The CyberWire Daily Briefing 6.14.17

Summary

By The CyberWire Staff

Information operations continue to figure prominently in terrorist groups' use of the Internet, which is why disruptive cyberattacks by states belonging to the civilized world have such difficulty countering them. Another trend in terrorists' use of cyberspace is emerging in financing: cryptocurrencies are beginning to assume a more important role in bankrolling their operations.

Bloomberg reports that Russian probes of US electoral processes seem to have been more extensive than feared. Cozy and Fancy Bear between them may have prospected systems in as many as thirty-nine states, and they're expected to be back. The probes seemed to involve reconnaissance, but also attempts at voter registration data manipulation.

With respect to influence operations, Trend Micro is warning that fake-news-as-a-service is now available in online black markets. It's pricey, but payoff could be high—one service available for $400,000 offers election manipulation. How effective such services may be is so far anyone's guess.

Microsoft issued ninety-six patches yesterday, and in an unusual move reached back to fix WannaCry-related issues in the beyond-end-of-life Windows XP. Also unusual is Redmond's warning to expect exploitation by state-sponsored threat actors. Adobe pushed fixes for Shockwave and Flash.

In industry news, Verizon's Yahoo! acquisition has finally closed. Prevalent has bought Datum Security, and both Delta Risk and Trusona announce new funding rounds.

China's Communist Party is pushing that country's information regulation bodies to establish tighter control over the Internet.

The CrashOverride threat to electrical grids may be greater than at first thought. The story is developing rapidly.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Israel, Democratic Peoples Republic of Korea, Latvia, Russia, Ukraine, United Kingdom, and United States.

On the Podcast

In today's podcast, we hear from our partners at Accenture, as Justin Harvey discusses security automation and orchestration. Our guest is Robert M. Lee from Dragos, who takes us through their report on the CrashOverride malware and the threat it poses to the power grid. Not normally an alarmist, Lee is sounding an alarm on this one.

Sponsored Events

UMBC Cybersecurity Graduate Program Open House (Catonsville, Maryland, USA, June 21, 2017) Whether you’re changing careers or want to move into management, UMBC’s Cybersecurity graduate programs can get you where you want to be. Join us to learn how on 6/21.

The Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

CyberSecurity International Symposium (Chicago, Illinois, USA, July 10 - 11, 2017) Network with leading cybersecurity professionals, innovators, CIOs and regulators who are on the front lines of securing critical business and infrastructure networks. This in-depth Symposium examines the latest technologies, best practices, and lessons learned in achieving end-to-end network security for organizations of all varieties.

Selected Reading

Dateline

A Global View from a Local Window (The CyberWire) CyberTech, in partnership with the Fairfax County (Virginia) Economic Development Authority, met Tuesday, June 13th at Capital One headquarters in Tysons Corner, Virginia, to discuss "changing the global cyber landscape." Speakers from various sectors (financial services, transportation, utilities, aerospace and defense, communications, law, and government) covered trends, emerging technologies, and continuing challenges in cyber security. The conference featured significant international participation, with practitioners from Germany, the Netherlands, and, especially, Israel represented.

Fake news and free speech: a different look. (The CyberWire) Michael Chertoff, former US Secretary of Homeland Security, delivered the conference's morning keynote. He offered a general look at trends and challenges in cybersecurity, and in particular the value of framing cybersecurity in terms of analogies drawn from biological immunity. He also addressed the challenge of "fake news."

Former DHS Secretary Chertoff: 'Is Your Company Cyber-Immunized?' (In Homeland Security) Cyber-immunized? Michael Chertoff advises leaders to take a risk management and immunization approach for effective systems security and cyber security.

Innovation and technology transition. (The CyberWire) Representatives of government and industry shared their perspectives on how innovation might be fostered for both public goods and economic development.

Compliance, cooperation, standards of care, and cybersecurity momentum. (The CyberWire) The conference's morning CISO panel expressed clear consensus on the value of cooperation and collaboration in cybersecurity, even among businesses that in the ordinary course of things compete. The CISOs agreed that cybersecurity shouldn't be a competitive differentiator.

Cyber Attacks, Threats, and Vulnerabilities

US cyber weapons disappoint against ISIS (Fifth Domain | Cyber) Cyber Command's fight against ISIS has proven to be much more difficult than previous operations.

Terror Finance in the Age of Bitcoin (The Cipher Brief) Terrorists’ tactics evolve with the times. Just as we have seen an adaption of terrorist methods for sowing fear and distrust, so, too, we have seen their propaganda machines evolve to inspire audiences globally. Gone are the days of printed manifestos, pamphlets, or fuzzy VHS tapes.

Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known (Bloomberg) Attackers said to take measure of voting systems, databases. A ‘red phone’ warning to the Kremlin from Obama White House.

Russia's cyber attack on 39 states could jeopardize future US elections (CNBC) Russia's cyberattack on the U.S. electoral system was much more widespread than people realize, Bloomberg reports.

InfoSec 2017: What are Fancy Bears and why it matters, even for SMEs (SC Media UK) SC spoke to Adam Meyers, VP of intelligence at Crowdstrike at this year's InfoSec Europe 2017 about attribution and why it could be useful even for smaller businesses.

Fake-News Services Make Propaganda Distribution Point-and-Click (eWEEK) The emergence of online fake news distribution services prompted security firm Trend Micro to issue a report on June 13 that explains how they work and suggests counter measures.

Here's how much it costs to buy 'fake news' online (WIRED UK) The 'public opinion cycle' can be manipulated if you've got enough money

ESET detects Industroyer, biggest threat to industrial control systems since Stuxnet (aptantech) The 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour was caused by a cyberattack. ESET researchers have since analyzed samples of…

Is Industroyer the biggest security threat to critical infrastructure since Stuxnet? (Computing) Industroyer malware trialed in attack on Ukrainian power grid in 2016.

Five cybersecurity experts about CrashOverride malware: main dangers and lessons for IIoT (IIoT World) As reported by ESET and Dragos, the CrashOverride malware is an extensible platform that could be used to target critical infrastructure sectors.

Kaspersky Lab Recommends Industries to Audit Security (Sputnik) Kaspersky Lab IT company has called on industrial companies to conduct security audit and increase the level of security following reports of new malware dubbed CrashOverride, which can reportedly disrupt energy systems, the company’s representative told Sputnik on Tuesday.

N. Korean cyber attacks targeting “critical infrastructure”, finance: U.S. (North Korea News) The U.S. government on Tuesday warned that a North Korean cyber attack group is targeting "media, aerospace, financial, and critical infrastructure sectors", in a rare alert issued by the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS). The North Korean-linked group is referred to by the U.S. government as "Hidden Cobra", and has been involved in malicious activities since 2009 to "advance their government’s military and strategic objectives", the report says. The FBI and DHS said they had identified several IP addresses associated with the distribution of a malware variant known as Delta Charlie, a distributed denial-of-service (DDoS) bot, and that “Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims” since 2009. “Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature,” the joint Technical Alert (TA) said. While the report said that Novetta, a security

Threat Spotlight: Breaking Down FF-Rat Malware (Cylance) FF-RAT is an effective, proxy-aware RAT that has been in use for at least the last five years. It has been observed being used in targeted attacks against many industries, including government, aerospace, gaming, IT, and telecommunications.

Peter Cochrane: WannaCry? I wanna understand what's going on (Computing) Peter Cochrane examines the common problem between the WannaCry outbreak, the BA breakdown and the NSA malware tools leakage

HHS center for cyber threat sharing helped lead response to malware attack (Health Data Management) The Health Cybersecurity and Communications Integration Center was an integral part of the agency’s coordinated response to the recent WannaCry ransomware attack.

WiMax routers from Huawei, ZyXEL and ZTE are vulnerable to authentication bypass attacks | V3 (V3) Access all areas for users of legacy WiMax routers from Huawei, ZTE and ZyXEL,Security ,Hacking,Huawei,security,computer security,ZTE,SEC Consult

When sysadmins attack: how to delete an entire company (Naked Security) Nothing can stand in the way of malice and incompetence

A behind-the-scenes look at how cybercriminals carry out attacks inside enterprise networks (Vectra Networks) Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.

Hackers Can Spoof Phone Numbers, Track Users via 4G VoLTE Mobile Technology (BleepingComputer) A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries.

The race for N-days: Why millions of us are still vulnerable to known exploits (ZDNet) Here's why known bugs can still cause chaos in the mobile ecosystem.

Questions and answers on the Cowboy's Casino cyber attack (CBC News) Customers and staff of Cowboy's Casino in Calgary who have had their personal information leaked online probably have a lot of questions. David Gerhard, a computer science professor at the University of Regina, sheds some light.

Security Patches, Mitigations, and Software Updates

Microsoft, Adobe Ship Critical Fixes (KrebsOnSecurity) Microsoft today released security updates to fix almost a hundred flaws in its various Windows operating systems and related software.

Microsoft Patches 96 Security Vulnerabilties in June Patch Update (eWEEK) Patch Tuesday update takes the unusual step of releasing security patches for the unsupported Windows XP operating system.

Microsoft rushes out patch for Windows XP to prevent another WannaCry attack via a Shadow Brokers release (Computing) 'INCOMING!' warns Microsoft as it issues new critical patch for Windows XP.

Microsoft releases new Windows XP security patches, warns of state-sponsored cyberattacks (The Verge) Microsoft issued a "highly unusual" patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the...

Cyber Trends

Flashpoint - Business Risk Intelligence Decision Report: 2017 Mid-Year Update (Flashpoint) This mid-year update to our Business Risk Intelligence Decision Report examines trends in the cyber and geopolitical landscape from the first half of 2017.

New Ponemon Study Finds Traditional Endpoint Security Approaches Are Ineffective, Costing the Average Enterprise $6 Million+ Per Year (Absolute) With the cost and complexity of endpoint security at an all-time high, Ponemon’s research reveals 63 percent of enterprises cannot monitor at-risk, dark endpoints, leaving more than 50 percent of endpoints vulnerable to a costly data breach

Veracode AppSec and DevOps Trends Report (Veracode) The increase of major cyber-attacks in the last few years has demonstrated to developers that no organization or application is immune. Veracode commissioned Enterprise Strategy Group (ESG) to conduct a survey of 400 IT, cybersecurity, and developer professionals to evaluate the benefits of AppSec for contemporary software development and deployment.

Wombat Study Reveals Personal Security Habits of 2,000 US, UK Workers (PRNewswire) Wombat Security Technologies (Wombat), the leading provider of cyber...

Just 26% of Organizations are Ready to Handle IT Risks, Reveals Netwrix Survey (Netwrix) Organizations are moving toward a more comprehensive approach to cyber risk management, but most still lack visibility into user activity and manipulations of their sensitive data.

Research: Legacy systems the biggest challenge in digital transformation (Computing) New research from Computing reveals that IT leaders are most concerned with integrating legacy applications into new digital initiatives, with cultural change coming a close second.

'BYOD has given way to the IoT' says ForeScout (Computing) CEO Mike DeCesare says that old methods of protecting cyber assets are not relevant in a connected world.

IoT Pose A Threat To Anything And Everyone Connected (ITSP Magazine) Loosely defined, the Internet of Things (IoT) refers to the general idea of things that are readable, recognizable, locatable, addressable, and/or controllable via the Internet. It encompasses devices, sensors, people, data, and machines.

Cyber Innovation Is Elementary (SIGNAL Magazine) Cyber is one domain that could benefit from lessons taught in kindergarten.

Marketplace

Yahoo sale to Verizon finally completed after 323 days and revelations over major security breaches | V3 (V3) 2,000+ pink slips being prepped by Verizon for Yahoo staff

Instant Analysis: Microsoft Confirms Hexadite Acquisition (Madison.com) What happened?

Prevalent Acquires Datum Security for SMB Third-Party Risk Management Platform (Marketwired) Acquisition of Datum Security solution helps close dangerous gap in SMB third-party risk exposure

Delta Risk LLC Completes Growth Capital Financing to Support Strategic Growth and Expansion (PRNewswire) Delta Risk LLC, a global provider of cyber security and risk management...

GSA Awards Delta Risk LLC All Four Cyber Security Services SINS to Contract with U.S. Government Agencies (PRNewswire) Delta Risk LLC, a global provider of cyber security and risk management...

Trusona snaps up $10 mln Series B from Microsoft Ventures and KPCB (PE Hub) Trusona, a Scottsdale, Arizona-based identity and authentication platform, has secured $10 million in Series B funding. Microsoft Ventures led the round with participation from existing backer Kleiner Perkins Caufield & Byers.

Why Proofpoint Keeps Shaking FireEye (Seeking Alpha) FireEye is sleeping on a cash cow hidden in its EX series of email security solutions. Sustainable double-digit growth in cloud security will provide the needed

2 Cybersecurity Stocks I'd Never Buy, and 1 I'll Consider (The Motley Fool) Investors should avoid Palo Alto Networks and FireEye, but Check Point deserves a closer look.

Raytheon to showcase cyberwarfare at Paris Air Show (New Atlas) Raytheon will use the 2017 Paris Air Show to showcase the technologies it is developing to provide defenses and countermeasures in the new battleground of cyberspace.

Inside Symantec’s bid to build the Amazon of cybersecurity tools (CIO) Symantec CIO Sheila Jordan is orchestrating a major shift toward one-stop cloud subscription services on the back of the company’s recent Blue Coat and LifeLock acquisitions.

Net Neutrality should not apply to content delivery networks: Akamai's McConnell (ETtech.com) Rick McConnell talks about their security play, why net neutrality should not apply to CDN players, how they re-skill people and accelerating mobile l..

Alert Logic Top Cited Cloud Infrastructure Security Vendor for Second Year (GlobeNewswire News Room) IT Decision Makers Give Alert Logic Top Rankings in New 451 Research Information Security Report

Telstra flags 1400 job cuts (CRN Australia) Staff will be informed today.

CRN Exclusive: Optiv Security Adds Former SecureWorks, D&H, Symantec Execs To Lead Strategic Business Areas (CRN) Optiv Security has added former Symantec exec Anirban Chakravartti, former SecureWorks CISO Doug Steelman, and former D&H CISO Michael Lines as it focuses on key business areas, including managed services and risk and compliance.

Exabeam Adds Former FireEye EVP Tony Kolish to Executive Team (Marketwired) 25-year leading industry veteran will drive Exabeam's services offerings globally

Cylance Loses Worldwide Head Of Sales To Endpoint Competitor SentinelOne (CRN) SentinelOne has landed one of its competitor's top executives, luring away Cylance head of worldwide sales Nicholas Warner as its new chief revenue officer.

Cavirin Establishes Security Advisory Board with Industry Luminaries (BusinessWIre) Cavirin Systems, Inc., offering continuous security assessment and remediation for hybrid clouds, announced a security advisory board.

Products, Services, and Solutions

tCell Production Deployments Yield New Insights About Application Risks and Attacks (Marketwired) Self-defending cloud applications gain traction and new features

Guidance Software Incorporates Webroot Threat Intelligence into EnCase Endpoint Security (BusinessWire) Guidance Software will provide Webroot threat intelligence to Guidance customers via a direct integration with EnCase Endpoint Security

DSM Announces New Features to Its DRaaS Solution (PRNewswire) DSM Technology Consultants, a leading Managed Cloud provider and Zerto...

Gemalto Simplifies and Secures Access to Cloud Applications with New Access Management Service (Gemalto) SafeNet Trusted Access helps companies mitigate risk with integrated single sign-on, multi-factor authentication and risk-based analytics

Rohde & Schwarz Cybersecurity and Arkessa launch solution for IoT connectivity and security (Rohde & Schwarz) The multi-level IoT platform solution provides full visibility and control of enterprises’ IoT operations with secure, backdoor-free, globally managed IP connectivity.

Palo Alto Networks Expands Security Platform With New Application Framework, GlobalProtect Offerings (CRN) Palo Alto Networks is adding to its security platform with the launch of a new Application Framework and Global Protect cloud services, the company announced Tuesday at its Ignite 2017 event in Vancouver.

ERPScan Announces Threat Map to Simplify Protection of SAP Systems at the Gartner Security & Risk Management Summit (PRNewswire) ERPScan announced updates to its flagship product for securing...

Spirent's CyberFlood Release Extends Security Coverage, Including WannaCry, IoT, Industrial Controls and DDoS Attacks (BusinessWire) The latest version of CyberFlood features the industry’s first means to validate exposure to WannaCry ransomware, plus stronger fuzzing capabili

BitSight and Telefónica Deliver Enhanced Visibility into Supply Chain Risk with Continuous Monitoring (IT Briefing) BitSight, the Standard in Security Ratings and ElevenPaths, Telefónica Cybersecurity Unit specializing in the development of innovative security solutions, today announced a new alliance that will enhance visibility into supply chain risk for Telefónica customers worldwide.

Whitewood Showcases Entropy-as-a-Service for Windows (Cloud Computing) The cloud-based service delivers pure quantum entropy – the foundation of randomness – to generate truly random numbers for creating cryptographic keys that are impossible to guess.

Sonus Redefines Enterprise Communications Security (PRNewswire) Sonus introduces an initiative...

Proofpoint Wins Best Fraud Prevention with Email Fraud Defense and Best SME Solution for Proofpoint Essentials at SC Awards Europe 2017 - NASDAQ.com (NASDAQ.com) Cybersecurity leader recognised for email fraud prevention and its SME solution, Proofpoint Essentials

IBM Extends Cloud Identity-as-a-Service to Hybrid Cloud Environments (eWEEK) New Cloud Identity Connect services aim to make it easier for organizations to connect identities both on-premises and in the cloud.

Leidos Cyber Launches MDR for Early Detect & Proactive IR (Learn More) - American Security Today (American Security Today) Leidos Cyber, has unveiled it’s Managed Detection and Response (MDR) service that goes beyond traditional Managed Security Service Providers (MSSP) or Incident Response (IR) services. MDR is a continuous, end-to-end service that detects malicious threats earlier, provides comprehensive analysis of intrusions, and delivers immediately actionable guidance for future prevention based on intelligence gained. Every breach starts with …

BT, Intercede and Imagination collaborate on IoT security (Totaltelecom) Global technology company Imagination and digital identity and credentials expert Intercede are showcasing a solution for enhanced Internet of Things (IoT) security at BT’s bi-annual Innovation 2017 event today.

Intercede launches projects with VMWare, Imagination (BOLSAMANIA) Digital identity, credential management and secure mobility specialist Intercede announced on Tuesday that it was collaborating with VMWare and Imagination on two “separate, significant” projects utilising Intercede's MyID and MyTAM software.

Intercede introduces cloud-based strong credentials enterprise service MyIDaaS (Bankless Times) Digital identity and credentials company Intercede has released its new, cloud-based “strong credentials” enterprise service. MyID as a Service (MyIDaaS) replaces passwords with …

Technologies, Techniques, and Standards

Facing limits of remote hacking, Army cybers up the battlefield (Ars Technica) Army prepares for a less friendly electronic battlespace, embeds cyber in units.

Making Beat Cops Out of Cyber Warriors (SIGNAL Magazine) In cyber, the U.S. Defense Department might have its SWAT team, but it is missing the beat cop.

How the channel is preparing for the data breach notification scheme (CRN Australia) Sententia, Diversus Group and Geek explain how they will help customers.

Is agile cloud DevOps feasible for hypersecure .GOVs? (SiliconANGLE) Is agile cloud DevOps feasible for hypersecure .GOVs? - SiliconANGLE

App Security: Breaking Bad Habits (BankInfo Security) Bad security habits of consumers whose use of apps is skyrocketing is leading to increased risks for businesses as they ramp up their use of apps as well, says Neil

Former NSA Security Architect Fills in Encryption Gaps (Meritalk) Citizens shouldn’t rely only on the law to protect their data, according to Will Ackerly, co-founder and chief technology officer at Virtru and former cloud security architect at the National Security Agency.

Design and Innovation

Hacking a heart pacemaker isn't science fiction. See what experts are doing to prevent it (Arizona Central) More than 100 medical professionals and cybersecurity experts gathered in Phoenix to talk about protecting medical equipment and records from hackers.

Research and Development

Scientists will end delays at passport control with biometric border scanner (Times (London)) It is a tedious indignity of modern air travel but the bleary-eyed wait at passport control could soon become a thing of the past. A British company has been commissioned by one of the world’s...

Quantum Cryptography Reaches A New Milestone In Quantum Secure Direct Communication (Science Times) Quantum cryptography has reached another milestone with the success of storing and controlling data in quantum memory. Physicists from University of Science and Technology of China and Nanjing University of Posts and Telecommunications has been able to optimize the Quantum Secure Direct Communication (QSDC) protocol

Ethics And Artificial Intelligence With IBM Watson's Rob High (Forbes) Artificial intelligence seems to be popping up everywhere, and it has the potential to change nearly everything we know about data and the customer experience. However, it also brings up new issues regarding ethics and privacy.

Academia

Carnegie Mellon University names cybersecurity center director (TribLIVE.com) Carnegie Mellon University's cybersecurity rapid response team has its second new director since February, the school announced Tuesday. Roberta G. 'Bobbie' Stempfley will take over ...

Legislation, Policy and Regulation

China’s internet watchdog rebuked for ‘lax’ control over cyberspace (South China Morning Post) Discipline inspectors say the Cyberspace Administration failed to swiftly enforce Xi Jinping’s policies to further tighten control of cyberspace on the mainland

Microsoft’s radical idea for dishing out cyberblame (Naked Security) Microsoft’s strategy for containing global cyberattacks is so crazy it just might work. Or is it just plain crazy?

Security Vs Privacy: EU to Let Cops Hop Across Borders for Data (Sputnik) The EU is planning to work out a mechanism which will allow law enforcement bodies to receive evidence directly from tech companies, such as Facebook or Google, even when stored in another European country. This has sounded alarm bells, as many see it as a threat to privacy. Sputnik discussed the issue with Nigel Hawthorne from Skyhigh Networks.

US, Europe seek measures to avert expanded airline laptop ban (The Financial Express) The US Department of Homeland Security will meet European officials this week to discuss new security measures that could prevent the U.S. government expanding a ban on laptops beyond flights from ten airports primarily in the Middle East.

Lawmakers voice fears over security of internet devices (TheHill) “Mobile devices are an attack vector that cannot be ignored," said one expert.

Hill Digs Into Innovating with IoT while Protecting Consumers (Cablefax) A pair of House Commerce subcommittee hearings on security in wireless technology and IoT devices offered a glimpse at the issues they’re most worried about.

Litigation, Investigation, and Enforcement

From 'caliph' to fugitive: IS leader Baghdadi's new life on the run (Reuters) Islamic State leader Abu Bakr al-Baghdadi is on the brink of losing the two main centres of his 'caliphate' but even though he is on the run, it may take years to capture or kill him, officials and experts said.

What We Know About Reality Leigh Winner, the Texan Charged Under the Espionage Act (Texas Monthly) The NSA contractor accused of leaking a classified document has South Texas roots.

The Cagey Mr. Comey (Hoover Institution) His own questionable actions might warrant an obstruction of justice charge.

CONFIRMED: Obama Had His Own ‘Back Channel’ To Moscow (The Daily Caller) The Obama administration had a "back channel" to communicate with Russian officials, according to a new report detailing Moscow's efforts to delegitimize the U.S. presidential election results. The

Distributor caught selling Apple customers’ data (Naked Security) Police have uncovered a large network of Apple distributor employees selling iPhone users’ data on the cyberunderground.

Hacker "Sagade" Extradited to the US for Role in Scareware Scheme (BleepingComputer) Peteris Sahurovs, a Latvian hacker known as "Sagade," was extradited to the US and appeared in Minneapolis court today in regards to accusations of running a scareware operation that pocketed the crook and his partners over $2 million.

The U.S. Intelligence Community Can Share Your Personal Information With Other Governments, and We’re Demanding Answers (American Civil Liberties Union) While the ACLU’s focus on foreign intelligence surveillance typically centers on the U.S. government’s National Security Agency, intelligence collection actually operates on a global scale. Our government is just one branch of an international network of intelligence services that coordinate their efforts with virtually no transparency or accountability.

Council fined £100,000 for Heartbleed security failures | TheINQUIRER (Inquirer) Gloucester City Council guilty of serious security oversight,Security ,Hacking,heartbleed

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Global Cybersecurity Summit 2017 (Kiev, Ukraine, June 14 - 15, 2017) During the two-day summit, participants will be exposed to cybersecurity best practices, cutting-edge advancements, and emerging innovations in defensive security across a series of categories, including policy and government, Internet of Things (IoT), industrial controls, and more.

Inside Job 2: Improving Cybersecurity by Improving Cyber Hygiene (Arlington, Virginia, USA, June 15, 2017) This symposium brings together a diverse group of talented cyber professionals from government, private sector, and academia to talk about Cyber Hygiene. Most cyber breaches are due to human error so, we focus on innovative ways to improve the people, process, and protocols within organizations to help strengthen cybersecurity efforts. We will also, speak about ways in which we can better utilize our veterans to help protect our data.

Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format, welcomes Norwich alumni and their guests interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level. Register today to reserve your space at the summit.

Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.

SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest cyber-attacks. Now is the time to enhance your skills and further your career.

Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps and is held every two years. It draws several thousand attendees and is designed to support the objectives of the Naval S&T Strategy. An updated version of the strategy will be unveiled at the event. It also will showcase some of the Navy’s and Marine Corp’s latest technologies and bring together the brightest minds from around the world to share information; discuss research opportunities; and build partnerships between the Navy, Marine Corps, industry and academia.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.

Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling the effects. At the Global Insider Threat Summit, we'll discuss why the changing tech landscape means adapting a new approach to cybersecurity -- and why user behavior is the starting point.

Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes distinguished speakers from all corners of the world, representing a rich consortium of thought leaders who are advancing cybersecurity in various sectors. Learn first-hand from top government officials, industry leaders, and researchers during the Main Plenary at Cyber Week with access to the most recent updates and predictions.

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.

2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

CyberTech Fairfax wrap-up. Terrorist use of info ops, cryptocurrencies. Patch Tuesday updates. Industry notes. CrashOverride is looking like an even bigger threat.