The CyberWire Daily Briefing 6.2.17

Summary

By The CyberWire Staff

WikiLeaks yesterday released its latest tranche of Vault7 material. The latest dump deals with an alleged CIA implant, "Pandemic."

HackerFantastic and x0rz have shuttered their crowdfunded attempt to buy an early look at the ShadowBrokers' next exploit dump. Their hope was to have done and shared some quick remediation, but it's just too risky, from a legal point of view.

OceanLotus, a.k.a. APT32, the threat group associated with the Vietnamese government, is believed to be working to reverse-engineer and weaponize ODDJOB, an earlier ShadowBrokers dump.

Check Point reports the discovery of "Fireball," a malware campaign said to have infected about two-hundred-fifty-million computers worldwide. Fireball lets its masters execute code on victim machines, and to manipulate web traffic to generate ad revenue. The motivation seems to be fraud: Check Point says Beijing marketing agency Rafotech is behind Fireball.

The British-American Information Security Council think tank warns with a degree of alarmism that the Royal Navy's Trident missile submarines are in principle vulnerable to cyberattack. Sure, the boats are air-gapped while submerged, but the study says that's not the point: the subs' supply chains are vulnerable, as are the patches and upgrades they receive in port.

Russia's President says he has no knowledge of anyone hacking US elections, but speculates that, sure, it's possible there could have been some patriotic freelancers (hackerweight unspecified) out there rootin' for good ol' Vlad Putin, as who wouldn't? Hackers are free spirits, Mr. Putin observed, just like artists, and after all, it's a free country, etc...

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, Congo, France, Germany, Israel, Democratic Peoples Republic of Korea, Lithuania, Moldova, Netherlands, Philippines, Russia, Singapore, Transnistria, United Kingdom, United States, and and Vietnam.

On the Podcast

In today's podcast we hear from our partners at the University of Maryland's Cybersecurity Center, as Jonathan Katz talks about undetectable backdoors. Our guest is Leo Taddeo from Cyxtera Technologies; he'll discuss what FBI Director Comey's firing means for encryption and cyber security.

Sponsored Events

Delta Risk (Webinar, June 8, 2017) Insider threats are more prevalent but not any less difficult to detect and deter. One of the best ways to address insider threats is to implement a formal insider threat program in your organization. Delta Risk experts discuss essential elements of an insider threat program, and why you need one now more than ever.

SANS Technology Institute (online event, June 13, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, June 13th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

UMBC Cybersecurity Graduate Info Session (Rockville, Maryland, USA, June 15, 2017) Learn how UMBC’s graduate programs in Cybersecurity can elevate your career at our upcoming Info Session. Led by industry experts, our programs combine hands-on technical training with unparalleled opportunity.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

WikiLeaks Dumps CIA Patient Zero Windows Implant (Threatpost) Pandemic is a Windows implant built by the CIA that turns file servers into Patient Zero on a local network, infecting machines requesting files with Trojanized replacements.

Britain's nuclear submarines vulnerable to 'catastrophic' cyber attack that could spark nuclear warn, experts warn (The Independent) The UK’s nuclear submarines are vulnerable to a “catastrophic” cyber-attack that could potentially spark a nuclear war, a think tank has warned. The report, titled “Hacking UK Trident: A Growing Threat” and published by the British American Security Information Council (Basic), said such an attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly)”.

Hacking UK Trident: A Growing Threat (British American Information Security Council) This paper reviews the growing potential for cyber-attack on the UK’s operational fleet of Vanguard-class submarines armed with nuclear-tipped Trident II D-5 ballistic missiles, and some of the implications for strategic stability.

Defence Secretary refuses to deny nuclear submarines run outdated system exploited by hackers (The Independent) Defence Secretary Michael Fallon has refused to deny that Britain’s nuclear submarines use the outdated Windows XP program amid the ongoing WannaCry ransomware attack. Instead he simply insisted the subs were “safe”, adding that they operated “in isolation” when out on patrol, which possibly suggests the vessels at sea were unaffected only because they were not connected to the internet.

Global Elections, Global Problems (Anomali) The next in a series of pivotal elections is set to take place on June 8th in the United Kingdom, replacing Members of Parliament (MPs) and the Prime Minister. Previous elections in the United States, the Netherlands, and France were marked by an unprecedented number of cyber attacks, releases of private information, and proliferation of fake news that aimed to disrupt and skew public opinions of candidates and their political parties. The candidates of these elections reflect a stark

Putin Hints at U.S. Election Meddling by ‘Patriotically Minded’ Russians (New York Times) The Russian president denied any state role, but said that cyberattacks might have been the work of private citizens.

Don’t Buy Into Putin’s Latest Misdirection (WIRED) Vladimir Putin says "patriotic" Russian hackers may meddle in elections, but he's just creating more noise.

Welcome to The Machine: Inside the Secretive World of RT (Moscow Times) RT is often accused of being a propaganda agency, but a culture of secrecy has made insider accounts difficult to come by. The Moscow Times spoke with several sources to get a rare glimpse inside.

Vietnamese hackers appear to be researching an NSA backdoor tool (Cyberscoop) A hacker group with suspected ties to the Vietnamese government appears to be researching a leaked National Security Agency tool codenamed ODDJOB, based on documents uploaded to the repository VirusTotal and tied to a source already identified as OceanLotus group, otherwise known as APT32.

A stolen Trump-Duterte transcript appears to be just one part of a larger hacking story (Cyberscoop) A leaked transcript of a phone conversation between President Donald Trump and his Philippine counterpart was available online for weeks before surfacing in news reports, and it now appears to be just one of a series of sensitive Philippine government documents acquired by a hacker group with suspected ties to the Vietnamese government, according to research conducted by multiple cybersecurity experts and evidence gathered by CyberScoop.

MS-17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver (TrendLabs Security Intelligence Blog) The EternalBlue exploit took the spotlight last May as it became the tie that bound the spate of malware attacks these past few weeks.

Hackers shelve crowdfunding drive for Shadow Brokers exploits (Naked Security) ‘Legal reasons’ cited for decision to drop the plan to crowdfund a security community subscription to a promised monthly dump of exploits

Whatever happened to NSA warez crowd funding idea? (@hackerfantastic) Statement on why we pulled the plug on the opensource crowdfunded #ShadowBrokers purchase

I'm retracting from the crowdfunding of the #ShadowBrokers dump. (@x0rz) Due to legal reasons I'm now retracting from the crowdfunding started to acquire the #ShadowBrokers dump

Kittens, bears or pandas: who’s behind the biggest cyberattacks? (Naked Security) WannaCry is just the latest attack where everyone wants to know who’s behind the outbreak – but how much do we really know about the cybercrooks? And how can we be sure?

US defense contractor secures Amazon S3 bucket after leaving sensitive data publicly exposed (Graham Cluley) A defense contractor has secured an Amazon S3 bucket containing sensitive intelligence data after accidentally leaving it publicly exposed.

Booz Allen Hamilton leaves 60,000 unsecured DOD files on AWS server (Cyberscoop) Leading U.S. government contractor Booz Allen Hamilton has been found to have left more than 60,000 sensitive files on a publicly accessible Amazon Web Services server, according to a leading cybersecurity researcher. The files were discovered by Chris Vickery, an analyst at the cybersecurity firm UpGuard...

Man Linked to Auto Parts Store Behind Bachosens Malware (BleepingComputer) A man linked to an auto parts store in a disputed territory of Moldova is behind the Bachosens malware, a backdoor trojan used in a very small number of attacks, but one of the most advanced threats of its kind.

Cyber Criminals Acquire Government Cyber Tools (PYMNTS.com) Sophisticated government spying tools are spreading like wildfire in the underground criminal market. As a result, amateur hackers are being mistaken for high-profile, government groups. Symantec Security, a leading security research firm, raised this concern in a recent blog post. Researchers highlighted the case of a Russian cybercriminal, who was nicknamed Igor by Symantec analysts. […]

Rapid7 Finds Security Vulnerability In Ecommerce Plugin, Yopify (Information Security Buzz) Rapid7 disclosed a found vulnerability in Yopify, an ecommerce notification plugin utilised by a number of websites including Shopify, that indirectly leaks the first name, last initial, city and purchase data of recent online shoppers – all without user authorisation. The various plugin sites show over 300 reviews of Yopify, which suggests that the number of …

Insecure Backend Databases Blamed for Leaking 43TB of App Data (Threatpost) More than 1,000 mobile apps are leaking personal information via unsecured backend platforms such as MongoDB, MySQL and others.

Fireball malware infected 250 million computers worldwide (Help Net Security) Fireball malware takes over target web browsers, turning them into zombies, and has infected over 250 million computers worldwide.

Palo Alto Networks Unit 42 Vulnerability Research May 2017 Disclosures (Palo Alto Networks Blog) Unit 42 researcher uncovers two new Adobe Flash Vulnerabilities.

Phishing Campaigns Follow Trends (SANS Internet Storm Center) Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields...

British Airways power meltdown blamed on IT contractor pulling the plug (Computing) BA source suggests that IT worker inadvertently switched off the power supply - and that UPS failed to cut in

Kmart Point of Sale Hacked with 'Undetectable' Malware (Infosecurity Magazine) In Kmart's second breach in three years, chip-and-PIN card readers significantly contained the fallout.

Hackers Demand Ransom for Stolen Surgery Photos (Infosecurity Magazine) Hackers demand Bitcoin ransom payment for stolen cosmetic surgery photos.

OneLogin Breach Reignites Concerns over Password Managers (Dark Reading) Entrusting all your passwords to a single organization creates a single point of failure, experts say in the wake of a new data breach at OneLogin.

Security Patches, Mitigations, and Software Updates

Google Purges Malware-Tainted Mobile Apps From Play Store (eWEEK) DAILY VIDEO: Google expunges apps tainted with ad fraud malware From Play Store; Panasonic unveils Its Latest Toughbook 2-in-1 hybrid; Trend Micro reveals state of human machine interface vulnerabilities; and there's more.

R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure (Rapid7) This post describes a vulnerability in Yopify (a plugin for various popular e-commerce platforms), as well as remediation steps that have been taken.

Cyber Trends

Weak DevOps cryptographic policies increase financial services cyber risk (Help Net Security) Weak DevOps cryptographic policies are a particular issue for financial services organizations, which have been early adopters of DevOps technology.

FTSE companies lack secure data collection methods (Help Net Security) More than one-third of all public web pages of FTSE 30 companies capturing PII are in danger of violating the regulation by doing so insecurely.

RSA: Digital Security Sets Organizations Apart | PYMNTS.com (PYMNTS.com) An annual report by RSA shows how consumers perceive the security of their digital experience, where those perceptions are well (or poorly) founded and how organizations can capitalize on opportunities to distinguish themselves in the market by providing stellar security. Is your information secure online? Are you sure? RSA takes a closer look at consumer […]

Bot.Me: A revolutionary partnership (PWC) How AI is pushing man and machine closer together

Marketplace

Cyber risk aggregation a threat to re/insurer solvency (ReinsuranceNe.ws) While underwriting cyber risks is seen as one of the biggest opportunities in insurance and reinsurance right now, the risks to re/insurers could be equall

DHS wants help to identify, attribute major web outages (Cyberscoop) DHS wants help identifying, attributing and combatting major internet disruptions — and will pay up to $15 million for research over the next three years.

Application of Network Measurement Science: Predict, Assess Risk, Identify (and Mitigate) Disruptive Internet-scale Network Events (PARIDINE) (US Department of Homeland Security Science and Technology Directorate) Research in such areas as Network Mapping and Measurement, Resilient Systems, Network Attack Modeling and Embedded System Security is essential for protecting critical infrastructure throughout the United States and the world.

YouTube bans ‘hateful’ videos from making money via its advertising network (TechCrunch) Following a backlash around brand advertising on controversial content, YouTube is making a move to clean up which videos are part of its ad network. The..

What Romeo and Juliet Can Teach Us About Security Market Confusion (Security Week) Recently, I was reminded of the well known quote from William Shakespeare’s play “Romeo and Juliet”: "A rose by any other name would smell as sweet". What exactly was I doing that reminded me of this quote? I was reviewing the different markets in the security space. How exactly does this bring this famous quote from “Romeo and Juliet” to mind? Allow me to elaborate.

Accenture acquires consulting firm LabAnswer (ZDNet) Accenture will use the acquisition to establish the new Accenture Scientific Informatics Services division.

Palo Alto Networks set for biggest rally since 2012 after strong results (Financial Times) Palo Alto Networks shot higher on Thursday, putting it in position for its biggest rise since its market debut almost five years ago after the US cyber security company unveiled upbeat results that bolstered expectations for a recovery after recent disappointments.

Check Point Software: My Cyber Security Pick (Seeking Alpha) Check Point’s recent earnings report shows that the company has a lot of room for growth, since it has no debt on its books. High margins and growth of cyber se

Data recovery firm Zerto doubles size of Boston HQ, plans hundreds of new hires (Boston Business Journal) Founded in 2010, Zerto is one of a number of young Massachusetts companies experiencing rapid growth by helping other firms store, manage and protect their data in the cloud. It's also been floated as a potential IPO candidate.

Dug Song (Crain's Detroit Business) Changing how Silicon Valley looks at Michigan

Ciao Group Announces New Cryptography Division to Develop Blockchain and Bitcoin Solutions in Addition to Other Emerging Cryptocurrency and Cryptographic Enterprises (PRNewswire) Ciao Group, Inc. (USOTC: CIAU) today announced launching a new Cryptography...

Malwarebytes seeks to cement Middle East footprint (ITP.net) Security vendors uses debut GISEC appearance to raise awareness around its solutions.

Radware lands largest-ever deal (NJBIZ) Mahwah-based cybersecurity firm Radware said Thursday it has secured its largest contract ever, a multimillion-dollar, three-year deal with a content delivery network service provider.

Israeli Government Awards Cyren with Cybersecurity Grant (PRNewswire) Cyren (NASDAQ: CYRN), a leading internet Security as a Service provider,...

LR Data Looks to Nominum to Deliver Managed Security Services for its Online Gaming Hub (BusinessWire) LR Data, Asia's first gaming jurisdiction, is securing the internet experience for millions of online gamers around the world with Nominum N2 ThreatAv

ESET Launches Year-long Campaign To Honor Three Decades of Innovation and Progress in IT Security (SatPR News) Today, cybersecurity leader ESET announces the launch of a global campaign commemorating its 30-year anniversary.

Exclusive Networks and Sophos part ways (ARN) Distributor and vendor agree mutual termination following 16-month partnership.

Pulse Secure Announces Distribution Agreement with Spectrami (Miltech) Dubai, United Arab Emirates – Under the terms of the agreement, Spectrami will offer its innovative Vendor Extension Model (VEM) to serve a channel community of Middle East regional partners through a full multi point engagement from pre-sales, sales, marketing, delivery and channel fulfilment.

Products, Services, and Solutions

New infosec products of the week: June 2, 2017 (Help Net Security) Plenty of new infosec product released this week. Featured vendors include Axis, CrowdStrike, EclecticIQ, Nest Labs. Nominum, WISeKey, and ZoneFox.

Microsoft warning over accidental release of Windows 10 test build to Insider Program members (Computing) Microsoft taking steps to ensure that 'rogue' builds aren't released in future

Microsoft Surface devices are immune to Intel AMT security vulnerability (BetaNews) Intel revealed in early-May that there is a critical security vulnerability in its Active Management Technology, which can be exploited to gain remote access to PCs. The feature is designed to help system administrators manage devices, so, due to its nature, it is more likely to affect enterprise users than consumers.

Beyond Security Joins LogPoint as Technology Partner (Banking Press Releases) The integration of security solutions hope to provide optimum security for customers.

Tenable Delivers Vulnerability Management Platform to Unify IT and OT Security (Dark Reading) Expanded Tenable.io platform incorporates Nessus Network Monitor alongside new container and web application security products for discovery and vulnerability management of operational technology assets, including ICS/SCADA.

Deloitte and LogRhythm Join Forces to Provide Advanced Cyber Security Solutions (BusinessWire) LogRhythm today announced that Deloitte in Canada has selected its Threat Lifecycle Management (TLM) technology to support Deloitte’s Managed Se

PhishMe® Offers Full-Service Phishing Response Service in EMEA with London Phishing Defence Centre Launch (BusinessWire) PhishMe, the leading provider of human phishing defence solutions, today announced the opening of their London Phishing Defence Centre (PDC).

Nominum announces availability of N2 Secure Business (Telecompaper) Nominum announced the availability of N2 Secure Business, a new cloud-based DNS security platform. Nominum said the platform can be offered as a network-based service by ISPs to protect their enterprise and small and mid-sized business (SMB) customers from IT security threats.

Raytheon Anschutz launches Synapsis Naval (Shephard) Raytheon Anschutz has launched a new naval navigation and bridge system called Synapsis Naval, the company announced on 30 May.

Tempered Networks makes it HIP to connect the unconnectable (Network World) Tempered Networks’ Identity-Defined Networking platform enables wide-area micro-segmentation without the age-old network barriers of address-defined networks.

Osprey Security Defends Global Ransomware Outbreak (IT Business Net) How Osprey Security's Endpoint Intelligence Platform protected its clients from a new wave of ransomware equipped with weaponized NSA exploits.

Verint Releases New CX Consulting and Service Offerings (MarTechSeries) Through CX strategy consulting, contact optimization, Omni-channel and digital experience, Verint customers can now take actions on the VoC Actionable Intelligence solutions provider, Verint Systems Inc. has announced a series of advanced Customer Experience (CX) consulting and packaged services which are specifically designed to help companies enhance their own customer experiences across interaction channels and customer […]

New York JFK international airport to enhance security with Thales (SatPRNews) John F. Kennedy International Airport (JFK) Terminal 4 is planning to modernise their Security Operations Center (SOC) with Thales – a world leader in airport security, providing smart airport solutions. This three-year contract is part of an extensive security modernization project at JFK Terminal 4 to enhance the situational awareness of its security operations.

Carbon Black Comes Out Swinging Against Cylance, Slams New EDR Solution (CRN) Just a week after the launch of its first EDR solution, Cylance has drawn fire from Carbon Black, which said in a blog post that the new competitor has a "lot of work ahead" if it wants to catch up to EDR leaders.

Technologies, Techniques, and Standards

In Remote Southern California Desert, U.S. Army Tests Advanced Cyber Weapons (NPR) In the remote southern California desert, Army soldiers are testing advanced new cyberweapons. The question is - are they too complicated to use on top of all the other equipment soldiers need in the field? Steve Walsh with member station KPBS spent a couple of days at Fort Irwin.

Cyber Mission Forces try to manipulate cyber terrain with new policy (FederalNewsRadio.com) DoD is reassessing the equipment cyber soldiers use and how it will fit in with the Pentagon’s goal of maintaining technological superiority.

Five essential pillars of big data GDPR compliance (DatacenterDynamics) The path to compliance through data governance

Improve incident response with SOPs for cyber threat intelligence (SC Media US) When it comes to improving cyberincident response, security teams can learn a valuable lesson from the military about the importance of standard operating

Report: Threat hunting is more SOC than intel (SearchSecurity) Early threat hunting is primarily SOC-driven. Despite the immaturity of some programs, 60% of those surveyed cited measurable security improvements.

10 Things to Consider Before Making a Security Software Purchase (PC World) Top tips to finding the right security solution for your needs

Citi Private Bank Issues New White Paper "Family Offices and Cybersecurity" (BusinessWire) Citi Private Bank released today a white paper focused on the growing cybersecurity threat and its relevance to Family Offices. The white paper survey

Are you creating cloud services security islands? | Networks Asia (Networks Asia) Cloud computing today is increasingly becoming the “de facto” technology for enterprises looking to stay agile and relevant in an increasingly disruptive economy powered by consumer trends and technologies.

OTA Members Reflect on Accomplishments Driving Online Security and Responsible Privacy (Benzinga) For more than a decade, the Online Trust Alliance has enhanced online trust and is now building for the future as an Internet Society initiative

Design and Innovation

The premature quest for AI-powered facial recognition to simplify screening (Ars Technica) "This technology at the airport... is premature. It’s not the right way to go."

Blockchain: What it Means for Cybersecurity (Infosecurity Magazine) Are Blockchains redefining cybersecurity or do they pose more security challenges than they solve?

Inside Google’s Global Campaign to Shut Down Phishing (WIRED) It's not easy keeping billions of devices safe from phishing attacks. Here's how Google pulls it off.

Research and Development

Researchers from National University of Singapore and Caltech Discover Quantum States Fingerprint to Prevent Quantum Computing Error (Science Times) The international team of researchers has discovered that all entangled states of quantum objects have a distinctive fingerprint. This finding of entangled quantum state fingerprint is able to prevent error in the quantum computing and cryptography.

Draper’s DragonflEye cyber-bug takes flight (TechCrunch) Back in January we heard about Draper's efforts to outfit a living dragonfly with a sort of solar-powered mind control backpack. This project, known as..

Academia

Illinois State University Upgrades Cyber Security Program With A $3 Million Funding [VIDEO] (University Herald) Illinois State University receives $3 million from State Farm to enhance its Cybersecurity Program.

Legislation, Policy and Regulation

The US Has Officially Blacklisted North Korea’s Tech And Defense Contractor (Motherboard) The US government just forbid any American citizen and company from dealing with North Korea’s unofficial tech department, but this will probably not change anything about North Korea’s internet.

Why Internet Access Is a Human Right (Foreign Affairs) Repressive governments around the world are increasingly turning to digital surveillance and Internet blackouts to stifle dissent.

Facebook, Google Urge Congress to Reform NSA Surveillance (Government Technology) Microsoft and Twitter also are among the 30 tech companies, trade groups and lobbyists asking Congress to reform Section 702 of the 2008 Foreign Intelligence Surveillance Act Amendments Act.

Who Benefits from the Backdoor in Technology? (Infosecurity Magazine) Governments want backdoors in encrypted communications, people want privacy, providers don't want to play ball - what's the solution?

Agencies Can Meet Challenges of Cyber Executive Order, MGT Act (MeriTalk) Government officials predict that though getting all Federal agencies to comply with the recent Cybersecurity Executive Order and the Modernizing Government Technology (MGT) bill will be difficult, the outcomes will be very beneficial for government.

BUDGET: Trump's spending plans keep DHS in cyber spotlight (EnergyWire) President Trump has called for slashing funds for most federal agencies while holding officials accountable for their cyberdefenses.

US visa applicants will have to provide social media handles (Help Net Security) Form DS-5535 requires visa applicants to share all social media handles. The decision of who'll be asked to fill it out rests with consular officials.

Litigation, Investigation, and Enforcement

What the House Subpoenas of Rice, Brennan, and Power in the ‘Unmasking’ Probe Mean (National Review) It’s not all about Russia.

Samantha Power Unmasked (Wall Street Journal) Why would a diplomat need to know the names of Trump officials?

Actually, There Was Extensive Improper NSA Collection Under Obama (National Review) President Trump, this morning: “The big story is the ‘unmasking and surveillance’ of people that took place during the Obama Administration.”

Fact Check: Why did the NSA breach privacy protections? (Weekly Standard) National Security Agency analysts under the Obama administration improperly searched Americans' information, but the searches were conducted largely out of error, according to a review of publicly available intelligence documents reported on by Circa last week.

FACT CHECK: Did 17 Intel Agencies ‘All Agree’ Russia Influenced The Presidential Election? (The Daily Caller) During an interview Wednesday with the tech news outlet Recode, former Democratic presidential candidate Hillary Clinton discussed at length her belief that Russian interference in the 2016 election

He didn’t give police his iPhone pass code, so he got 180 days in jail (Miam Herald) Christopher Wheeler of Hollywood, who is accused of hitting his daughter, insisted that he gave investigators what he remembered to be the right code to his phone.

Right to speak freely about engineering is subject of 1st Amendment lawsuit (Ars Technica) Engineer was fined $500 for discussing traffic-light engineering without a license.

ICO handed out £3.2m worth of data breach fines in 2016 (Computing) Human error cited as the main cause of most data breaches

Symantec Takes Rival Zscaler to Court at a Crucial Juncture (Market Realist) Symantec (SYMC) recently stepped up its legal battle against rival Zscaler by making seven more patent infringement claims against its competitor.

CMS IT boss Angelo Millena dodges jail time in trade union fraud scheme (CRN Australia) Judge says he is unlikely to re-offend.

Alleged Dark Web Gun Runners Smuggled Weapons in DVD Players, Karaoke Machines (Motherboard) The arrests come more than three years after their alleged last sale.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

upcoming Events

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's increasing sophistication has driven new trends in device mobility, social media, and expanded connectivity. Cyber security once considered an issue for IT staff has evolved into a concern for the entire organization. This year's conference examines the broad range of today's cyber challenges and the ways in which organizations can improve security, and create resiliency against cyber threats.

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks. Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create, store, process, and communicate information is vital to business continuity and security. CISSE supports cyber security educators, researchers and practitioners in their efforts to improve curricula and foster discussion of current and emerging trends, working to define education requirements and encourage development of information security curricula and courseware.

ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital world. The cybersecurity community will come together at ETSI to network and exchange on the state of standardization for cybersecurity.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong focus on networking, strengthening existing alliances and forming new ones. Get acquainted with the products and people leading the industry and creating new technological solutions to tackle today’s cyber challenges.

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber threat, and strategies and solutions that meet the diverse challenges for a wide range of sectors including finance, transportation, utilities, defense, communication and government, to protect operations, infrastructure and people.

LegalSec Summit 2017 (Arlington, Virginia, USA, June 13 - 14, 2017) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers. Organized by the International Legal Technology Association.

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, June 13 - 15, 2017) Cyber operations are a challenging mission for the U.S. Defense Department and government community that builds, operates and defends networks. Cyber leaders and warriors must continually evolve to adapt to future innovations and develop and leverage cutting-edge tools and technologies. AFCEA’s Defensive Cyber Operations Symposium provides an ethical forum where government and industry will focus on “Connect and Protect.” Participants will discuss requirements and solutions to ensure that the networks within DoD are adaptive, resilient and effective across a range of uses and against diverse threats. Speakers will include leaders in the Defense Information Systems Agency, Joint Force Headquarters-DoD Information Network and DoD Chief Information Office.

Global Cybersecurity Summit 2017 (Kiev, Ukraine, June 14 - 15, 2017) During the two-day summit, participants will be exposed to cybersecurity best practices, cutting-edge advancements, and emerging innovations in defensive security across a series of categories, including policy and government, Internet of Things (IoT), industrial controls, and more.

Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format, welcomes Norwich alumni and their guests interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level. Register today to reserve your space at the summit.

Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.

SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest cyber-attacks. Now is the time to enhance your skills and further your career.

Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps and is held every two years. It draws several thousand attendees and is designed to support the objectives of the Naval S&T Strategy. An updated version of the strategy will be unveiled at the event. It also will showcase some of the Navy’s and Marine Corp’s latest technologies and bring together the brightest minds from around the world to share information; discuss research opportunities; and build partnerships between the Navy, Marine Corps, industry and academia.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Another Vault7 dump from WikiLeaks. White hats think better of subscribing to the ShadowBrokers' exploit-of-the-month club. OceanLotus update. Fireball takes ad fraud to new levels. Royal Navy's Trident boats vulnerable? President Putin on hacking for the Motherland.