta Risk (Webinar, June 8, 2017) Insider threats are more prevalent but not any less difficult to detect and deter. One of the best ways to address insider threats is to implement a formal insider threat program in your organization. Delta Risk experts discuss essential elements of an insider threat program, and why you need one now more than ever.

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

SANS Technology Institute (online event, June 13, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, June 13th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

UMBC Cybersecurity Graduate Info Session (Rockville, Maryland, USA, June 15, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

Cyber Attacks, Threats, and Vulnerabilities

MITA suspicion that Kremlin-friendly hackers attacked government servers – The Observer (MaltaToday.com.mt) British newspaper The Observer has seen a confidential MITA external risk assessment claiming that the Fancy Bears – a hacking collective that is often associated with the Kremlin – would have carried out attacks on government servers

Foot Soldiers in a Shadowy Battle Between Russia and the West (New York Times) Freelance agitators promote Russia’s agenda abroad, getting their backing from tycoons and others, not the state itself.

NSA tools hacking group Shadow Brokers starts up monthly security subscription service (Computing) Hacking group changes tack in bid to 'monetise' its trove of US National Security Agency tools and exploits.

Follow the Bitcoin From the Shadow Brokers NSA Hacking Tool Auction (Motherboard) Is the hacking group finally cashing out?

PHL government, firms target of nation state cyber espionage–FireEye (Business Mirror) Government and private organizations in the Philippines and other Asia-Pacific countries are in the crosshairs of nation-state groups conducting cyber espionage for other states, FireEye Inc. executives said.

Assessing the Global Impact of WannaCry Ransomware (BitSight) This blog examines data on the spread of WannaCry ransomware and the security culture of organizations affected.

The Many Faces of Ransomware (NSS Labs) f you’ve been following the news, you know that the new ransomware, WannaCry, has crippled organizations and end users across the world. Within several hours, WannaCry infected tens of thousands of computers in more than 99 countries and in 27 languages.

Ransomware: A Detailed Analysis of an Emerging Threat (SecurityScorecard Insights & News) One of the most dangerous emerging trends in the malware world is ransomware...

Hospital IT team praised for response to NHS cyber attack (Eastern Daily Press) A hospital IT team has been praised for how it handled the cyber attack which hit the NHS two weeks ago.

New Android Exploit 'Cloak and Dagger' Lets Attackers Steal User Data (HackRead) Gone are those days when Google play store was a trusted place for downloads and it seems like hackers are bypassing the security protocols of Google play

Researchers Demonstrate Android 'Cloak And Dagger' Malware Attacks (Silicon UK) The attacks use 'design shortcomings' in Android to silently take over devices and steal credentials, say Georgia Tech and UC Santa Barbara academics

Google Boots 41 Apps Infected with "Judy" Malware off the Play Store (BleepingComputer) Google has removed 41 Android apps from the official Play Store. The apps were infected with a new type of malware named Judy, and experts estimate the malware infected between 8.5 and 36.5 million users.

Check Point says Judy is "possibly the largest malware campaign found on Google Play" (Neowin) Already plagued by security issues, Android has received another dose of malware through some apps in the Google Play Store. Known as 'Judy', it was discovered by security specialists Check Point.

Chrome Bug Allows Sites to Record Audio and Video Without a Visual Indicator (BleepingComputer) Ran Bar-Zik, a web developer at AOL, has discovered and reported a bug in Google Chrome that allows websites to record audio and video without showing a visual indicator.

Over 8,600 Security Flaws Found in Pacemaker Systems (BleepingComputer) Security researchers from WhiteScope have uncovered over 8,600 vulnerabilities in pacemaker systems and the third-party libraries used to power various of their components.

Synopsys And Ponemon Study Highlights Critical Security Deficiencies In Medical Devices (Information Security Buzz) Synopsys, Inc. (Nasdaq: SNPS) today released the results of the study “Medical Device Security: An Industry Under Attack and Unprepared to Defend,” which found that 67 percent of medical device manufacturers and 56 percent of healthcare delivery organisations …

British Airways outage creates London travel chaos; power issue blamed (The Economic Times) The airline cancelled all its flights from London's two main airports until Saturday evening after a global computer system outage caused massive delays.

British Airways rejects claims that cost-cutting India outsourcing was to blame for bank holiday weekend 'global IT outage' (Computing) BA blames power surge and failure to restore from back-ups for weekend of travel chaos at Gatwick and Heathrow.

​British Airways chief vows IT collapse won't happen again (ZDNet) British Airways CEO has said the airline will take steps to ensure there is no repeat of the computer system failure that stranded 75,000 passengers in the United Kingdom over a holiday weekend.

British Airways says no evidence global IT outage caused by cyber attack (Reuters) British Airways said on Saturday there was no evidence that a global breakdown of its IT systems had been caused by a cyber attack.

BA faces £150m loss after chaos at Heathrow (Times (London)) British Airways is facing losses of more than £150 million after the most serious IT failure in UK aviation history. On the third day of disruption today, short-haul passengers at Heathrow and...

Veteran Security Analyst Warns Windows 10, Even With Tracking Off, Still Tracks Too Much (Hot Hardware) Microsoft has gone to great lengths to foster adoption of its Windows 10 operating system, and for good reason.

Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1 (Register) The 1990s called: they want their filepath hack back

Hackers upgrading malware to 64-bit code to evade detection (SC Media UK) Detecting 64-bit malware is more difficult than signature scanning for 32-bit malware, and despite a slow start cyber-criminals are starting to update their tools.

German Threat Actor Spreads Houdini Worm on Pastebin (Infosecurity Magazine) This individual is also actively editing an open source ransomware variant called MoWare H.F.D.

Anonymous Member Playing with Houdini RAT and MoWare Ransomware (BleepingComputer) A self-proclaimed member of the Anonymous hacker collective is behind a campaign to spread the Houdini RAT and is currently looking into deploying the MoWare H.F.D ransomware.

Chipotle Hacked: California, Florida, Illinois, And Texas Restaurants Are Most Affected By Security Breach (The Inquisitr) Customers who had paid by credit card at Chipotle restaurants in major cities across the nation between March 24, 2017 and April 18, 2017, are at risk of a being victim of a massive security breach ...

Molina Health Exposes Scores of Patient Records to Open Internet (Infosecurity Magazine) Countless patient medical claims were available online without requiring any authentication.

Yara Used to RickRoll Security Researchers (TrendLabs Security Intelligence Blog) For most security researchers, Yara, a tool that allows them to create their own set of rules for malware tracking, is an invaluable resource that helps automate many processes. However, despite Yara’s reliability, it shouldn’t be the only tool used to monitor new versions of malware.

Awfully Polite Hackers Allegedly Hijacked This Mall Billboard (Motherboard) "Sincerely, your friendly neighborhood hackers."

Red on Red: The Attack Landscape of the Dark Web (Trend Labs Security Intelligence Blog) We’ve frequently talked about how limited-access networks such as the Dark Web is home to various cybercriminal underground hotspots.

Types of Cyberattacks Hitting the Dark Web – A Research Paper (Deep Dot Web) The dark web represents parts of the internet that only exist on darknets and overlay networks.

8 Most Overlooked Security Threats (Dark Reading) Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.

FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info (Dark Reading) Federal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.

How fast will identity thieves use stolen info? (US Federal Trade Commission) If you’ve been affected by a data breach, or otherwise had your information hacked or stolen, you’ve probably asked yourself, “What happens when my stolen information is made public?” At the FTC’s Identity Theft workshop this morning, our Office of Technology staff reported on research they did to find out.

Security Patches, Mitigations, and Software Updates

Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw (Threatpost) Microsoft quietly patched a critical vulnerability found by Google’s Project Zero team in the Malware Protection Engine.

FreeRadius Authentication Bypass (SANS Internet Storm Center) The RADIUS protocol was originally introduced to authenticate dial-up users.( "Remote Authentication Dial-In User Service). While dial-up modems are gone, RADIUS has stuck around as an all-around authentication protocol for various network devices. RADIUS itself assumes a secure connection, which was fine during dial-up days, but in modern networks, RADIUS usually relies on TLS.

Samba exploit – not quite WannaCry for Linux, but patch anyway! (Naked Security) SMB is the Windows networking protocol, so SMB security holes like the one that led to WannaCry can’t happen on Linux/Unix, right? Wrong!

FileZilla FTP Client Adds Support for Master Password That Encrypts Your Logins (BleepingComputer) Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format.

Cyber Trends

Critical infrastructure the next cyber battleground (ReinsuranceNe.ws) As cyber threats increase, alongside the exponential advancements being seen in technology which can heighten cyber risk there is also an increasing threat

SECURITY: Gas industry says 'trust us' on tracking cyberthreats (null) Federal agencies have not yet created the metrics that would allow the government to measure the strength of its defense against efforts to sabotage the United States' critical infrastructure.

Trend Micro Reveals State of Human Machine Interface Vulnerabilities (eWEEK) New report looks at over 250 Supervisory Control and Data Acquisition (SCADA) system vulnerabilities and reveals some common trends.

The Economic Benefits of Emerging Technologies (Cylance) Malcolm Harkins discusses the economic benefits and security challenges of new and emerging technologies, including an overview of the internet of things (IoT), quantum computing and qubits, blockchain and bitcoin, artificial intelligence and machine learning.

Cloud Environments Suffer Widespread Lack of Security Best Practices (Infosecurity Magazine) Organizations fail 55% of compliance checks established by the Center for Internet Security (CIS).

Brazil Primary LatAm Target of DoS Cyber Attacks in 2016 - Nearshore Americas (Nearshore Americas) Brazil was the main target of denial-of-service (DoS) attacks in Latin America in 2016, with the country suffering an average 21 attacks every month.

Jamaica lost US$100m to cyber crimes during 2016 (Jamaica Observer) The National Security Council (NSC), in a meeting yesterday, learnt that Jamaica, in 2016, lost approximately US$100 million to cyber-criminal activity.Head of the Computer Incident Response Team (CIRT), Dr Moniphia Hewling revealed the data during her presentation to the NSC while highlighting the need for public education as well as individuals and entities reporting incidents of cyber crime.

Microsoft: Malaysia can be key cybersecurity player (The Nation) Malaysia has the potential to be a key cybersecurity player in the South-East Asian region.

Marketplace

Cybersecurity startups will be funded at slower pace and lower valuations than last year (VentureBeat) The current cycle of investment in cybersecurity began in 2012, catalyzed by three major IPOs: Proofpoint, Splunk, and Palo Alto Networks. As is typical, big exits in a space significantly increase investor confidence and drive up supply of capital as additional investors rush in hoping to find the “next big thing.”

DDoS Mitigation Becomes Key Managed Security Service (Infosecurity Magazine) About 37% ranked DDoS mitigation as more important than other managed security services.

StarHub buys controlling stake in Accel in cybersecurity boost (ZDNet) Singapore telco buys 51 percent stake in Accel Systems for S$19.38 million, in a move it says is aimed at bolstering its cybersecurity offerings.

Tanium Raises $100M With Endpoint Security Platform Set to Expand (eWEEK) Security firm has now raised $407 million in funding, with CEO Orion Hindawi saying incidents like WannaCry reinforce his company's value proposition.

Controversial Tanium CEO explains why he and his dad have total control of their $4 billion startup (Business Insider) Orion Hindawi, CEO of Cyber security startup Tanium, doesn't believe in pampering employees.

HLS Sector Burning - Another Israeli Surveillance Company Reaches Breakthrough (iHLS) An Israeli cyber group is paying dividends while guarding secrecy concerning its products. NSO Group

How did NCA pay $2m to Israeli company without a contract? Lawyer asks (Joy) The controversial $8 million deal between the NCA, an Israeli company and Infraloks Development Limited (IDL), appears to be getting murkier.

EY Announces Ken Levine of Digital Guardian as an Entrepreneur Of The Year® New England 2017 Finalist (BusinessWire) EY Announces Ken Levine of Digital Guardian as an Entrepreneur Of The Year® New England 2017 Finalist

Lunarline, Inc. Named One of 2017's Most Valuable Brands (PRNewswire) Lunarline, Inc., a leading provider of cybersecurity products, services...

Kaspersky Lab appoints new MD for APAC (Gizmodo) Global cybersecurity firm Kaspersky Lab has appointed Stephan Neumeier as Managing Director of Kaspersky Lab Asia Pacific, effective from Monday.

Products, Services, and Solutions

Banks Benefit from Behavioral Biometrics: BioCatch (FindBiometrics) While banks have always seen security and fighting fraud as a key priority, they've also been eager to adopt innovative solutions like behavioral...

Forcepoint Fights Shadow IT with Cybersecurity Analytics Functions (eWEEK) Human-centric cloud security solution for web, email and cloud-access security brokers provides reporting and context to address biggest risks--internal and external.

Higher Ed Security Org Uses DNS Database to Track Criminal Action (Campus Technology) An organization that provides security services to the research and education community at large has gone public with its adoption of an historic DNS database service.

The need for internet security on your devices (Future Five) At home or at work, on a mobile device or on a network, Trend Micro covers all aspects of cybersecurity.

Kaspersky Lab Unveiles Advanced Protection of Linux Servers (PCQuest) Kaspersky Lab has recently unveiled a major update to its dedicated security product for data centers, Kaspersky Security for Virtualization Light Agent. In addition to the virtualization platforms and operating

ATF launches IoT security device for construction industry (ZDNet) Site safety company ATF Services has launched a connected alarm system to help minimise theft on construction zones.

Technologies, Techniques, and Standards

Crysis ransomware master keys posted to Pastebin (Naked Security) Why would someone release the keys to victims? Who knows, but as the poster who uploaded them says, ‘Enjoy!’

EternalPot — Lessons from building a global Nation State SMB exploit honeypot infrastructure (DoublePulsar) Aweek ago I started building #EternalPot, a honeypot for the Equation Group SMB exploits leaked by the Shadow Brokers last month.

Elections, Deceptions & Political Breaches (Dark Reading) Political hacks have many lessons for the business world.

5 incident response practices that keep enterprises from adapting to new threats (Help Net Security) To fill gaps, security teams will need to adopt a new mindset in regards to security analytics and incident response practices.

New awareness study reveals what you need for the best security programs (ZDNet) Third annual report educates security awareness professionals on how time, the right talent, and good communications make for the best, most effective programs.

Don’t wanna cry after meeting Judy? How to secure your mobile from malware (Money Control) A Korean firm developed 41 such malicious apps and was able to bypass Google's security protocols on the Play Store, thereby making the app available for download.

explo - Human And Machine Readable Web Vulnerability Testing Format (Новости информационной безопасности) explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable format.

Sun Tzu's 'The Art of War' for Cybersecurity. (Infosecurity Magazine) As warfare moves from the battlefield to the realm of cyber-space, its principles are being seen as especially applicable to cybersecurity.

Design and Innovation

Internet Archive 'carbon dated' using Bitcoin technology (Digital Journal) The entire Internet has been timestamped using a cryptographic technique based on the blockchain technology that characterises digital cryptocurrencies like Bitcoin. The work allows Bitcoin timestamps to be downloaded for almost any online content.

Blockchains are the new Linux, not the new Internet (TechCrunch) Cryptocurrencies are booming beyond belief. Bitcoin is up sevenfold, to $2,500, in the last year. Three weeks ago the redoubtable Vinay Gupta, who led..

Academia

UT San Antonio Kicks Off Online Cybersecurity Degree Program (Infosecurity Magazine) The program includes 30 industry-aligned certificates in specializations such as cyber-intrusion detection and cyberattack analysis.

Maxwell's Cyber College is next step in cyber warfare (The Montgomery Advertiser) The new Cyber College at Maxwell is the next step in cyber warfare.

Cyber Huntsville teaching the youth the world of cyber (WHNT.com) Huntsville City Schools has partnered with Cyber Huntsville and the United States Army Cyber Command.

Legislation, Policy, and Regulation

A Geneva Convention for cyber security (The Daily Star) Cyber security and the threat by hackers have been in the news headlines in the recent past. Two of the most recent incidents are well known: the Bangladesh Bank cyber theft in February 2016 and the recent WannaCry attacks for ransom in May 2017.

China’s tough cybersecurity law to come into force this week (South China Morning Post) Foreign firms have criticised the legislation, saying it forces them to share sensitive data with the authorities and favours domestic technology firms

Could the UK be about to break end-to-end encryption? (TechCrunch) Once again there are indications the UK government intends to use the law to lean on encryption. A report in The Sun this week quoted a Conservative minister..

Cyber security agencies kept in the dark by lack of threat intelligence sharing (The Mandarin) Federal cyber security agencies are being kept in the dark because Australian organisations -- including other government agencies -- are not compelled to share threat intelligence. A former government cyber guru speaks out.

Israel a model of innovation, readiness in military, academic cyber (Fifth Domain | Cyber) A report from the NATO Cooperative Cyber Defence Centre of Excellence on Israel’s national organizational model for ensuring cybersecurity offers examples of how measures and institutions can fuel transparency, innovation and investment in digital security infrastructure.

Campaigners demand halt to Vermont’s use of facial recognition (Naked Security) Despite use of facial recognition being banned under state law, Vermont’s DMV is ‘overstepping’ the legislation, say campaigners

Litigation, Investigation, and Law Enforcement

Huge scale of terror threat revealed: UK home to 23,000 jihadists (Times (London)) Intelligence officers have identified 23,000 jihadist extremists living in Britain as potential terrorist attackers, it emerged yesterday. The scale of the challenge facing the police and security...

Salman Abedi: the Manchester killer who was bloodied on the battlefields of Libya and brought evil back home (Times (London)) They had both been looking forward to the concert, for cruelly different reasons. Nell Jones, a 14-year-old farmer’s daughter from Cheshire, had for days been playing Ariana Grande’s music at home...

Power to ban UK jihadis has been used just once, Rudd confirms (Times (London)) A key terrorism power intended to control British jihadists has been used on only one occasion despite the return of about 350 fighters from Islamic State. Amber Rudd, the home secretary, confirmed...

The Manchester Bombing and British Counterterrorism (Foreign Affairs) The main implications of the bombing in Manchester will be political.

Containing ISIS' Online Campaigns After Manchester (Foreign Affairs) Taking down pro-ISIS social media accounts is an impossible battle to win. There is a simpler solution that could severely cripple ISIS’ online recruitment and incitement operations, should U.S. policymakers and tech companies choose to implement it.

How Terrorists Slip Beheading Videos Past YouTube’s Censors (Motherboard) Other jihadi propaganda on the video-sharing platform may be visually more low-key, but are just as insidious in their own ways.

The Cynical Conspiracy War on Egypt’s Christians (Foreign Policy) The Muslim Brotherhood isn’t behind the callous mass murder of Copts, but it’s certainly fanning the flames of hatred.

DHS Sec. Kelly Calls Manchester Leaks 'Outrageous' (Washington Free Beacon) The latest in the series of leaks from the White House are "outrageous," according to Secretary of Homeland Security Gen. John Kelly.

Clapper: Leaks Are 'Damaging,' 'Damage Relationships' (Washington Free Beacon) Former Director of National Intelligence James Clapper called leaks “damaging” and “corrosive” Sunday on “Meet the Press,” saying the issue is particularly serious now due to U.S. reliance on foreign intelligence partners.

FBI probing attempted hack of Trump Organization, officials say (ABC News) The FBI is investigating an attempted overseas cyberattack against the Trump Organization, summoning President Donald Trump’s sons, Don Jr. and Eric, for an emergency session with the bureau’s cybersecurity agents and representatives of the CIA, officials tell ABC News.

Bad intel from Russia influenced Comey's Clinton announcement: report (TheHill) Former FBI Director James Comey’s controversial decision to detail the FBI’s findings in the Hillary Clinton email case without Justice Department input was influenced by a dubious Russian document that the FBI now considers to be bad intelligence, The Washington Post reported Wednesday.

Did Admiral Mike Rogers tell the NSA that Trump colluded with the Russians? (null) Reports surfaced on Friday that National Security Agency (NSA) chief Mike Rogers told NSA workers that there is evidence that President Donald Trump and his 2016 campaign colluded with the Russian government to defeat Democratic nominee Hillary Clinton in 2016.

Former CIA Director: 'Now we know' why Trump officials talking to the Russians may have been 'unmasked' (Business Insider) Michael Hayden, the ;former director of the...

Secret court rebukes NSA for 5-year illegal surveillance of U.S. citizens (Miami Herald) Court ruling reveals frictions with U.S. intelligence agencies over surveillance of citizens. Judge calls matter “very serious Fourth Amendment issue.”

Memorandum Opinion and Order (US Foreign Intelligence Surveillance Court) These matters are before the Foreign Intelligence Surveillance Court...

Barack Obama's team secretly disclosed years of illegal NSA searches spying on Americans (Circa) The National Security Agency under former President Barack Obama routinely violated American privacy protections while scouring through overseas intercepts and failed to disclose the extent of the problems until the final days before Donald Trump was elected president last fall, according to once top-secret documents that chronicle some of the most serious constitutional abuses to date by the U.S. intelligence community.

Few public answers to puzzle in Congressional IT investigation (WFTV) An inquiry into possible wrongdoing by IT staffers employed by a number of Democrats in Congress has garnered more attention in recent days, after a prominent lawmaker gave a public tongue lashing to the Capitol Hill police chief, vowing “consequences” over his refusal to return computer equipment that is evidently part of the ongoing investigation.

Criminal probe on Capitol Hill staffers remains eerie (New York Post) The criminal probe into a cadre of Capitol Hill techies who worked for dozens of Democratic lawmakers remains shrouded in mystery, months after their access to congressional IT systems was suspende…

Kaspersky says no idea why company targeted by US govt (iTWire) The head of anti-malware company Kaspersky Lab says he had no idea why the US is taking aim at his company but thinks it may be due to the current cri...

Kaspersky willing to give US anti-virus 'source code' to disprove Russia spying claims (International Business Times UK) Software CEO claims 'sometimes it smells like some guys are not happy with our success.'

Chinese Scam Website Caught Selling Hacked Xbox Accounts (HackRead) In-game currencies are certainly addictive and we all know how hard it is to get such currencies the right way. However, a Chinese website has been selling

Scamster village: 1,000 homes, 900 cyber crooks (Gadget Now) Giridih in Jharkhand has earned the sobriquet of “Cyber Zone”, as have Deogarh and Jamtara in that state. But the appellation does not signify digital revolution; it reflects the emergence of these places as the hubs of cyber crime.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10,...

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the...

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit...

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information...

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators...

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies...

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn...

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's...

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent...

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming...

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy...

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create,...

ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital...

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong...

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber...

LegalSec Summit 2017 (Arlington, Virginia, USA, June 13 - 14, 2017) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, June 13 - 15, 2017) Cyber operations are a challenging mission for the U.S. Defense Department and government community that builds, operates and defends networks. Cyber leaders and warriors must continually evolve to adapt...

Global Cybersecurity Summit 2017 (Kiev, Ukraine, June 14 - 15, 2017) During the two-day summit, participants will be exposed to cybersecurity best practices, cutting-edge advancements, and emerging innovations in defensive security across a series of categories, including...

Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the...

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format,...

Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.