The CyberWire Daily Briefing 6.26.17

Summary

By The CyberWire Staff

Last Friday the UK's Parliament sustained a brute-force attack on email credentials belonging to Members and staff. Around ninety people's accounts are thought to have been targeted. The principal concern being voiced is the possibility of blackmail. Authorities took down the email service and required password resets. Initial attribution was to an unspecified foreign intelligence service; that service has now by consensus been specified: it's Russia's.

Inquiry into Russian influence operations against last November's US elections turns up records that purport to show that then-President Obama, responding to concerns from Democratic members of Congress, directed cyber retaliation against Russia using "implants" that "would hurt."

Russia's demonstration of a grid-hacking capability against Ukraine continues to stir concerns in the power sector. An op-ed in the Moscow Times suggests that publicly expressed fear of Russian cyber capabilities plays to President Putin's advantage.

Trend Micro outlines the activities of the BlackTech cyber espionage group, which is prospecting East Asia (especially Japan, Taiwan, and Hong Kong) for industrial intellectual property.

Microsoft discloses that Windows 10 source code (some ten terabytes of secure code and internal builds) has leaked.

Check Point and Microsoft dispute how many victims of Fireball Windows malware are out there. Check Point says two-hundred-fifty-million. Microsoft says it wasn't that bad, and anyway Windows 10S were golden. Windows 10S itself may still be susceptible to attack by malicious Word macros.

Pro-ISIS hacktivists deface sites belonging to the State of Ohio with an anti-President-Trump message. Ohio is probably just a target of opportunity.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Algeria, Australia, Canada, China, Germany, Japan, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Russia, Taiwan, United Kingdom, and United States.

A note to our readers: we'll be running accounts of last week's Borderless Cyber USA conference in the next few days.

On the Podcast

In today's podcast our partners at Webroot are represented by David Dufour, who explains the world's ongoing troubles with phishing.

Sponsored Events

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

UK parliamentary email compromised after 'sustained and determined cyber attack' (Register) Brute force attack on weak passwords, cracked [less then] 90 email accounts

Parliament cyber-attack 'hit up to 90 users' (BBC News) Fewer than 1% of 9,000 parliamentary accounts were affected, says the House of Commons.

Parliament cyber-attack hits fewer than 90 email accounts (the Guardian) Spokesman says number affected is less than many feared but that investigation is under way into potential data loss

Cyber-attack on UK parliament: Russia is suspected culprit (the Guardian) Fewer than 90 email accounts with weak passwords are believed to have been hacked in ‘sustained’ attack

Parliament cyber-attack: blackmail danger after foreign state hacks MPs (Sundaty Times) MPs and peers have been warned that they face blackmail threats after hackers working for a foreign state launched a “brute force attack” on the parliamentary computer system. More than 10,000...

How hackers hacked the West (Newsweek) Officials said the cyber attack on the U.K.'s parliament targeted vulnerable email accounts and follows a series of similar attacks on other governments.

New Russian Cyber Weapon Can Wipe Out Power Grids (Temporarily) (TrendinTech) A new cyber weapon has been created by the Russian government (with a little help from hackers) that could cause havoc with our electric systems if it gets into the wrong hands. It’s a type …

UK electricity grid cyber-attack risk is 'off the scale' (the Guardian) Energy industry says current threat coming to the fore because of trend towards decentralised power plants

It’s the Russians Wot Done It (Op-ed) (Moscow Times) BuzzFeed's investigation plays into a dominant narrative within the West where "Russia is to blame."

Why So Many Top Hackers Hail from Russia (KrebsOnSecurity) Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs. This post explores the first part of that assumption by examining a breadth of open-source data.

What is BlackTech? Hacker group using leaked Hacking Team tools to steal Asian targets' tech (International Business Times UK) BlackTech hackers are involved in multiple cyberespionage campaigns against targets in Taiwan, Japan and Hong Kong.

Following the Trail of BlackTech’s Cyber Espionage Campaigns (TrendLabs Security Intelligence Blog) BlackTech is a cyber espionage group operating against targets in East Asia. BlackTech’s campaigns are likely designed to steal their target’s technology.

Pro-ISIS group hacks Ohio Governor' site with anti-Trump message (HackRead) Team System DZ, a pro-ISIS (Daesh) hacking group from Algeria is back in the news. This time the group has targeted the government of United States and def

Ohio Governor John Kasich the Latest Target of Cyber-Attack (Infosecurity Magazine) Many Ohio state government websites attacked with defacement

Cyber attack affected Honda networks in North America (AL.com) The WannaCry worm shut down production in a plant near Tokyo this week.

48 Percent of U.S. Companies Using IoT Have Suffered Security Breaches (eSecurity Planet) The cost of those breaches ranged from hundreds of thousands to tens of millions of dollars, a recent survey found.

Hackers threaten cyber attack against S.Korean banks (BGR) A hacker group has threatened a cyber attack against seven major South Korean banks if they do not pay 360 million won ($315,000) in the virtual currency bitcoin. The group, called Armada Collective, has threatened to carry out a distributed denial-of-service (DDoS) attack if the demanded money is not paid by June 26, South Korean news agency Yonhap reported.

Protecting against DoublePulsar infection with InsightVM and Nexpose (Rapid7) After WannaCry hit systems around the world last month, security experts warned that the underlying vulnerabilities that allowed the ransomworm to spread are still unpatched in many environments, rendering those systems vulnerable to other hacking tools from the same toolset.

SambaCry vulnerability to attack Linux! (TechWorld) SambaCry is using a vulnerability in Samba installations to compromise Linux machines and use them as victims in a large cryptocurrency (Bitcoin or Monero or any other currency) mining process, also enables a remote attacker to hack into affected Linux systems.

Someone leaked 32TB of Windows 10 internal builds and source code (HackRead) It looks like Microsoft is in trouble again. This time not for its critical vulnerabilities in Windows operating system but for a massive data leak in whic

Windows 10 source code leaked, Microsoft confirms (SlashGear) Microsoft is dealing with a significant Windows 10 security headache this weekend, as the company has confirmed that a portion of the operating system’s source code was in fact posted online.

Check Point says Fireball malware hit 250 million; Microsoft says no (Ars Technica) Either way, Microsoft assures us that Windows 10 S would have been immune.

Thanks to Word macros, Windows 10 S isn't as secure as Microsoft would have you believe (BetaNews) With Windows 10 S Microsoft has made the bold claim that this locked down version of its operating system is immune to all known ransomware. This may well be true, but that's certainly not to say that Windows 10 S is completely secure. Lock up your Surface Laptop!

New GhostHook attack technique outsmarts Microsoft PatchGuard (Security Brief) CyberArk Labs researchers made the proof-of-concept last week, saying that GhostHook could be a major threat once attackers have control of devices.

Inside NZ's 'ethical hacking' firm and its quest to make systems safer (Security Brief) "For organisations running Windows 7 or older, upgrading to Windows 10 will bring enhancements that help to protect against such vulnerabilities."

Android Marcher Variant Makes Rounds as Adobe Flash Player Update (Dark Reading) Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.

RAT Vulnerabilities Turn Hackers into Victims (Dark Reading) A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.

PRMitM: Attackers Can Hide Password Resets Inside Account Registrations (BleepingComputer) A research paper published by four Israeli scientists details a new attack called PRMitM, or the "Password Reset Man-in-the-Middle," in which attackers hide password reset interactions for a user's legitimate profile inside account registration interactions on another site.

Password Reset MITM: Exposing the need for better security choices (Help Net Security) Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset on popular websites.

Kaspersky : Attackers Hiding Ztorg Trojan Inside Trojan SMS (Tech ARP) Kaspersky Lab experts have discovered Ztorg apps on the Google Play Store that appear to show cybercriminals trying different ways to get their malware past security – in this case by installing their

Koler Android Ransomware Targets the US with Fake PornHub Apps (BleepingComputer) During the past week, US users visiting adult-themed sites were targeted by ads for a fake PornHub app that contained a version of the Koler ransomware.

Journalists, Activists: Slack Doesn’t Strip Image Metadata (Motherboard) Slack and image metadata may only matter in particular circumstances, but it's always good to know the limits and implications of the tech you're using.

Dating app boss sees ‘no problem’ on face-matching without consent (Naked Security) ‘When you have a bunch of single guys in the office, it goes in that direction’, says Dating.AI founder as he dismisses concerns about scraping other dating apps for faces for users to …

Did you know your superyacht can be cyber-pirated? (Security Brief) white-hat hacker at a recent super-yacht investor conference demonstrated how he took control of a super-yacht’s satellite communications system.

Got Robocalled? Don’t Get Mad; Get Busy. (KrebsOnSecuritiy) Several times a week my cell phone receives the telephonic equivalent of spam: A robocall.

Microsoft Enlists AI in Fight Against Tech Support Scams (eWEEK) The software giant aided the FTC in its recent tech support scam crackdown by setting its AI loose on fraudsters.

Security Patches, Mitigations, and Software Updates

Microsoft Patches Another Windows Defender Bug (Infosecurity Magazine) Microsoft Patches Another Windows Defender Bug. Ormandy found vulnerability which could crash malware engine

Google researcher pokes new holes in Windows Defender (iTnews) x86 emulator in anti-malware causes problems again.

Siemens Patches Vulnerabilities in SIMATIC CP, XHQ (Threatpost) Siemens patched two vulnerabilities in products, SIMATIC CP and XHQ, commonly found in industrial control system setups this week

Google purges private medical records from search (Engadget) The big G has added "confidential, personal medical records of private people" to the list of information it may remove.

Enable Ghost Mode in Snapchat NOW if you want to keep your location private (WeLiveSecurity) Some will find Snapchat's latest feature a bit stalkerish and creepy. Here is how to turn it off and preserve your privacy.

Cyber Trends

The right tools in cybersecurity (Manila Bulletin Technology) If the recent ransomware outbreak tells us something, cybercrimes are exploding through the roof. Having the right tools to prevent malware infection is not enough to keep computers safe.

Marketplace

Bankers Are Hiring Cyber-Security Experts to Help Get Deals Done (Bloomberg) Executives and investors are hiring an unlikely crowd to help them do deals: computer geeks.

CEO of Raytheon's Forcepoint eyes IPO: Boersen-Zeitung (Reuters) U.S. missile maker Raytheon's (RTN.N) cybersecurity unit could thrive were it to be listed separately, the head of the unit, Forcepoint, told German business daily Boersenzeitung in an interview published on Saturday.

Top 100: How Raytheon's big cyber bet is paying off (Washington Technology) Raytheon is known as one of the world's biggest weapons makers but its big bet on cybersecurity is expanding its reputation into another lucrative market area.

Cisco: Set To Rise As A Turnaround Is Close (Seeking Alpha) Cisco Systems has not demonstrated impressive revenue growth over the last years. Currently, the company shows a promising exposure to such attractive segments

KeyW Wins Aviation Collection Services Contract (NASDAQ.com) Awards further extend company's advanced ISR business

Products, Services, and Solutions

New infosec products of the week: June 23, 2017 (Help Net Security) New products for this week include releases from Elastic Beam, Entrust Datacard, Neurotechnology, Raytheon, and Wheel Systems.

Aircraft Systems Connectivity Has Never Been Riskier (iHLS) The increased scope and complexity of connectivity technology on aircrafts and in aviation infrastructure, such

Roqos® Fills the Gap in Parental Controls With Support of Mobile Devices Outside Home (PRNewswire) Roqos, an innovative leader in residential cybersecurity, VPN and...

Tanium: EDR Product Overview and Insight (eSecurity Planet) We review Tanium's EDR solution, which can scale to millions of endpoints with requiring additional infrastructure.

CrowdStrike Falcon Insight: EDR Product Overview and Insight (eSecurity Planet) We review CrowdStrike Falcon Insight, a cloud-based EDR platform that analyzes more than 30 billion endpoint events per day from millions of sensors deployed across 176 countries.

Complex threats? Coordinated response! (Channel Life) Ingram Micro’s Andrew Khan will be highlighting Fortinet’s Security Fabric at this year’s Showcase. Read about it here.

Technologies, Techniques, and Standards

With ransomware, pay up if you want to keep paying (Help Net Security) So there you are, staring at a locked computer screen demanding a ransom. Do you pay? There are really powerful reasons not to.

Look, But Don't Touch: One Key to Better ICS Security (Dark Reading) Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.

Inability to correlate network anomalies to process conditions leads to self-inflicted denial-of-service or worse (Control Global) Given how sophisticated hackers are able to bypass cyber security protections such as CrashOverride, viewing the raw process becomes even more important.

Challengers, leaders continue to explore new territory at 2017 Cyber X-Games (DVIDS) PITTSBURG, Pa. – Cyber defenders and leaders explore new challenges while seeking to enhance skills at Cyber X-Games 2017, held June 15-19 at Carnegie Mellon University.

How to Protect Against WannaCry Worm That's Still Wreaking Havoc (eWEEK) Companies need to take steps to prevent against an attack from the WannaCry worm. Inaction is not an option.

How to Remove Vanguard Ransomware (SpywareTechs.com) Vanguard Ransomware Removal Guide and Removal Tool by SpywareTechs. Follow our guide on how to remove Vanguard Ransomware.

Common sense is rare with cybersecurity, and it will be for a long time (CNET) More than a million people still think '123456' is a good password.

Risks, Threats and Adversaries: How to Prioritize (BankInfo Security) From nation states to organized crime and malicious insiders, organizations are under siege from a variety of adversaries and threats. But how do they focus on the

Hacker Lexicon: What is Steganography (Wired) You know all too well at this point that all sorts of digital attacks are lurking on the internet.

Design and Innovation

A Prototype for an Encrypted Uber that Can't Track You (WIRED) Few tech companies can rival Uber in its combination of blurred ethical lines and data-fueled power to invade people's privacy.

Research and Development

Getting Processors to Speak a Unified Cyber Tongue (SIGNAL Magazine) A government-academia collaboration has researchers working to streamline different computer programming languages so that processors can speak in a single cyber tongue.

CIS researchers receive $2.5M NSF grant for cybersecurity (Cornell Chronicle) Four Cornell computer science researchers will receive $2.5 million from the National Science Foundation to develop software tools that will improve cybersecurity.

Academia

Purdue, IU offer wealth of cyber security programs (Terre Haute Tribune Star) In the field of cyber security, Purdue and Indiana universities offer academic programs and research centers.

Television series inspires a Masters of Cyber Security (Voxy) Craig Scoon’s introduction to cyber security began as a burnt-out, unemployed McDonald’s restaurant manager binge watching NCIS on Australia’s Gold Coast. Five years on, he has a Master of Cyber Security (MCS) from the University of Waikato and is working as a Risk Advisory Consultant for the Cyber Team at Deloitte.

Cyberterrorism is on the rise. These California students are learning how to fight it (San Luis Obispo Tribune) High school teams from across the state visited the California Cyber Training Complex at Camp San Luis for the Cyber Innovation Challenge.

Legislation, Policy and Regulation

Australia asks Five-Eyes partners to ‘tackle encryption' with tech firms (CSO) Australia will push Five-Eyes partners to create laws that make it easier for local intelligence agencies to gain cooperation from US tech firms.

Cyber security set to dominate at 'Five Eyes' meeting in Canada (SBS) Australia’s Attorney General and Immigration Minister are on their way to Canada for the latest intelligence summit.

The 'Five Eyes' Intelligence Network backed by the U.S. and UK are Set to Tackle the Problem of Encrypted Messaging (Patently Apple) On June 19, Patently Apple posted a report titled "The EU Rolls the Dice and Sides with No Decryption, No Reverse Engineering of Communications." Now the U.S. along with the top Commonwealth countries are set to push efforts that are contrary in nature to those proposed by the EU. Today Australia said it will push for greater powers to tackle the use of encrypted messaging services used by terrorists ...

Government seeks greater powers on encrypted messaging (CRN Australia) Will push for greater powers at 'Five Eyes' meeting.

How China's cyber command is being built to supercede its U.S. military counterpart (Cyberscoop) China’s rival to U.S. Cyber Command, the ambiguously named Strategic Support Force, is quietly growing at a time when the country’s sizable military is striving to excel in the digital domain.

China Agrees to Cease Cyber-Attacks on Canadian Private Sector (Infosecurity Magazine) Both countries have agreed to not conduct cyber-attacks that target commercial proprietary data

Australia in new rebuff to Chinese telcos (Telecom Asia) Australia welcomes Chinese business, as long as it’s not in the telecoms sector

House Bill to Restrict Pentagon Contracts With Chinese Telecoms (Washington Free Beacon) The pending House defense bill contains provisions that would restrict the Pentagon from buying equipment from Chinese or Russian telecommunications firms.

German law enforcement gets new hacking powers (Help Net Security) German law enforcement hacking powers have received an update. A new amendment will allow them to use "federal Trojans" to hack into targets' computer.

Senators Push Trump for Answers on Power Grid Malware Attack (WIRED) In one of his first public statements on his priorities as president, Donald Trump promised to develop a "comprehensive plan to protect America's vital infrastructure from cyberattacks."

Senators question Trump’s approach to cybersecurity (Engadget) Senators are calling on Trump to take security action after research finds Russia could wipe out US infrastructure with sophisticated malware.

Election hacking fears turn heat on Homeland Security (TheHill) Growing concerns about threats to U.S. election systems have put the heat on the Department of Homeland Security (DHS) and its efforts to boost national cybersecurity.

Congressional chairmen battle to lead cybersecurity fight (Washington Examiner) Congress has a growing opportunity to lead on cybersecurity after years of playing catch-up, but it remains to be seen which committees will...

Tenable's Yoran offers steps for Congress to fix cyber 'market failure' (Inside Cybersecurity) Tenable Network Security Chairman and CEO Amit Yoran says the nation faces a “market failure” in cybersecurity because of an inability to clearly identify threats from emerging technologies and an integration of cyber and physical operations in industry and consumer products, and is suggesting specific steps lawmakers can take to help alleviate these risks.

Litigation, Investigation, and Enforcement

Manchester Arena killer Salman Abedi used YouTube to build bomb (Times (London)) The Manchester suicide bomber used videos from YouTube and other websites to help to build the device that killed 22 people, The Times has learnt. Salman Abedi viewed clips on YouTube, Google’s...

Trump acknowledges Russian meddling in tweet criticizing Obama (CBS News) Obama "knew far in advance of November 8th about election meddling by Russia," the president said

Obama’s secret struggle to punish Russia for Putin’s election assault (Washington Post) The White House debated various options to punish Russia, but facing obstacles and potential risks, it ultimately failed to exact a heavy toll on the Kremlin for its election meddling.

Report: Obama ordered cyber 'implants' for Russian network in response to hacking (USA TODAY) The White House anguished over how and when to report publicly about Russian hacking out of concern it could impact the presidential election.

Docs: Dems Urged Obama to Act on Russia Before Election (Normangee Star) While the Russian Federation investigation focuses on last year’s election, it’s not at all clear that the Trump administration much cares about the security of the next one.

Obama reportedly directed the NSA to infect Russia with cyber weapons to cause ‘pain’ (Business Insider) The National Security Agency infected key Russian networks with remotely-controlled "implants" that would cause "pain and discomfort" if they are ever used, according to a new report in The Washington Post.

Evidence is mounting that Russia took 4 clear paths to meddle in the US election (Business Insider) Russia's interference was a multi-faceted, coordinated, and well-planned campaign aimed at undermining the backbone of democracy.

Today we’ve added a newly declassified documents to a prior post: (IC on the Record) Today we’ve added a newly declassified documents to a prior post:

NSA Fail: Massive Holes Exposed in US Spy Agency Security (Sputnik News) Until the Snowden leaks, the United States had no idea how many people had access to its top secret files.

Virginia Consultant Charged with Espionage (Dark Reading) Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.

Bumbling Ex-CIA Officer Charged With Selling Secrets to China (Foreign Policy) A prestigious Chinese think tank provided cover for the intelligence operation that ensnared Kevin Mallory.

Anthem ready to pay $115 million to settle data breach lawsuit (Help Net Security) The Anthem data breach settlement is ready. They will pay $115 million to settle a class-action suit mounted in the wake of the 2015 data breach.

Internet crime: The continuing rise of the BEC scam (Help Net Security) In 2016, FBI's IC3 received a total of 298,728 complaints with reported losses over $1.3 billion. Victims of BEC scams lost larger sums than most others.

FBI: Victims Aren't Reporting Ransomware Attacks (BleepingComputer) Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report, released yesterday by the FBI's Internet Crime Complaint Center (IC3).

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

National Information Security Conference (Glasgow, Scotland, UK, October 11 - 13, 2017) NISC is a highly focused cyber security event designed to encourage peer-to-peer collaboration and thought-leading discussions in a relaxed but professional environment. It provides the proven practices and strategies needed by any cyber security professional to protect their enterprise.

upcoming Events

cybergamut Tech Tuesday (Elkridge, Maryland, USA, June 27, 2017) The cyber security universe remains an increasing and dynamic threat to the American national infrastructure. This presentation provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention is paid to the protocols engaged, attack patterns, and trends seen in these attacks. (Accessible through various online nodes.)

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.

2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Westminster email accounts brute-forced. US may have retaliated against Russian influence operations. BlackTech steals IP in East Asia. Windows 10 source code leaked. Fireball assessed. ISIS skids hack Ohio websites.