The CyberWire is pleased to announce that our new weekly news wrap-up, the Week that Was, is now out and available. View it here, in case you missed yesterday's email. We plan to publish the Week that Was every Sunday evening.
More Signal. Less Noise.
Cylance
Malware used in December's Ukrenergo attack analyzed. CertLock Trojan blocks security software installation. MacSpy and MacRansom analyzed--malware-as-a-service targeting Macs. Ransomware found in bogus Android King of Glory game. Platinum APT exploits AMT vulnerability.
Announcements
The CyberWire's Week that Was is out.
Summary
Researchers at Dragos and ESET are today releasing new reports on malware that hit Ukraine's power grid last December. They're calling the attack code "Crash Override" or "Industroyer," and they compare it to Stuxnet in terms of the severity of its threat to physical systems. Crash Override is modular and readily tailored to its targets. The Ukrenergo attack now looks like a dry run.
Access Now reports a new form of social media hijacking, "Doubleswitch," which renders its victims effectively unable to regain control of their accounts. Observed in Venezuela, DoubleSwitch has been used against critics of the Chavista regime.
Various researchers are reporting a new Trojan, "CertLock," in the wild. Carried by a range of unwanted programs, the Trojan renders those programs more difficult to clean from Windows systems by blocking the certificates of security software.
Researchers at AlienVault and Fortinet have obtained and analyzed live samples of MacSpy and MacRansom, two varieties of malware-as-a-service that have been on offer in dark web souks at least since the last weeks of May. As the names suggest, they target Mac systems with, respectively, spyware and ransomware. As Mac marketshare rises, so does Mac malware's black marketshare.
Sophos reports a ransomware outbreak in Chinese Android systems—the malicious code hides in a bogus copy of the King of Glory game. (The ransomware copies WannaCry's user interface, but it's not WannaCry.)
Microsoft finds the Platinum APT exploiting flaws in Intel chip sets' Active Management Technology to execute malicious code in targeted machines.
Notes.
Today's issue includes events affecting Bahrain, Belgium, China, Egypt, France, Germany, Gibraltar, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Libya, Maldives, NATO/OTAN, Qatar, Russia, Saudi Arabia, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela and Yemen
A note to our readers: We'll be down in Northern Virginia tomorrow, covering Cybertech Fairfax. We also plan to stroll down Pratt Street and see what's up at AFCEA's Defensive Cyber Operations Symposium, meeting in Baltimore from tomorrow through Thursday.
On the Podcast
In today's podcast, we hear from our partners at Webroot, as David Dufour describes the challenges of attribution: why we care who did it, but why it's so hard to find out. Our guest, Robert Rodriguez of SINET, describes the Innovation Summit, coming next week to New York City.
Sponsored Events
UMBC Cybersecurity Graduate Program Open House (Catonsville, Maryland, USA, June 21, 2017) Whether you’re changing careers or want to move into management, UMBC’s Cybersecurity graduate programs can get you where you want to be. Join us to learn how on 6/21.
The Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).
CyberSecurity International Symposium (Chicago, Illinois, USA, July 10 - 11, 2017) Network with leading cybersecurity professionals, innovators, CIOs and regulators who are on the front lines of securing critical business and infrastructure networks. This in-depth Symposium examines the latest technologies, best practices, and lessons learned in achieving end-to-end network security for organizations of all varieties.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
'Crash Override': the Malware that Took Down a Power Grid (WIRED) At midnight, a week before last Christmas, hackers struck an electric transmission station north of the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity.
Newly Discovered ‘Nightmare’ Cyber Weapon Is Already Causing Blackouts (The Daily Beast) The first hack was small, cutting power to part of Kiev. But security experts now warn that was just the start—the malware is a genuine cyber weapon that threatens the U.S.
Qatar-Gulf crisis: All the latest updates (Al-Jazeera) The latest news after Arab Gulf countries cut diplomatic ties with Qatar and suspended Doha-bound flights.
Qatar reveals preliminary results of QNA hacking probe (Al-Jazeera) Investigation team identified sources through which the cyber-attack was carried out, interior ministry says.
Al-Jazeera claims to be victim of cyber attack as Qatar crisis continues (Ars Technica UK) Broadcaster targeted after hackers planted “fake news” on Qatar’s state news service.
UAE email leak: Yousef al-Otaiba criticises Trump (Al-Jazeera) New round of leaked emails show repeated criticism of then presidential candidate Trump by UAE ambassador to the US.
Zawahiri lectures on global jihad, warns of national boundaries (FDD's Long War Journal) Sometime in the last few years, al Qaeda emir Ayman al Zawahiri got an editor. Known for his long-winded lectures, Zawahiri has increasingly recorded shorter messages with more focused arguments.
The “Doubleswitch” social media attack: a threat to advocates in Venezuela and worldwide (Access Now) Our Helpline discovered a new hijacking attack on social media that places users at risk worldwide -- especially journalists and human rights defenders.
Information Warfare: THAAD The Hack Attack Magnet (Strategy Page) In May 2017 the United States revealed that it had sent one of its few cyber protection teams to defend the THAAD (Terminal High Altitude Area Defense) battery sent to South Korea earlier and declared operational in April.
CertLock Trojan Blocks Security Programs by Disallowing Their Certificates (BleepingComputer) A new Trojan called CertLock blocks Windows security vendor's programs from being installed or running by blocking their certificates in Windows.
MacRansom and MacSpy Malware-as-a-Service Portals Put Mac Users on Alert (BleepingComputer) Security researchers have finally got their hands on samples of two new strains of Mac malware that have been offered through Malware-as-a-Service (MaaS) portals on the Dark Web for almost two weeks now.
MacRansom: Offered as Ransomware as a Service (Fortinet Blog) Many Mac OS users might assume that their computer is exempt from things like ransomware attacks and think that their...
IBNS Malicious Infrastructure Targets Financial Institutions (Wapack Labs) In the last days of May, Wapack Labs identified a large email delivery infrastructure targeting multiple industries including finance...
Android ransomware hides in fake King of Glory game (Naked Security) Taking design cues from WannaCry, a fake copy of the popular King of Glory game is being used to spread ransomware
Sophos: Beware the rise of the super-professional cyber-criminal (IT Pro Portal) Ransomware is getting more professional, and we should all be doing more to prepare for it, Sophos expert tells ITProPortal.
ForcePoint: TrickBot spreading using Necurs botnet (Computing) TrickBot malware shifts from malvertising to Necurs botnet to spread, warns Malwarebytes,
Platinum APT First to Abuse Intel Chip Management Feature (Threatpost) Microsoft has found a file-transfer tool used by the Platinum APT that leverages Intel Active Management Technology to stealthily load malware onto networked computers.
PLATINUM continues to evolve, find ways to maintain invisibility (Windows Security) Back in April 2016, we released the paper PLATINUM: Targeted attacks in South and Southeast Asia, where we detailed the tactics, techniques, and procedures of the PLATINUM activity group.
GameStop Online Shoppers Officially Warned of Breach (Threatpost) Some customers are irked it took GameStop months to inform them that their personal and financial information could have been compromised in a breach of GameStop.com that began in August 2016.
How End-User Devices Get Hacked: 8 Easy Ways (Dark Reading) Security experts share the simplest and most effective methods bad guys employ to break into end-user devices.
Half of ICS Firms Suffered Security Incident Last Year (Infosecurity Magazine) Half of ICS Firms Suffered Security Incident Last Year. Kaspersy Lab claims ineffective security costs them $497K each year
Ogdensburg working to shift funds to make up for cost of recent cyber attack (North Country Now) The City of Ogdensburg is working to shift around funding in the wake of a cyber attack in April, according to a report.
Security Patches, Mitigations, and Software Updates
Virgin Media rushes to patch security flaw in Super Hub routers (Computing) One encryption key to rule all routers clearly a bad idea,
Microsoft's Next Windows 10 Security Feature Looks to Be Exploit Guard (Petri) Microsoft is working on a new security feature for Windows 10 called Exploit Guard that will allow admins to block users and applications from accessing dangerous domains.
Cyber Trends
Companies more prone to cyber attack, 60% software unregulated: EY (The Economic Times) Last month, over 100 countries were hit by 'WannaCry' ransomware in one of the most widespread cyber attacks in history.
PhishLabs Releases Phishing Trends & Intelligence Report for Q1 2017 | 06/08/17 (Business Insider) PhishLabs, the leading provider of 24/7 phishing defense and intelligence solutions, today announced the release of its Phishing Trends & Intelligence (PTI) Report for the first quarter of 2017.
Cisco VNI: DDoS Attacks to Increase 2.5-Fold By 2021 (Infosecurity Magazine) The average DDoS attack size is approaching 1.2Gbps—enough to take most organizations completely offline.
Bored employees seen as biggest potential data security risk (Help Net Security) Employees who become distracted at work are more likely to be the cause of human error and a potential security risk, according to a Centrify poll.
Pirate Bay founder: We’ve lost the internet, it’s all about damage control now (The Next Web) TNW spoke with Pirate Bay's Peter Sunde about the miserable state of the internet and how we've lost the chance to decentralize it.
What Marketers Need To Know About Cybersecurity (Forbes) What do marketers need to know about cybersecurity?
Marketplace
The Behavioral Economics of Why Executives Underinvest in Cybersecurity (Harvard Business Review) And how to change their minds.
Here’s what the top accelerators in North America are funding (TechCrunch) The top startup accelerators have a history of seeing the future in ideas that sounded silly at the time. After all, who would have foreseen billion-dollar..
No known ransomware can infect Windows 10 S, but Microsoft remains worried, buys Israel's Hexadite (International Business Times, India Edition) Cyber threats like ransomware are growing in sophistication and reach, leaving Microsoft worried about Windows 10's security.
Better Buy: Palo Alto Networks, Inc. vs. Check Point Software (The Motley Fool) The two upstart data security providers are taking decidedly different paths to growth.
Palo Alto: Recovery Or Mediocrity? (Seeking Alpha) About a week ago, Palo Alto reported the results of its fiscal Q3. Many sub-headline metrics continued to deteriorate in a very noticeable fashion.
Diversify from FireEye Inc (FEYE) Stock to Win in Cybersecurity (InvestorPlace) Given the uncertainty in the value of FEYE stock and its peers, it might be a better idea to more widely invest in the space.
Trump-linked US firm at heart of French intelligence (EU Observer) French counter-terrorism services have begun work with a US firm that is close to Trump and to the CIA, posing questions on French data security.
Booz Allen secures Navy network contract (C4ISRNET) Booz Allen Hamilton has been awarded a $96.1 million Navy tactical network deal.
Thales opens a new cybersecurity training centre in Belgium (Military Technologies) Thales is inaugurating a new Cyberlab today in Tubize, in the south of the Brussels region...
Lookout Makes Key Hires to Support Record Company Growth (PRNewswire) Lookout, the global leader in securing mobility, has added two key...
Products, Services, and Solutions
Infoblox and Rapid7 Deliver Security Orchestration to Bridge Silos (Infoblox) Infoblox Inc., the network control company that provides Actionable Network Intelligence and Rapid7, Inc. (NASDAQ: RPD), a leading provider of analytics solutions for security and IT operations, today announced new solution integrations to provide enhanced security orchestration capabilities.
Google game teaches kids about online safety (Help Net Security) Talking to kids about online safety is a difficult undertaking for many adults, and making the lessons stick is even harder.
Comodo AEP Applies AI to Constant Battle Against Ransomware, Malware (eWEEK) Comodo Advanced Endpoint Protection provides an enterprise endpoint security platform that uses artificial intelligence to ferret out ransomware and other types of malware hidden in application and data files.
Ixia to deliver visibility into subscriber traffic for mobile operators (Financial News) Ixia, a provider of network testing, visibility, and security solutions, has extended the capabilities of CloudLens...
Merck KGaA, Darmstadt, Germany, Selects illusive networks' Deceptions Everywhere Cybersecurity (PRNewswire) illusive networks, the leader in Deceptions Everywhere®...
Deloitte, LogRhythm to advance cyber security solutions (ITP.net) Deloitte has chosen LogRhythm's Threat Lifecycle Management technology to support its cyber security offerings .
PerimiterX Looks Beyond the WAF to Protect the Web Against Bots (eSecurity Planet) There was a brief period of time when defending a web server application simply required a Web Application Firewall (WAF).
Kaspersky Lab, Injazat sign MoU (Arabian Industry) The two companies to extend cooperation in cybersecurity
Qualys Container Security: Discover, track, and secure containers (Help Net Security) Qualys Container Security performs inventory and real-time tracking of changes to containers deployed across on-premises and elastic cloud environments.
FairWarning Launches Onsite North Carolina User Group (PR Newswire) FairWarning is proud to announce an additional customer program for its growing number of North Carolina based health systems.
Technologies, Techniques, and Standards
Computer printers have been quietly embedding tracking codes in documents for decades (Quartz) Imperceptible yellow dots identifying the specific device and time of printing are used by governments to track who printed documents.
OCR Issues a Cyberattack Response 'Checklist' (GovInfo Security) HHS has issued a checklist and other materials to aid healthcare organizations and their vendors in their “quick response” to cyberattacks. The move comes as
Lessons from TV5Monde 2015 Hack (Comae Technologies) Watch-out for compromised third party accounts and bad Active Directory configuration.
CEOs' risky behaviors compromise security (CSO Online) If shadow IT is a problem with business decision makers, that may be a sign your senior security person isn't engaged at a high enough level.
IoT Security: Are Universities’ DNS and DHCP Ready for the Challenge? (EfficientIP) Read about the network challenges higher education institutions face due to the Internet of Things, plus a preparedness checklist to follow to handle the IoT wave.
Building a strong cybersecurity program for the long haul - Help Net Security (Help Net Security) Is it possible to reduce the impact of an event like WannaCry? With a good security program in place companies can weather an attack like WannaCry.
Design and Innovation
Google Releases reCAPTCHA API for Android (Threatpost) Google has released a reCAPTCHA API for Android, a first for the mobile applications.
Apple Is Trying To Make Your iMessages Even More Private (Motherboard) Apple wants to make its cloud as secure and private as its devices, starting with iMessage.
Researcher Wants to Protect Whistleblowers Against Hidden Printer Dots (BleepingComputer) Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers.
The Economics of Software Security: What Car Makers Can Teach Enterprises (Dark Reading) Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
Apple's Don't Disturb While Driving Mode is a Blunt Answer to a Nuanced Problem (WIRED) Apple announced a bunch of whizz-bang thingamabobs at its Worldwide Developers Conference this week—a new iPad, the Homepod, smart security upgrades
The Paranoid Style of American Architecture (CityLab) From the mirrored fortress of the National Security Agency headquarters to the new U.S. Embassy in London, the built environment of the security state reflects our national anxieties.
Ai WeiWei Gets Artsy-Fartsy About Surveillance (WIRED) Walk down the street in New York City and your likeness will be captured on camera dozens of times.
Research and Development
New Math Untangles the Mysterious Nature of Causality (WIRED) In his 1890 opus, The Principles of Psychology, William James invoked Romeo and Juliet to illustrate what makes conscious beings so different from the particles that make them up.
Academia
Ivy Tech Honored For Cyber Security 'Excellence' (Inside Indiana Business) Ivy Tech Community College has secured a key federal designation. The National Security Agency and the U.S. Department of Homeland Security have named it a National Center of Academic Excellence in...
Texas A&M receives award during annual cybersecurity summit (The Eagle) Texas A&M University is quickly establishing itself as one of the country's leading academic centers for cybersecurity as the subject continues to permeate a broader scope both nationally and internationally.
Legislation, Policy and Regulation
Ukraine parliament restores NATO membership as strategic target (Defense News) The Ukrainian parliament has voted to restore NATO membership as the country’s strategic foreign policy objective.
Here’s how Ukraine is a laboratory for both Russia and the US (C4ISRNET) The U.S. is learning from Russia and Russian-supported forces in Ukraine.
Trump publicly commits to NATO mutual-defense provision (POLITICO) Trump has been critical of NATO since his presidential campaign.
Gibraltar develops national cyber security strategy (Gibraltar Chronicle) The Gibraltar Contingency Council is working on developing a national cyber security strategy for the Rock, in a bid to build community-wide awareness of online threats.
Cabinet targets platform for information security (Taipei Times) The Cabinet plans to establish a shared platform for coordination on information-security efforts aimed at operators of the nation’s critical infrastructure, a source said yesterday.
Fort a growing center of military intelligence (Augusta Chronicle) The facility where accused classified document leaker Reality Winner worked is the nerve center for the growing intelligence and cyberwarfare operations based at Fort Gordon.
Where does the cyber security buck stop? (Help Net Security) Governments should fine-tune laws to criminalize specific cyber attacks and create regulations that incentivize businesses to secure their products.
Keep Calm and Comply: One Year and Counting Until GDPR (Infosecurity Magazine) Practical tips from the experts on how to get in shape ahead of GDPR
20 Million Reasons for C-Suite to pay Attention to Data Loss (Infosecurity Magazine) Fines of up to €20 million for breaches of personal data will be enabled by GDPR which comes into force on 25 May 2018.
What is 'personal data'? IT leaders debate the GDPR definition (Computing) The GDPR's definition of 'personal data' is so broad that it is causing concern across the IT industry.
Litigation, Investigation, and Enforcement
French Police Seize Two Tor Relays in WannaCry Investigation (BleepingComputer) Two days after the WannaCry ransomware outbreak wreaked havoc across the world, French police seized a server running two Tor relays belonging to French activist Aeris...
Syrian Accused of Working for ISIS News Agency Is Arrested in Germany (New York Times) The 23-year-old man, identified only as Mohammed G., is believed to have been a conduit between terrorists and the Islamic State’s Amaq news agency.
Festnahme eines mutmaßlichen Mitglieds der ausländischen terroristischen Vereinigung „Islamischer Staat“ (IS) (Generalbundesanwalt) Die Bundesanwaltschaft hat gestern (7. Juni 2017) aufgrund eines Haftbefehls des Ermittlungsrichters des Bundesgerichtshofs vom 24. Mai 2017
London Bridge attack: eight minutes that shot down Britain’s strategy on terror (Times (London)) As units of armed police swarmed through the alleys of Borough Market in the aftermath of last weekend’s terrorist attack at London Bridge, officers arrived at the locked doors of Southwark...
A grim pattern in European attacks: Missed chances to pinpoint terrorism suspects beforehand (Los Angeles Times) European nations have built massive watch lists of potential terrorists. But the lists are so extensive it is often unclear who poses the most serious threats, and thus merits close surveillance.
Tech firms could do more to help stop the jihadists (The Economist) But legal restrictions must be proportionate and thought through
Can U.S. Spies Reinvent Themselves After the Russia Hacks? (The Daily Beast) The first step in taking corrective action is to admit that the Russians were successful in interfering in the 2016 election.
Reality Leigh Winner’s trial won’t come soon (Augusta Chronicle) Reality Leigh Winner’s trial on an allegation that she leaked a National Security Agency’s classified document won’t be anytime soon.
Editorial: Reality Winner's arrest is a first step to rebuilding trust (Richmond Times-Dispatch) We applaud the arrest of Reality Leigh Winner, a federal contractor who leaked classified NSA documents about Russian efforts to hack the 2016 election.
Ron Martz: US has too many secrets, too many with access to them (Gainsville Times) The arrest last Monday in Augusta of 25-year-old Reality Leigh Winner for allegedly passing top-secret government documents to an online news site says as much ...
NSA leak affords privacy reminder (Northwest Arkansas Democrat-Gazette) It took just days for authorities to arrest and charge a federal contractor with leaking classified intelligence to the media.
Why Trump Wins (Wall Street Journal) Will Robert Mueller investigate intelligence agencies for playing in domestic politics?
Full text: James Comey testimony transcript on Trump and Russia (POLITICO) A transcript of Comey's testimony before the Senate Intelligence Committee.
Alan Dershowitz: History, precedent and James Comey's opening statement show that Trump did not obstruct justice (Washington Examiner) Comey's statement may provide ammunition to Trump opponents, but unless they are willing to stretch his words, and unless they are prepared...
After Comey Testifies, One Scandal Gets Smaller, Another Gets Bigger (National Review) There is much to unpack in former FBI director James Comey’s almost three hours of live testimony today, but my summary is rather simple.
‘Total and Complete Vindication’? No Way. (Foreign Policy) There are reams of evidence pointing toward Trump's collusion and obstruction — and we don’t even know what James Comey said in closed session.
Did James Comey's Leaks Violate The FBI Employment Agreement? (The Federalist) Former FBI director James Comey's decision to leak FBI documents to a friend may have violated the FBI's employment agreement regarding unauthorized leaks.
A Shining Comey on a Hill (Foreign Policy) Can the former FBI director lead us back to our better selves?
A Pro-Trump Conspiracy Theorist, a False Tweet and a Runaway Story (New York Times) The journey of one tweet shows how misinformed, distorted and false stories are gaining traction far beyond the fringes of the internet.
OPINION: The damaging case against James Comey (TheHill) OPINION | President Trump was able to bait the former FBI director into diminishing his own credibility.
Sessions getting sucked further into Trump’s Russia mess (POLITICO) The attorney general is set to appear before his former colleagues after Comey hinted at more ‘problematic’ issues with Sessions and Russia.
Republicans urge Trump on tapes; Sessions to testify Tuesday (Military Times) Fellow Republicans pressed President Donald Trump on Sunday to come clean about whether he has tapes of private conversations with former FBI Director James Comey and provide them to Congress if he does...
Homeland Security Secretary Defends Plan for Russia Back Channel (Apps for PC Daily) Lindsey Graham (R-SC), are questioning the veracity of the articles, first reported by the Washington Post Friday, others, like Department of Homeland Security Secretary John Kelly, are making the remarkable case that Trump's son-in-law secretly communicating with the Kremlin would be a "good thing".
NSA backtracks on sharing number of Americans caught in warrant-less spying (Reuters) For more than a year, U.S. intelligence officials reassured lawmakers they were working to calculate and reveal roughly how many Americans have their digital communications vacuumed up under a warrant-less surveillance law intended to target foreigners overseas.
Congress Getting Pissed Off Over Failure Of Intel Community To Reveal How Many Americans Are Being Spied On (Techdirt.) As we've pointed out for many, many years, Senator Ron Wyden has been banging the drum, asking the Director of National Intelligence to reveal how many Americans are having their communications swept up under Section 702 of the FISA Act.
EFF Sues DOJ Over National Security Letter Disclosure Rules (Threatpost) The Electronic Frontier Foundation sued the United States Department of Justice demanding to know whether the agency is complying with rules that mandate a periodic review of National Security Lett…
Former Official: Obama Admin 'Systematically Disbanded' Units Investigating Iran's Terrorism Financing Networks (Washington Free Beacon) The Obama administration "systematically disbanded" investigative units focused on disrupting terrorism networks out of concern over friction with Iran.
Chinese Cops Cuff Suspects in Apple Insider Scam (Infosecurity Magazine) Chinese Cops Cuff Suspects in Apple Insider Scam. The £6m ring sold personal data from iOS customers
Supreme Court to rule on warrants for cellphone location data (Naked Security) Should you be surprised if location data is used as evidence against you? Should police need a warrant for it? It’s time for some overdue clarity
Legal Privilege for Data Security Incident Investigation Reports (Lexology) Data security incident response activities usually involve the creation of sensitive communications and documents that might be subject to legal…
Industry Events
newly Noted Events
Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.
ManuSec USA (Chicago, Illinois, USA, October 11 - 12, 2017) This series will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines.
upcoming Events
21st Colloquium, Cyber Security Education Innovation for the 21st Century (Las Vegas, Nevada, USA, June 12 - 14, 2017) The Colloquium for Information Systems Security Education (CISSE) provides a forum for dialogue among academia, industry and government. Protection of the information and infrastructure used to create, store, process, and communicate information is vital to business continuity and security. CISSE supports cyber security educators, researchers and practitioners in their efforts to improve curricula and foster discussion of current and emerging trends, working to define education requirements and encourage development of information security curricula and courseware.
ETSI Security Week 2017 (Sophia Antipolis, France, June 12 - 16, 2017) This year's event will address key cybersecurity standardization challenges in the short, medium and longer term. The event will look at the different aspects of cybersecurity underpinning our digital world. The cybersecurity community will come together at ETSI to network and exchange on the state of standardization for cybersecurity.
Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) Cybertech Fairfax will provide attendees with a unique opportunity to learn about the latest innovations and solutions from the cyber community. It will serve as an incredible B2B platform with a strong focus on networking, strengthening existing alliances and forming new ones. Get acquainted with the products and people leading the industry and creating new technological solutions to tackle today’s cyber challenges.
Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber threat, and strategies and solutions that meet the diverse challenges for a wide range of sectors including finance, transportation, utilities, defense, communication and government, to protect operations, infrastructure and people.
LegalSec Summit 2017 (Arlington, Virginia, USA, June 13 - 14, 2017) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The target audience for ILTA’s LegalSEC Summit is legal technology professionals at every level and general counsel who touch legal security in their law firm or law department and want to learn more and connect with peers. Organized by the International Legal Technology Association.
AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, June 13 - 15, 2017) Cyber operations are a challenging mission for the U.S. Defense Department and government community that builds, operates and defends networks. Cyber leaders and warriors must continually evolve to adapt to future innovations and develop and leverage cutting-edge tools and technologies. AFCEA’s Defensive Cyber Operations Symposium provides an ethical forum where government and industry will focus on “Connect and Protect.” Participants will discuss requirements and solutions to ensure that the networks within DoD are adaptive, resilient and effective across a range of uses and against diverse threats. Speakers will include leaders in the Defense Information Systems Agency, Joint Force Headquarters-DoD Information Network and DoD Chief Information Office.
Global Cybersecurity Summit 2017 (Kiev, Ukraine, June 14 - 15, 2017) During the two-day summit, participants will be exposed to cybersecurity best practices, cutting-edge advancements, and emerging innovations in defensive security across a series of categories, including policy and government, Internet of Things (IoT), industrial controls, and more.
Inside Job 2: Improving Cybersecurity by Improving Cyber Hygiene (Arlington, Virginia, USA, June 15, 2017) This symposium brings together a diverse group of talented cyber professionals from government, private sector, and academia to talk about Cyber Hygiene. Most cyber breaches are due to human error so, we focus on innovative ways to improve the people, process, and protocols within organizations to help strengthen cybersecurity efforts. We will also, speak about ways in which we can better utilize our veterans to help protect our data.
Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.
Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format, welcomes Norwich alumni and their guests interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level. Register today to reserve your space at the summit.
Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.
SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest cyber-attacks. Now is the time to enhance your skills and further your career.
Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps and is held every two years. It draws several thousand attendees and is designed to support the objectives of the Naval S&T Strategy. An updated version of the strategy will be unveiled at the event. It also will showcase some of the Navy’s and Marine Corp’s latest technologies and bring together the brightest minds from around the world to share information; discuss research opportunities; and build partnerships between the Navy, Marine Corps, industry and academia.
Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.
Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling the effects. At the Global Insider Threat Summit, we'll discuss why the changing tech landscape means adapting a new approach to cybersecurity -- and why user behavior is the starting point.
Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.
Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes distinguished speakers from all corners of the world, representing a rich consortium of thought leaders who are advancing cybersecurity in various sectors. Learn first-hand from top government officials, industry leaders, and researchers during the Main Plenary at Cyber Week with access to the most recent updates and predictions.
O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.
SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.
2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.
Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.
East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.
Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.