The CyberWire Daily Briefing 6.19.17

Summary

By The CyberWire Staff

As another attribution of WannaCry to North Korean intelligence services appears—the latest was issued Friday by the UK's GCHQ—researchers speculate that a second wave of worms might be released into the wild. They also point to internal evidence that WannaCry itself got out prematurely, that its developers failed to contain it.

News media in India harrumph and point with concern to what they regard as their government's downplaying of the scope of WannaCry infestations in that country.

Google continues to struggle with adware infestations in the Android PlayStore. Sophos over the past week identified forty-seven adware-infected apps that together have been downloaded more than six-million times. The ads continue to appear—triggered from third-party library App/MarsDae-A—even after users attempt to quit the apps. Trend Micro is tracking another third-party ad library, Xavier, which contains about eight-hundred apps (Google has removed somewhat more than seventy of them). Xavier escapes detection and ejection by Google's bouncer by going quiet if it detects sandboxing or emulation.

Researcher Chris Vickery reports finding one-hundred-ninety-eight million US voter records exposed in an unsecured Amazon S3 account. The data, which have since been secured, were left exposed by Deep Root Analytics, a political big data consulting firm that has worked for the most part on behalf of the US Republican Party.

Britain's National Cyber Security Centre declares the UK's recent elections to have been free of Russian influence—specifically, that there were no signs of fraud. Some observers think the Russians just weren't interested.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, France, India, Italy, Democratic Peoples Republic of Korea, Latvia, Lithuania, NATO/OTAN, Netherlands, New Zealand, Nigeria, Qatar, Russia, United Arab Emirates, United Kingdom, and United States.

A few notes to our readers. We'll be in New York this week, covering tomorrow's SINET Innovation Summit. Watch for live-tweets and full coverage over the course of the conference. Later this week we'll also be attending Borderless Cyber USA, which meets Wednesday and Thursday.

And, finally, consider navigating your way over to the CyberWire's Patreon page and check out the content our Patrons (and no one else) has access to.

On the Podcast

In today's podcast, we hear from our partners at Virginia Tech's Hume Center, as Charles Clancy discusses how one might prevent future DDoS attacks like the one that took down Dyn last October.

Sponsored Events

The Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Someone Failed to Contain WannaCry (Threatpost) As reports of the NSA officially connecting WannaCry to North Korea surface, experts are saying developers failed to contain the ransomware before it was ready for deployment.

Pyongyang calling: GCHQ also now pins WannaCry on North Korea (SC Media UK) Not much is known of the investigation by the NCSC into the attack, but experts disagree on the validity of the claims.

North Korea Is Not Crazy (Recorded Future) Understanding North Korean national objectives, state organizations, and military strategy are key to attributing North Korean cyber activity.

Government portal MCA21 came under WannaCry attack (Live Mint) The corporate affairs ministry’s key portal for making filings by companies -- MCA21 -- came under WannaCry ransomware attack last month, affecting certain services

WannaCry did hit India and even central govt portal. So why did Centre downplay the ransomware attack? (India Today) In May 2017, the MCA21 system was subjected to WannaCry ransomware attack. The attack was in the nature of a 'zero day attack' and was first noticed on May 7.

WannaCry Could Return in Stealth Mode: Are Your Endpoints Ready? (Infosecurity Magazine) How might security controls work or fail in future against copycat variations of the WannaCry attack?

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security (Windows Security) On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know as WannaCrypt, which targeted a large number of out-of-date systems and held encrypted files for...

Google Play is fighting an uphill battle against Android adware (Ars Technica) Google hasn’t yet removed all of the apps, which have as many as 6 million downloads.

Google's whack-a-mole with Android adware continues (Help Net Security) Why can't Google put a stop to Google Play adware? The analysis by Trend Micro researchers of a Trojan Android ad library dubbed Xavier tells the story.

The Google Play adware apps that just won’t die (Naked Security) You can ‘force stop’ but the ads will just keep popping back up again

Hundreds of Malicious Android Apps Masked as Anti-virus Software (HackRead) With the recent surge in ransomware attacks, it is no surprise to see that attackers have capitalized on the opportunity and played on people’s fears by of

RNC data analytics firm exposes voting records on 198 million Americans (CSO Online) Researcher Chris Vickery has discovered nearly 200 million voter records in an unsecured Amazon S3 bucket, maintained by Deep Root Analytics (DRA), a Republican big data analytics firm founded in 2013. The data was discovered on June 12, and secured two days later after Vickery reported the incident to federal regulators.

Developer Creates Rootkit That Hides in PHP Server Modules (BleepingComputer) A Dutch web developer has created a rootkit that hides inside a PHP module and can be used to take over web servers via a rarely used attack vector: Apache modules.

Hacker Bypasses Microsoft ATA for Admin Access (Dark Reading) Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month.

Vaping, e-Cigarettes Can Be Used to Hack Computers (Infosecurity Magazine) An e-cigarette could be used to intercept network traffic or control the computer.

Your mouse knows when you are lying (Naked Security) Your mouse may be telling us more about you than you realise.

Keys, tokens and too much trust found in container images (Help Net Security) Do you trust container images? To protect your containers, make sure that your images only have the necessary packages and configurations.

TrickBot Targets PayPal, Salesforce.com (Infosecurity Magazine) In May, there were two global campaigns showing new tactics for the banking trojan.

The Nigerian Spammers From the 90s Have Moved on to Keyloggers and RATs (BleepingComputer) Each day, countless of security researchers are fighting the good fight in an effort to help companies remove malware from infected computers and servers.

Dark web: Hackers selling stolen data from Qatar National Bank and UAE InvestBank (International Business Times UK) Both banks were hacked in 2016 and stolen data of thousands of customers was later leaked online.

FIN10 Threat Actors Hack and Extort Canadian Mining, Casino Industries (Dark Reading) Previously unknown threat actor has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign that dates back to 2013, FireEye says.

Canadian mining companies targeted in "cyber-extortion" scheme (MINING.com) The wealth of mining companies and their highly-paid executives has always made them a perfect target for thieves.

Smartphone security: Can you trust your beloved device? (WeLiveSecurity) Smartphone security is, of course, essential these days, but how confident are you in your device's ability to help keep you safe and secure?

Comodo DNS Blocks TorrentFreak Over "Hacking and Warez " (TorrentFreak) At TorrentFreak, we write about website blocking on a weekly basis, but it's not often that we are the target ourselves. This week we are, as major computer security vendor Comodo has decided to block direct access to our site, claiming that we might offer illegal access to copyrighted software or media. Interestingly. Comodo's DNS blocking doesn't prevent users from accessing The Pirate Bay and other known pirate sites.

Personal info of hundreds of thousands of students targeted in schools hack attack (Sacramento Bee) The attempted infiltration of some Florida school districts, including Miami-Dade, was aimed at stealing Social Security numbers and other ID info but also to try to access state voting systems, says a cybersecurity firm.

Credit Card Breach at Buckle Stores (KrebsOnSecurity) The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data.

Cyber Trends

Perception and reality: The role of AI and automated cyber defenses (Help Net Security) New Radware research looks at important global trends as well as intriguing perceptions and nuances among U.S. and European executives.

Cybersecurity 'a bigger issue than Brexit' (IT Pro Portal) Executives are turning towards automated systems, report claims.

DLP APIs: The next frontier for Data Loss Prevention (Help Net Security) DLP APIs give developers the power to integrate DLP into the enterprise apps they build and the cloud services they offer.

Why the world’s security firms need to work together (IT Pro Portal) InfoSec 2017: Leading companies need to share intelligence in order to conquer growing cybersecurity threats, Gigamon and Trend Micro tells ITProPortal.

Now doctors need to be hackers, too (Engadget) Doctors now need to be hackers, too

Why Consumers Don’t Trust Smart Home Devices (Mocana) Smart home devices promise convenience, ubiquity, round-the-clock connectivity and control. But for consumers, security, privacy and reliability matter the most.

Minimizing the Loss of DDoS (Infosecurity Magazine) Dan Raywood explores whether protection is keeping pace with a threat that has already trapped some of the biggest targets across the globe

UK businesses are still under-prepared for the GDPR - and some don't even know what it is (Computing) Small organisations are less likely to be ready than large ones.

These are the top 5 concerns IT leaders have about the GDPR (Computing) The lack of clarity is making business leaders nervous

Marketplace

Cyber Security Is The Necessity Of The Future (Seeking Alpha) Cyber Security is a rapidly expanding sector. There is no apparent leader in the industry yet. ETF is currently the best way to capture growth with resonable ri

Cloud-based security services market to reach nearly $9 billion by 2020 (Help Net Security) Growth in worldwide cloud-based security services will remain strong, reaching $5.9 billion in 2017, up 21 percent from 2016, according to Gartner. Overall

Cyber Threats Driving Growth In Cloud Applications (Seeking Alpha) CRM growth accelerating. Data protection is a key driver of growth. Favorable financial metrics are spurring acquisitions. Consolidation in Tier 1 and Tier 2 Co

Cyber Security: The New Hidden Risks of M&A Deals. Italian perspective (Lexology) The cyber security is widely recognized as one of the major challenges for the Governments all over the world, which consider the cyber security as…

SMBs prefer MSPs for security deployments (Computing) More than half of US SMBs now use an external service provider; that number will rise as the need for security grows.

Lack of Experience Biggest Obstacle for InfoSec Career (Dark Reading) A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.

Thales Becomes Data Miner to Advance NextGen Avionics (Aviation International News) Thales is looking to better connect flight crew with the data they need to fly more efficiently.

Australian government agencies to get security boost (Defence Connect) Defence and security company Saab has been awarded a contract to enhance security measures at strategic Australian Government facilities as part of a transformation project in response to increased th

NSW Police signs five-year, $55m deal with IBM (iTnews) Bundles up support and taps into new products.

General Dynamics Awarded $250M to Modify, Sustain Army SIGINT Platform (GovCon Wire) General Dynamics' (NYSE: GD) missions systems business has secured a five-year, $250 million contrac

Is Booz Allen in trouble? What the DOJ investigation means. (Washington Business Journal) With the stock diving 20 percent at one point on Friday, Wall Street has certainly been spooked.

Swansea City shirt sleeve sponsor is going to protect them against cyber attack (Wales Online) American IT company Barracuda will make sure Swansea City's computer networks are safe

Bitcoin price stabilises after crypto markets crumble (The Sydney Morning Herald) A frenzied few weeks of rapid Bitcoin speculation, which saw the price rocket to $US3000 a coin, looks to be easing as it sinks to 10-day low.

Products, Services, and Solutions

Optiv Security Announces Two New Offerings to Help Organizations Build Identity Centric Security Programs (Optiv Security) Optiv Security today announced the availability of two new identity and access management (IAM) offerings that support organizations trying to put identity at the core of their cyber security programs.

Nok Nok Labs Announces Strategic Partnership with Fujitsu Limited to Accelerate FIDO Authentication in Japan (PRNewswire) Nok Nok Labs, an innovator in modern authentication and a...

Introducing Advanced Protection against Sophisticated Email Threats (Symantec) An integrated approach to fighting stealthy attacks

SiteLock's SMART/DB Protects SMB WordPress Websites (eSecurity Planet) The company launches a private beta of its security solution for WordPress databases.

New infosec products of the week: June 16, 2017 (Help Net Security) The infosec products featured this week include BH Consulting, Logitech, Palo Alto Networks, Toshiba, Uplevel Systems, Vera, Vidder and Waterfall Security.

Technologies, Techniques, and Standards

How to tell if AI or machine learning is real (InfoWorld) False and misleading claims abound that applications and cloud services are now smart. Here’s how to identify true artificial intelligence and machine learning

U.S. Government Embraces Automated Cybersecurity (Electroncs 360) Agencies in the federal government are working to develop tools and software that would automate cybersecurity – essentially, an effort to remove human error from the equation.

Cyber X-Games 2017 (DVIDS) Approximately 48 U.S. military personnel working in cyber defense representing units from the 335th Signal Command (Theater), the Defense Information Systems Agency, Surface Deployment and Distribution Command, Pennsylvania National Guard, and Pennsylvania Air National Guard, began this year’s advanced challenge for the Cyber X-Games, June 15 at Carnegie Mellon University.

The Air Force conducts a collaborative effort to strengthen cyber operations (C4ISRNET) The very first Space Cyber Challenge was held at the National Security Agency Cyber Defense Exercise on May 22 in Linthicum Heights, MD.

Mapping Use Cases to Logs. Which Logs are the Most Important to Collect? (SANS Internet Storm Center) When it comes to log collection, it is always difficult to figure out what to to capture. The primary reasons are cost and value.

How to Spot and Remove Stalkerware (Field Guide) As if there aren’t enough tech security threats to worry about, you also need to be on your guard against so-called ‘stalkerware’—those invasive types of programs installed by suspicious spouses, jealous exes or controlling parents without your knowledge. Here are the warning signs (on your computer) to look out for, and what you can do about them.

What is VPN (FirstSiteGuide) Step by step guide on how to start a food blog including a free eBook and Video tutorial to help you make your own blog.

Design and Innovation

Facebook's Counterterrorism Playbook Comes into Focus (WIRED) When you use Facebook, it doesn't look like Facebook is doing much.

Google Doesn't Know My Dad Died (Motherboard) Tech companies haven’t figured out how to automate human relationships.

Research and Development

China bounced an 'unhackable' quantum signal between cities (Engadget) China sets quantum transmission record by bouncing a signal 750 miles

Equipment already in space can be adapted for extremely secure data encryption (Help Net Security) A satellite-based quantum-based encryption network would provide extremely secure data encryption, where the data is sent over long distances.

Academia

Nichols rolls out new graduate program focused on counterterrorism, violent extremism studies (Telegram) Nichols College has launched a new graduate degree program focusing on counterterrorism studies that a professor at the school has called

NSA's GenCyber Reaches New Territories (NSA|CSS) This year, the GenCyber Program, co-sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF), is bigger and better than before. The program is offering more than 130 summer camps in 39 states across the nation, and in Washington D.C. and Puerto Rico.

Texas pre-teen shows cyber security experts how easy it is to hack children’s toys (Laredo Morning Times) A sixth grade Texas "cyber ninja" has made a big splash in among security experts by showing them how easy it is to use common children's toys to spy on kids, parents and more.

Legislation, Policy and Regulation

Coming soon: joint international cyberspace operations (C4ISRNET) As U.S. Cyber Command continues to mature its workforce, operations and tactics, so too are allied nations, some of which are also standing up cyber commands.

NATO: Prepared for Countering Disinformation Operations in the Baltic States? (RAND) NATO plans to have around 3,000 troops in the Baltic states by the end of May as part of the Enhanced Forward Presence (EFP) — the largest reinforcement of NATO troops in the region for a generation.

Putin claims Russia proposed a cyber war treaty in 2015 but the Obama administration ignored them (Quartz) Irony abounds.

Can sovereignty prevail without a strong industry? Not in France, experts say (Defense News) French national sovereignty rests on maintaining a strong defense industrial and technology basis, which requires long-term political support, senior defense executives and the arms procurement chief said.

Cyber bombs are on the way, but expert asks how military will employ them (CBC News) If it hasn't already, the Canadian military will have to develop its own cyber weapons. The country's new defence policy gives the Forces the green light to conduct offensive operations against online adversaries. But an expert warns careful thought will have to be used if and or when they are employed.

Companies must be ready to learn from breach-notification exposure, not fear it (CSO) Australian businesses need to get over their fear of being singled out under looming breach notification laws and be prepared to use public shaming as a trigger for internal transformation, two security consultants have advised as the February 2018 implementation deadline for Australia’s new |Notifiable Data Breaches (NDB) scheme draws ever nearer.

NHS in Scotland at risk of more cyber attacks warns expert (Scotsman) Scotland is lagging behind England in the creation of “robust and dynamic” health service IT systems, a Holyrood inquiry into the recent cyber attack on the NHS has been warned.

ICT expert urges government to collaborate in fight against cybercrimes (Guardian (Nigeria)) Mr Felix Idowu, an ICT expert has urged the government to collaborate more with stakeholders in the private sector to fight cybercrimes and curbed the frequent cases of internet fraud.

NYCN set to convene security summit (News Agency of Nigeria (NAN)) The National Youth Council of Nigeria (NYCN) says it has concluded arrangements to organise security summit with youth leaders across the 36 states.

Here's why DHS is driving states 'nuts' (Washington Examiner) The vulnerability of the voting systems in each state varies depending to what degree the state's information is digitally integrated into o...

McAuliffe touts buildup of cyber defenses in the states (TheHill) “Clearly, the Russians tried to undermine our democracy. ... This is, to me, an act of war.”

Erosion of ISP Privacy Rules Sparks New Anti-Snooping Efforts (Threatpost) After lawmakers struck down ISP privacy protections earlier this year, new efforts are underway to help consumers win back control of their personal information from their service providers.

Litigation, Investigation, and Enforcement

British Say Election Was Free of Russian Meddling (US News & World Report) British officials confirm no foreign actor successfully interfered in the recent election, though perhaps not for the reasons they think, experts say.

Snowden Comes To Defense Of Jailed NSA Contractor Reality Winner Newburgh Gazette http://newburghgazette.com/2017/06/18/snowden-comes-to-defense-of-jailed-nsa-contractor-reality/ (Newburgh Gazette) The intelligence contractor accused of leaking a highly classified National Security Agency report to the media has been indicted.

Opinion | Mr. Trump’s Dangerous Indifference to Russia (New York Times) Russia took direct aim at American democracy in 2016. President Trump couldn’t care less.

Trump’s silence on Russian hacking hands Democrats new weapon (POLITICO) Democrats say Trump has yet to express public concern about the underlying issue with striking implications for America's democracy.

Russia's new cyber weapon turns up the heat on US efforts (Washington Examiner) Cyberattack disrupted parts of Ukraine's electrical grid in 2016

Police spend millions on 'dead duck' intelligence tool by failed developer Wynyard Group (New Zealand Herald) Police spent millions of dollars on "dead duck" software and need to spend more to fix the severe problems now developer Wynyard Group has gone into liquidation.

Uber in the privacy spotlight again (Naked Security) It won’t necessarily translate into big trouble for Uber. But it might: after all, the FTC’s interest recently cost the company $20m.

The Woman Who Encouraged Her Boyfriend To Kill Himself Is Found Guilty Of Involuntary Manslaughter (BuzzFeed) A judge on Friday found Michelle Carter, 20, guilty of involuntary manslaughter for urging Conrad Roy — through text messages — to kill himself.

The Texting Suicide Case is about Crime, not Tech (WIRED) A Massachusetts judge has found 20-year-old Michelle Carter guilty of involuntary manslaughter in the 2014 suicide of her boyfriend, Conrad Roy III, who Carter repeatedly encouraged to commit suicide via text message.

Hacker "His Royal Gingerness" Jailed for Cyber-Attack on UK Hospital, Airport (BleepingComputer) Daniel Devereux, 30, a British man calling himself "His Royal Gingerness" has been sentenced to 32 weeks in prison for hacking the websites of the Norfolk and Norwich University Hospital, and the website of the Norwich International Airport.

Engineer Sentenced to Prison for Hacking Utility, Disabling Water Meter-Readers (Dark Reading) A Pennsylvania man is sentenced to more than a year in prison after hacking into a remote water meter reading system run by his former employer.

6 months for abuser caught in FBI’s Playpen snare (Naked Security) FBI’s Playpen operation is an investigation into child abuse imagery being shared via Tor. So, why such a lenient sentence?

CenturyLink made millions by ripping off customers, lawsuit claims (Ars Technica) ISP added services to customer accounts without authorization, ex-employee says.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

upcoming Events

Information Assurance Symposium (Baltimore, Maryland, USA, June 19 - 21, 2017) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today's challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2017 IAS is expecting upwards of 2,500 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, three distinct tracts and panel discussions spanning over three days.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 19 - 21, 2017) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the first annual Cyber Security Summit in June 2017. The summit, presented in a continuing education format, welcomes Norwich alumni and their guests interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level. Register today to reserve your space at the summit.

Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place in France but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects. Hack In Paris aims at filling this gap. The program includes state of the art IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis techniques and countermeasures.

SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest cyber-attacks. Now is the time to enhance your skills and further your career.

Naval Future Force Science and Technology Expo (Washington, DC, USA, June 20 - 23, 2017) The Office of Naval Research’s (ONR) biennial 2017 Naval Future Force Science and Technology (S&T) EXPO will take place July 20-21, 2017. The Expo is the premier S&T event for the Navy and Marine Corps and is held every two years. It draws several thousand attendees and is designed to support the objectives of the Naval S&T Strategy. An updated version of the strategy will be unveiled at the event. It also will showcase some of the Navy’s and Marine Corp’s latest technologies and bring together the brightest minds from around the world to share information; discuss research opportunities; and build partnerships between the Navy, Marine Corps, industry and academia.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Borderless Cyber is an international, executive-level conference series that began in 2015. It’s designed to bring together the private sector and policy makers to evaluate, debate, and collaborate on cyber security best practices and solutions. Hosted by the OASIS open consortium, previous Borderless Cyber events were held in partnership with The World Bank in Washington, D.C., with the European Parliament in Brussels, and with Keio University in Tokyo. In 2017, the conference will be held in New York City and The Hague.

Global Insider Threat Summit (London, England, UK, June 22, 2017) Companies are spending millions on cybersecurity, but breaches are still on the rise. Multinational enterprises, small businesses, healthcare organizations, and even national governments are all feeling the effects. At the Global Insider Threat Summit, we'll discuss why the changing tech landscape means adapting a new approach to cybersecurity -- and why user behavior is the starting point.

Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

Cyber Week (Tel Aviv, Israel, June 25 - 29, 2017) Bringing together international cybersecurity experts and enthusiasts, Cyber Week provides the opportunity to gain insight into the latest global developments in cybersecurity. The conference welcomes distinguished speakers from all corners of the world, representing a rich consortium of thought leaders who are advancing cybersecurity in various sectors. Learn first-hand from top government officials, industry leaders, and researchers during the Main Plenary at Cyber Week with access to the most recent updates and predictions.

cybergamut Tech Tuesday (Elkridge, Maryland, USA, June 27, 2017) The cyber security universe remains an increasing and dynamic threat to the American national infrastructure. This presentation provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention is paid to the protocols engaged, attack patterns, and trends seen in these attacks. (Accessible through various online nodes.)

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.

2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

More WannaCry follow-up. Bad adware continues to duck the bouncer at Google Play's velvet rope. Big data consultants left voter records exposed in an unsecured S3 account. UK's NCSC says recent elections were Russian-hacker-free.