Every Sunday evening, the CyberWire will be taking a look back in the Week that Was, a narrative summary of the past seven days' significant cyber security news. Designed for busy professionals who need a week-to-week perspective on developments and trends, the Week that Was provides context for the breaking stories of the day. Every issue is organized topically, with inline links to sources the reader can follow for amplified detail. Like the Daily News Briefing, the Week that Was is delivered to subscribers by email, free and spam-free. If you already subscribe to the CyberWire Daily News Briefing you'll automatically receive the Week that Was (a sixth issue joining the five you already receive each week). If you aren't a Daily News Briefing subscriber but would like to sign up for just the Week that Was, you can do so here.
More Signal. Less Noise.
Cylance
Russia says (to widespread skepticism) it wasn't us who hacked QNA. Social engineering beats 2FA. Security cameras, routers, vulnerable to exploitation. EternalBlue's risks and mitigations. UK security receives criticism. Comey testifies today.
Announcements
The CyberWire announces a new service: the Week that Was.
Summary
Russian officials denied allegations that their country's intelligence services were behind the hacking of Qatar News Agency (QNA) in what appears to have been a provocation. Most observers, however, think the campaign looks like a Russian operation, and seems to be a bellwether of future online disinformation efforts.
Motherboard cites anonymous security industry sources who claim QNA's content management system was hijacked, and that poor security at the news service left it wide-open to compromise.
False stories suggested official Qatari sympathy for both Israel and (more damagingly) Iran. The incident began on May 23rd, with hoaxed broadcast news and a coordinated Twitter campaign. Neighboring Arab states, especially other members of the Gulf Cooperation Council, have since ostracized Qatar.
Investigation into the leaked NSA report on Russian influence operations turns up, as a side note, the considerable success the threat actors had defeating two-factor authentication: they simply convinced their marks to give them the second factor. The alleged leaker, Reality Winner, remains in custody, her arrest offering a cautionary tale for any who think the boss isn't watching.
F-Secure has identified vulnerabilities in networked security cameras produced by Foscam and sold under a variety of badges. Among the problems are hard-coded passwords users can't change.
While EternalBlue exploits are being weaponized against Windows 10, mitigations are also available, and believed effective.
British intelligence and security officials continue to receive criticism over their handling of known extremist threats.
Former FBI Director Comey testifies today before the US Congress about Russian influence operations.
Notes.
Today's issue includes events affecting Afghanistan, Australia, Bahrain, China, Iran, Israel, Libya, New Zealand, Qatar, Russia, Saudi Arabia, Singapore, United Arab Emirates, United Kingdom, United States
On the Podcast
In today's podcast, we hear from our partners at Level 3, as Dale Drew shares some healthcare security stats. Our guest, Drew Paik from Authentic8, visits us to offer timely vacation security tips.
Sponsored Events
CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.
CyberSecurity International Symposium (Chicago, Illinois, USA, July 10 - 11, 2017) Network with leading cybersecurity professionals, innovators, CIOs and regulators who are on the front lines of securing critical business and infrastructure networks. This in-depth Symposium examines the latest technologies, best practices, and lessons learned in achieving end-to-end network security for organizations of all varieties.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
The Hack that Caused a Crisis in the Middle East Was Easy (Motherboard) How hackers compromised “the entire“ network of TV station Qatar News Agency.
Did Russian Hackers Create Qatar’s Diplomatic Disaster? (Foreign Policy) U.S. investigators think Moscow planted fake news to start a fight, and have been on the ground in Doha.
Russia denies reports of hacking Qatar's state news agency (Fifth Domain | Cyber) Russian officials on Wednesday angrily rejected allegations that Russian hackers breached Qatar's state news agency and planted a fake news story that led to a split between Qatar and the other Arab nations.
The Gulf Widens (Foreign Affairs) As the rift among Gulf states grows, the Trump administration should avoid emboldening hard-liners in Riyadh and other Gulf capitals by arguing that Iran can’t be reasoned with.
Obama Admin Did Not Publicly Disclose Iran Cyber-Attack During 'Side-Deal' Nuclear Negotiations (Washington Free Beacon) State Dept. officials determined that Iran hacked their emails and social media accounts during a particularly sensitive week for the nuclear deal.
After WannaCry, experts fear the worst is yet to come as more cyberweapon leaks loom (International Business Times UK) New leaks from hacking team Shadow Brokers will result in a total 's**tshow'.
Super-expensive ransomware linked to online cybercrime market, say security researchers (ZDNet) Jaff ransomware operation shares servers with cybercriminal operation dealing in stolen credit cards say researchers.
Sleeping giant, botnets pose threat as ransomware attacks decline (SC Media US) While ransomware attacks are making headlines and are even on the decline, researchers warn botnets may soon pose a greater threat.
Hackers can steal large amount of data using router's LEDs (HackRead) Researchers from the University of Negvu have developed a way in which hackers can extract data from a victim’s computer using the LED lights displayed on
Internet cameras have hard-coded password that can’t be changed (Ars Technica) Cameras with multiple brand names are wide open to remote hacking.
Vulnerabilities in Foscam IP Cameras (F-Secure) F-Secure has identified 18 different vulnerabilities in the Opticam i5.
The black market for black markets-Cybercrime goes PaaS (Intsights Cyber Intelligence) IntSights Research Group (IRG) has uncovered an interesting new development: a black market for black markets - selling a black market framework (platform)
New Research from Terbium Labs Examines Dark Web Fraud Guides (Marketwired) Researchers classify content from more than 1,000 guides available for sale on the Dark Web to gain a better understanding of criminal activity and potential threats to organizations
Outdated Operating Systems, Browsers Correlate with Real Data Breaches (Dark Reading) Study shows companies running out-of-date OSes were three times more likely to suffer a data breach, and those with the outdated browsers, two times more likely.
Security Patches, Mitigations, and Software Updates
Windows 10 Mitigations Make Future EternalBlue Attacks Difficult (Threatpost) Now that researchers have built a port of EternalBlue to Windows 10, they’ve probably only now caught up to what the NSA has had for a long while.
June’s Android Security Bulletin Address Critical Vulnerabilities in Media Framework and Qualcomm Components (TrendLabs Security Intelligence Blog) Google recently released their June security bulletin for Android, which addresses critical vulnerabilities found in Media framework, as well as various critical vulnerabilities that are based on Qualcomm components. As with previous Android security updates, this month’s bulletin is available via over-the-air updates for native Android devices or via service providers and manufacturers for non-native devices.
Verizon Outs Android Security Patch For The LG V10 & LG G4 (AndroidHeadlines.com |) Verizon Wireless is launching the latest Android security patch on two of LG’s smartphones released back in 2015, specifically the LG V10 and LG G4. The so
Cyber Trends
The Race Between Security Professionals and Adversaries (Recorded Future) Our research shows more than 75% of vulnerabilities are disclosed on dark web and security sources before National Vulnerability Database publication.
Why Manufacturers Should be Mindful of Cybersecurity (Forbes) Hackers can penetrate the corporate IT network of a manufacturing company, then gain access to a robot's controller software and, by exploiting a vulnerability remotely, download a tampered configuration file. As a result, instead of a straight line, the robotic arm draws one that is 2 mm off. This minuscule defect, if left unnoticed, could lead to catastrophic effects in this hypothetical example -- this line is responsible for welding the chassis of a car that, if compromised, could result in casualties and a vehicle recall.
InfoSec 2017: Brexit+GDPR = business disaster? (Naked Security) GDPR is a challenge for businesses all over the world – and the UK faces a particular mountain to climb as it prepares to leave the EU
Cybersecurity Is Dead (Forbes) Well-known cybersecurity firm Crowdstrike greets travelers who arrive at San Francisco International Airport with a rather bold claim advertised throughout the terminals. The advertisements pose a pernicious yet seemingly tidy answer: "Yesterday’s Antivirus Can’t Stop Today’s Cyber Attacks. Crowdstrike Falcon Can."
Americans to Digital Platforms: Take a More Hands-On Approach to Stopping Bad Actors Who Are Undermining Consumer Trust (PRNewswire) American consumers are worried that digital platforms are being...
Websites built by freelance developers are plagued with security failures (Help Net Security) Websites developed by “budget” developers, without portfolios or references, tend to be plagued with critical security failures. Website security.
For timely vulnerability information, unofficial sources are a better bet (Help Net Security) The adversary community is actively monitoring and acting on the broad set of sources initially releasing vulnerability information.
Marketplace
Minerva Secures $7.5 Million in Series A Funding to Advance Endpoint Security (PRNewswire) Minerva, a provider of endpoint security solutions, today...
TrapX Security: Secures New Funding and Appoints New CEO (PRNewswire) TrapX Security®, a global leader in deception-based...
Illumio, a specialist in segmented security, raises $125M at $1b+ valuation (TechCrunch) Another day, another major round of funding for a security startup, underscoring just how active the area of IT protection is right now -- both in terms of..
RiskRecon Raises $12M for Third-Party Risk Management (eSecurity Planet) The startup's risk management portal enables enterprises to assess the security posture of their third-party IT providers.
Cyber-Security Firm Netskope Raises $100 Million in a Bid to go Public (News18) The Series E round was led by existing investors Lightspeed Venture Partners and Accel.
GnuPG developers start new fundraising effort (Help Net Security) Werner Koch and his team of GnuPG developers are asking for funding the continued development of the popular free email and data encryption software.
Cylance AI Guys Are Starting a New Company (Fortune) Meet Obsidian Security, which just bagged $9.5 million in funding.
Here's Why You Should Hold on to Palo Alto (PANW) Stock Now (NASDAQ.com) A successful portfolio manager understands the importance of adding well-performing stocks at the right time. Indicators of a stock's bullish run includes a rise in its share price and strong fundamentals.
Palo Alto Networks: Cramer's Top Takeaways (TheStreet) Mark McLaughlin, chairman and CEO of Palo Alto Networks, tells Jim Cramer that his sales organization restructuring is producing good results.
Air Force contract will support emergency comms (C4ISRNET) General Dynamics was awarded a $53 million DIRECT contract.
Bombardier protests Compass Call crossdeck, joining Boeing in challenging the program (Defense News) This is the second protest from Bombardier since the program started.
Pentagon revamps cyber weapons acquisition strategy (Defense Systems) The Pentagon has found that its traditional methods of designing and buying cyber weapons are ill suited for this fast-changing battlefield.
Products, Services, and Solutions
Cyphort Debuts the Anti-SIEM at Infosecurity Europe (Marketwired) First open demonstration of advanced security analytics, advanced threat defense and auto mitigation platform that sharply reduces the time, cost and complexity challenges associated with legacy SIEM solutions.
SentinelOne Joins Fortinet Fabric-Ready Program to Integrate Advanced Endpoint Protection with the Fortinet Security Fabric (GlobeNewswire News Room) Fortinet and SentinelOne Deliver a Joint Security Solution to Address Today’s Most Advanced Persistent Threats
Oracle Enhances Cloud Security Service Using Machine Learning Algorithms (IT Business Edge) In much the same way that banks rely on algorithms to identify potential fraudulent transactions, Oracle today announced it is applying machine learning algorithms to a suite of Oracle Security Operation Center cloud services in a way that makes it easier to identify anomalous user behavior.
Gemalto secures remote access at Canterbury District Health Board with SafeNet Authentication Service (CIO India) Physicians and other staff members at the Canterbury District Health Board wanted to access email and other services remotely. By leveraging SafeNet Authentication Service, the security team established strong defenses against phishing and other security threats, while improving end-user convenience.
Kalaam Telecom launches disruptive SD-WAN technology (Capacity Media) Kalaam Telecom has teamed up with Versa Networks to launch Bahrain's first secured software-defined wide area network (SD-WAN) infrastructure.
Hillstone Networks Selects Lastline to Provide Advanced Malware Detection (GlobeNewswire News Room) Hillstone joins growing community of high-profile cybersecurity vendors that integrates Lastline to provide comprehensive threat protection
PhishMe Q1 Malware Review Shows Ransomware Calm Before the Storm (BusinessWire) PhishMe Inc. (www.phishme.com), the leading provider of human phishing defense solutions, today released its comprehensive malware trends analysis for
InfoArmor to Feature the Newest Version of the Award-Winning VigilanteATI® 3.0 and VigilanteATI Accomplice® Advanced Threat Intelligence Platform at Infosecurity Europe (Marketwired) InfoArmor's award-wining VigilanteATI delivers true operatively-sourced threat intelligence
Sumo Logic Delivers the Platform to Democratize Machine Data Analytics (Marketwired) Disruptive licensing model, native integrations and user experience innovations make real-time continuous intelligence accessible to millions
Symantec certificate authority aims for more delays on browser trust (Search Security) Is the Symantec certificate authority operation too big to fail?
Intercede's MyIDaaS Eliminates Workplace Passwords (BusinessWIre) Today, digital identity and credentials expert Intercede announced MyID as a Service (MyIDaaS), a convenient and affordable cloud-based &lsq
Fhoosh Showcases Fastest IoT AES256 Security Solution for Streaming Hi-Def Video at Verizon Emergency Responder Event (FHOOSH) Secure Video Demonstrations During Operation Convergent Response To Include Tactical K9s and Robots SAN DIEGO and PERRY, Ga. — June 7, 2017 — FHOOSH, Inc., a leader in high-speed cybersecurity software, today announced that it has been selected to demonstrate its advanced, Internet of Things (IoT) data protection solutions applied to streaming secure video at …
Kyushu Telecommunication Network (QTNet) Protects its Broadband Network and Enhances Reliability With Nominum DNS Security (BusinessWire) QTNet, a subsidiary of Kyushu Electric Power Company in Fukuoka, Japan, has selected Nominum DNS solutions to improve the security and performance of
CETECOM becomes a member and test center of the LNI 4.0 lab network (Presse Box) CETECOM is a new member and test center of the network LNI 4.0 and supports German SMEs in the use and development of wireless technologies in industrial environments
Kiwis - too relaxed about cybercrime? Palo Alto tech ramps up NZ cybersecurity (Security Brief) Why do many Kiwis still ignore the real repercussions of not considering business continuity?
Booz Allen Hamilton highlights the need for organisations in Oman to secure IoT alongside traditional IT,Oman (Muscat Daily News) The Internet of Things (IoT) continues to gain a strong footing in the GCC across different sectors ranging from manufacturing and transportation to energy. The vulnerability of IoT to external cyber threats remains high - in fact even higher than traditional IT, a recent Booz Allen Hamilton report has highlighted.
CensorNet Creates Unique Offering with MFA & USS Integration (PRNewswire) CensorNet, the complete cloud security company, has announced the...
Technologies, Techniques, and Standards
Army protects next generation navigation technology from cyber attacks (Defense Systems) Military leaders discussed the progress and urgency of pursuing cyber security readiness at AFCEA’s Army IT Day.
#Infosec 17 Security Teams Must Go Back to Basics: Akamai (Infosecurity Magazine) #Infosec 17 Security Teams Must Go Back to Basics: Akamai.
Firms stockpiling Bitcoins ready to pay off ransomware crooks (Naked Security) But why stockpile when you could just buy Bitcoins when you need them, right? Wrong: it’s a bit more complicated than that
Guest Post: Digital ID - Biometrics are the key to marrying security and convenience (Planet Biometrics) Only biometrics can unify the age-old opposing forces of user-experience and digital security
Security in the Cloud: Pitfalls and Potential of CASB Systems (Dark Reading) The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
Complexity of developing a cyber defense strategy [Commentary] (Fifth Domain | Cyber) For decades, our adversaries have been and continue to constantly seek new ways to compete with the United States on a much more level battlefield. Cyber has much, if not all, of what they have been looking for.
The Unfitness of Traditional Military Thinking in Cyber (IEEE Access) Comprehensive theories of conflict in the cyber world have not yet been developed, but the utilization of traditional military strategy and operational concepts in lieu of existing strategies in this realm can mislead, resulting in spurious assessments and unfavorable outcomes.
Scraping actionable intelligence from Word docs (GCN) Historical data extracted from text files helped deliver a strategy for housing and space management at detention facilities.
Design and Innovation
Data61 reports blockchain will have a profound impact on the economy (Financial Review) The much-hyped technology will enhance productivity across the agriculture, banking, healthcare, logistics and public sectors.
BAE Systems Adds Movement Intelligence to GXP (Multi-Video) (American Security Today) BAE Systems has integrated capabilities called Movement Intelligence (MOVINT), into its Geospatial eXploitation Products™ (GXP®) line of software, helping analysts to more easily identify intelligence threats using motion sensors. These new capabilities include complex multi-tracking analytics, interpret movement and activity from video, radar, and other types of motion sensors, enabling analysts to efficiently track people, …
Research and Development
DARPA exploring how to hunt for hackers on a global scale (Fifth Domain | Cyber) The Defense Advanced Research Projects Agency is looking to award multiple contracts for the Cyber-Hunting at Scale (CHASE) project, which addresses the development of strategic digital tools to dynamically process data leading to the detection and mitigation of cyberthreats across DoD networks.
Symantec Patent Protects Torrent Users Against Malware (TorrentFreak) Symantec Corporation has secured a patent that uses reputation scores to evaluate whether torrent files can be trusted or not. Through this system, the company can warn torrent users if they are about to download a fake torrent, or one that likely links to malware or other scammy content.
Academia
IST professor uses NSF CAREER Award to advance malware detection (Penn State University) Dinghao Wu, assistant professor in Penn State's College of Information Sciences and Technology, recently was awarded a CAREER Award from the National Science Foundation. Wu’s area of expertise is in software cybersecurity, a topic that has become increasingly paramount on a global scale.
You think that post is secret? Beware – it can come back and bite you (Naked Security) ‘Once posted, forever toasted’: as 10 would-be Harvard students learned, it pays to be careful about what you say online and where you say it
Legislation, Policy and Regulation
What’s in the New Australia-Singapore Cyber Pact? (The Diplomat) The two countries recently inked an MOU on cybersecurity.
With Qatar Hack, the Kremlin May Be Opening a New Front in Its Global Information War (Defense One) A fake video slipped onto a government website may have touched off Qatar’s diplomatic isolation.
Trump eases Qatar critique, offers to mediate Gulf spat (Military Times) President Donald Trump offered Wednesday to personally broker a resolution to the Persian Gulf's escalating diplomatic crisis, as both he and Qatar looked past his pointed suggestion only a day earlier that the tiny gas-rich nation enables terrorism.
A Base is More than Buildings: The Military Implications of the Qatar Crisis (War on the Rocks) The Gulf Cooperation Council is a military alliance that aspires to be a Middle Eastern NATO, but lately it looks more like a fraternity expelling a chroni
DoD's assessment of China's information capabilities (C4ISRNET) DoD released its annual assessment of China's military capabilities.
Former DoD official: U.S. 'more and more vulnerable' to cyberattacks - Cyberscoop (Cyberscoop) Vital U.S. industries like banking and telecommunications are more vulnerable than ever to cyberattacks; the military systems that ought to deter such incursions are themselves susceptible to hackers; and in any case, not all of the actors who will soon be capable of launching such destructive online strikes can be deterred. That’s the scary takeaway from remarks Tuesday by former Pentagon cybersecurity policy chief James N. Miller.
US Must Boost War Games, Data Sharing With Allies: DIA (Breaking Defense) In a stark speech clearly intended to get people off their complacent butts, the Marine general who leads the Defense Intelligence Agency told an approving audience here that the Intelligence Community risks becoming as irrelevant as the Kodak film company became with the advent of digital photography.
Army Reviews ALL Networks — Way Beyond WIN-T: Milley & Speer (Breaking Defense) The Army is conducting a wide-ranging review of “a whole series of vulnerabilities” in its communications systems that extends far beyond the troubled WIN-T program, the Chief of Staff and acting secretary told reporters today.
Big changes coming for Air Force Cyber Command (Fifth Domain | Cyber) Changes are afoot for Air Force Cyber.
InfoSec 2017: ‘One disaster away from governments doing something’ on IoT (Naked Security) IoT is ‘eating the world’, warned Bruce Schneier at InfoSec 2017 – and it’s up to us to make sure that the inevitable regulation is smart, not stupid
Politicians Call for Reforms in Security, Intelligence Sectors (TOLOnews) They also called on the Afghan people to protect unity among themselves to thwart negative propaganda by the enemies.
HHS Plans to Stand Up Its Own Cyber Command Center by the End of June (FedTech) The Health Cybersecurity and Communications Integration Center will share health-specific cybersecurity threats with agencies and deliver best practices to providers.
What Christopher Wray Learned from the Last Two FBI Directors (WIRED) With a tweet Wednesday morning, President Trump announced his pick to replace James Comey as FBI director.
Litigation, Investigation, and Enforcement
London Bridge terror: midnight meeting five days before Borough Market stabbing - video (Times (London)) The London Bridge terrorists were filmed laughing, joking and hugging as they plotted their murderous rampage five days before the atrocity. The Times has obtained images of the Islamist fanatics...
British Intelligence Fails Again (Foreign Affairs) Far too many European governments and police forces, including the British, were happy to see the backs of militants when they left to join ISIS. But people can come back, and even if they don’t, they leave sympathizers and admirers behind.
Alleged Russian hack reveals a deeply flawed US election system (Fifth Domain | Cyber) Security experts have long contended that the highly decentralized, often ramshackle U.S. election system is its own best defense against trickery or sabotage. New evidence from a leaked intelligence document suggests that foreign adversaries are exploring ways to attack it anyway.
Reality Winner, N.S.A. Contractor Accused of Leak, Was Undone by Trail of Clues (New York Times) Reality Leigh Winner expressed outraged political views on social media after President Trump was elected, suggesting a possible motive for leaking classified material.
The latest NSA leak is a reminder that your bosses can see your every move (Washington Post) The case of Reality Winner, the 25-year-old woman arrested and accused of linking classified information, shows the limits of your privacy at work.
US Charges NSA Contractor Over Leak of Russia Hacking Report (BleepingComputer) The US Department of Justice (DOJ) has filed official charges against a 25-year-old woman, Reality Leigh Winner, of Augusta, Georgia, for leaking classified material to the press.
The arrest of Reality Winner highlights US intelligence vulnerability (the Guardian) Years after Edward Snowden’s NSA revelations, leaks continue as about 35% of those with top secret clearances – 428,000 people – are contractors
Accused Leaker Reality Winner Worked at NSA Listening Post (The Daily Beast) The woman arrested for spilling secrets likely put her foreign-language skills to use translating intercepted communications at the “Sweet Tea” center in Georgia.
Reality Winner: NSA contractor and environmentalist repulsed by Trump (the Guardian) Friend describes Winner, first person charged by Trump administration with violating Espionage Act, as ‘obsessed’ with fight against Isis
NSA Director Michael Rogers says he never felt "pressured" by White House to influence Russia investigation (Newsweek) The NSA director and National Intelligence Director Dan Coats responded to media reports that Trump had tried to interfere with the FBI's Russia investigation.
US intelligence chiefs decline to discuss Trump contacts (Military Times) Lawmakers verbally sparred with top intelligence chiefs on Wednesday after they staunchly refused to answer questions about conversations they had with President Donald Trump regarding probes into Russian activities during the election.
Would You Trust These Men With a Massive Surveillance Dragnet? (Motherboard) America's top intelligence officials had a shady day in Congress.
Preview of Comey's planned remarks to Congress (Federal Times) Comey is set to testify Thursday before the Senate intelligence committee.
Comey: Trump Denied He Was Involved With ‘Hookers’ in Russia (Foreign Policy) The former FBI director’s prepared testimony is a reality TV preview of what’s to come.
How did Russia get good at cyber warfare? Expert blames Snowden (WNYW) United States intelligence agencies -- including the Department of Homeland Security, the FBI and others -- agree that Russian spies interfered with the election of a United States president.
Apple Employees in China Detained for Selling User Data (Dark Reading) Chinese authorities in Beijing detained twenty-two Apple employees suspected of illegally obtaining personal data.
Industry Events
upcoming Events
RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.
Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.
BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks. Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.
29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.
21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create, store, process, and communicate information is vital to business continuity and security. CISSE supports cyber security educators, researchers and practitioners in their efforts to improve curricula and foster discussion of current and emerging trends, working to define education requirements and encourage development of information security curricula and courseware.
ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital world. The cybersecurity community will come together at ETSI to network and exchange on the state of standardization for cybersecurity.
Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong focus on networking, strengthening existing alliances and forming new ones. Get acquainted with the products and people leading the industry and creating new technological solutions to tackle today’s cyber challenges.
Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber threat, and strategies and solutions that meet the diverse challenges for a wide range of sectors including finance, transportation, utilities, defense, communication and government, to protect operations, infrastructure and people.
LegalSec Summit 2017 (Arlington, Virginia, USA, June 13 - 14, 2017) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers. Organized by the International Legal Technology Association.
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, June 13 - 15, 2017) Cyber operations are a challenging mission for the U.S. Defense Department and government community that builds, operates and defends networks. Cyber leaders and warriors must continually evolve to adapt to future innovations and develop and leverage cutting-edge tools and technologies. AFCEA’s Defensive Cyber Operations Symposium provides an ethical forum where government and industry will focus on “Connect and Protect.” Participants will discuss requirements and solutions to ensure that the networks within DoD are adaptive, resilient and effective across a range of uses and against diverse threats. Speakers will include leaders in the Defense Information Systems Agency, Joint Force Headquarters-DoD Information Network and DoD Chief Information Office.
Global Cybersecurity Summit 2017 (Kiev, Ukraine, June 14 - 15, 2017) During the two-day summit, participants will be exposed to cybersecurity best practices, cutting-edge advancements, and emerging innovations in defensive security across a series of categories, including policy and government, Internet of Things (IoT), industrial controls, and more.
Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.
Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format, welcomes Norwich alumni and their guests interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level. Register today to reserve your space at the summit.
Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.
SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest cyber-attacks. Now is the time to enhance your skills and further your career.
Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps and is held every two years. It draws several thousand attendees and is designed to support the objectives of the Naval S&T Strategy. An updated version of the strategy will be unveiled at the event. It also will showcase some of the Navy’s and Marine Corp’s latest technologies and bring together the brightest minds from around the world to share information; discuss research opportunities; and build partnerships between the Navy, Marine Corps, industry and academia.
Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.
Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling the effects. At the Global Insider Threat Summit, we'll discuss why the changing tech landscape means adapting a new approach to cybersecurity -- and why user behavior is the starting point.
Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.
Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes distinguished speakers from all corners of the world, representing a rich consortium of thought leaders who are advancing cybersecurity in various sectors. Learn first-hand from top government officials, industry leaders, and researchers during the Main Plenary at Cyber Week with access to the most recent updates and predictions.
O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.
SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.
2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.
Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.