The CyberWire Daily Briefing 6.27.17

Summary

By The CyberWire Staff

A new ransomware campaign of uncertain origin is hitting targets in Europe today, and it has begun to appear elsewhere. Ukraine is particularly affected, with banks (including ATMs), many government offices, and electrical utility networks (including those engaged in monitoring radiation levels at the former power plant in Chernobyl) suffering heavily. The Russian oil firm Rosneft also reports being affected (and has expressed the hope that the attack isn't connected to ongoing legal disputes with its domestic rival Sistema).

Group-IB believes the attacks on Ukraine and Rosneft were simultaneous and coordinated. Kaspersky and Flashpoint think they're observing signs of the Petya (a.k.a. Petrwrap) strain of ransomware in the attacks.

Other major infestations are reported by the Danish shipping concern A.P. Moller-Maersk, pharmaceutical company Merck (this in the US), Deutsche Post (its operations in Ukraine), and British ad agency WPP. More are sure to come.

The ransom note's text has appeared in English, but Ukrainian authorities blame Russian hackers, especially since the attack coincides with tomorrow's observance in Ukraine of Constitution Day. On this interpretation the attack's spread is due either to the inherently difficult-to-control nature of malware, deliberate misdirection, or willingness to take such targets of opportunity as present themselves.

Observers of last week's hack of Parliament's emails in the UK note poor password discipline, and point out the cognitive dissonance implicit in HM Government's push for backdoors when Westminster's email system was so easily pwned.

ISIS defacements of government webpages in Ohio are joined by similar vandalism in Maryland.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bahrain, Bermuda, Denmark, Egypt, European Union, Germany, India, Israel, Kuwait, New Zealand, Nigeria, Qatar, Russia, Saudi Arabia, Singapore, Ukraine, United Kingdom, and United States.

On the Podcast

In today's podcast we hear from our partners at Accenture as Justin Harvey discusses destructive malware. Our guest, David Jarvis of IBM, talks about some of Big Blue's innovative hiring practices.

Sponsored Events

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

New cyberattack causes mass disruption in Europe (AP) A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.

DDoS attack by a cyber hacking team may be the cause of Skype connectivity issues in the UAE (Feedbaac) From what was believed to be a ban in the UAE, it appears that the recent Skype outage may have been due to the recent cyber attack by a hacking group. The countries which were affected by the recent cyber attack include Singapore, South Africa, India, and Pakistan.

Websites of Ohio governor, Maryland county hacked, defaced with pro-ISIS message (Washington Post) The FBI has been investigating an alleged hacker group for defacing websites.

Cyberattack against Ohio government websites may not be over (The Columbus Dispatch) All 11 Ohio state-government websites hacked by a pro-Islamic State, anti-Donald Trump message were operating Monday, but officials are wary about what

Howard County government website restored after it was hacked with pro-Islamic State message (Baltimore Sun) Howard County's government website was hacked with messages supporting the Islamic State on Sunday, part of a larger attack on local government websites around the country.

A Cyberattack on Britain's House of Parliament (The Atlantic) The incident left some members unable to access their email accounts.

Cyberattack on UK parliament exploited weak email passwords (New Scientist) A hack that locked MPs out of their parliamentary email accounts over the weekend could have been easily stopped by more following basic security practices

UK parliament cyber attack highlights the shortcomings of passwords (BetaNews) As we reported over the weekend the UK parliament's email system was subject to a brute force attack using passwords stolen in the 2012 LinkedIn breach.

UK Govt Wants Encryption Backdoors but Can't Even Protect Its Email Servers From a Brute-Force Attack (BleepingComputer) A "determined" attacker has breached the email system of the UK Parliament over the weekend, according to a statement put out by the UK government on Sunday afternoon.

Who hacked the UK parliament? Russian hackers suspected to be behind attempted theft of MPs' records (International Business Times UK) Hackers reportedly breached less than 1% of parliament's 9,000 email addresses.

Russia, really? 'Any teenager' could be culprit of UK parliament cyberattack says expert (International Business Times UK) The alleged cyberattack was not sophisticated - and likely too brash for a nation state.

Mobile Menace Monday: Fake WannaCry Scanner (Malwarebytes Labs) With all the buzz around the PC ransomware WannaCry, it’s no surprise that a fake antivirus (FakeAV) has emerged on Google Play.

GhostHook Attack Targets Windows 10 Vulnerability (Infosecurity Magazine) CyberArk Labs demonstrated an attack that can enable the installation of rootkit malware under Windows 10 64-bit

AdGholas malvertisers experiment with ransomware, delivered through Astrum EK (SC Media US) The malvertising hacker group known as AdGholas launched a new campaign in May and June 2017 that used the Astrum exploit kit to infect victims with Mole r

New Shifr RaaS Lets Any Dummy Enter the Ransomware Business (BleepingComputer) Several security researchers have spotted a new Ransomware-as-a-Service (RaaS) portal over the weekend that lets anyone generate their own ransomware executable just by filling in three form fields and pressing a button.

How Spora ransomware tries to fool antivirus (Naked Security) Spora ransomware is back and it’s trying to confuse antivirus products and email filters.

$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks (BleepingComputer) The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies.

KSN Report: Ransomware in 2016-2017 (SecueList) This report has been prepared using depersonalized data processed by Kaspersky Security Network (KSN). The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into the ransomware threat landscape by Kaspersky Lab experts.

Fireball Malware: Ticking Time Bomb or All Hot Air? (Security Intelligence) Depending on who you ask, the Fireball malware infected somewhere between 40 and 250 million Windows devices. The potential danger, however, is undisputed.

Another reason NOT to upgrade to Windows 10? Major leak raises security concerns (Express) MICROSOFT’S Windows 10 has suffered a significant leak with important source code posted online.

£3bn warship fitted with outdated software at risk of cyberattack (Times (London)) Britain’s state-of-the-art aircraft carrier, which powered out to sea for the first time last night, has the same outdated software on board that was hit by a massive cyberattack last month.

Hackers Hit 75% of Drillers as Sketchy Monitoring Is Blamed (Bloomberg.com) Three out of four oil and natural gas companies fell victim to at least one cyber attack last year as hacking efforts against the industry become more frequent and sophisticated.

Hollywood at Risk without Better Encryption (Bloomberg BNA) The summer blockbuster season has begun with movies such as Sony Pictures Entertainment Inc.’s Spider-Man: Homecoming set to launch.

Security Patches, Mitigations, and Software Updates

How Snapchat shares your (and your kids’) location (Naked Security) Some police and child protection authorities are advising parents to turn off the new feature

Cyber Trends

Cybersecurity battleground shifting to Linux and web servers (Help Net Security) Despite an overall drop in general malware detection for the quarter, Linux malware made up more than 36 percent of the top threats identified in Q1 2017.

Cybersecurity: moving from anchor to enabler of innovation (EY) EY examines how cybersecurity can drive innovation and growth, upending its reputation as a drag on digital progress.

Global DNS Threat Survey Report from EfficientIP Estimates DNS-Based Attacks Cost Businesses more than $2M Annually (PRWeb) New research reveals global organizations gamble their business future on poorly designed network security solutions.

Global cyber-defense ‘very leaky,’ Israel expert says (The Times of Israel) Check Point Software’s Gil Shwed says more comprehensive prevention solutions are needed

Cyber Attack: Nigeria Named among World’s Highest Risk Countries (THISDAYLIVE) Obinna Chima Nigeria and four other African countries have been listed among the world’s highest risk countries in the latest Global Threat Impact Index released for May 2017, released by Check Poi…

Cyber security threat to the energy industry ‘is rising’ (Energy Live News) The cyber security threat to the energy industry is increasing year-on-year.

Marketplace

Apple, Cisco team up to push for cyber security insurance discounts (Reuters) Apple Inc (AAPL.O) is working with Cisco Systems Inc (CSCO.O) to help businesses that primarily use gear from both companies to get a discount on cyber-security insurance premiums, Apple Chief Executive Officer Tim Cook said on Monday.

The world needs more cybersecurity pros, but millennials aren't interested in the field (TechRepublic) Only 7% of cybersecurity workers are under age 29, and just 11% are women. Here's how your business can better recruit younger, more diverse cybersecurity workers.

HackerOne Report Shows Bug Bounty Industry and Bounty Rewards Are On the Rise Globally (BusinessWire) HackerOne, the leading bug bounty and vulnerability disclosure platform provider, today published “The 2017 Hacker-Powered Security Report&rdquo

Trend Micro to invest in IoT startups through new $100m venture fund (ZDNet) The fund will be used to gather insights about the IoT ecosystem that can then be used to guide Trend Micro's development roadmap.

Industry Leading AI Company SparkCognition Closes $32 Million in Series B Funding (PRNewswire) SparkCognition, one of the world's fastest growing artificial...

Austin AI Startup Raises $32.5M from Verizon and Boeing (Austin Inno) Verizon Ventures and The Boeing Company's Boeing HorizonX investment arm think Austin-based SparkCognition is at the forefront of advancements in artificial intelligence. And they're betting...

Upstream Security Raises $2M to Protect Connected and Autonomous Fleets (IT Business Net) An innovative cyber-security cloud-based platform joins the portfolios of Glilot Capital Partners and Maniv Mobility

Classified satellite deal goes to Kratos (C4ISRNET) The contract, with the company's Modular System Division, is for what a Kratos news release only described as "U.S. national security-related customers."

Harris awarded NGA software contract (C4ISRNET) The software "will allow intelligence officials to provide more timely and accurate support to warfighters and the national security community," the company said.

Leidos and AT&T to Implement Software Defined Networking for the Defense Information Systems Agency (Military Technologies) Leidos (NYSE: LDOS), a FORTUNE 500® science and technology company, will help the Defense Information Systems Agency (DISA) automate virtual private networking services in support of our nation’s defense.

Army taps Raytheon for language translation software (UPI) Raytheon BBN Technologies is licensing its foreign language translation software to the U.S. Army for one year at a cost of $4 million.

IT firm CCS signs up with top cyber company (The Royal Gazette) Bermudian IT firm CCS has teamed up with a high-tech expert in combating cyber threats.The island company has become a partner with US-based Cylance

Palo Alto Networks confident of taking security into SaaS era (ComputerWeekly) Security platforms could make it easier to take products to market and improve firms’ security posture by making innovative products easier to consume, but the biggest winners could be the platform providers.

SPAWAR Shares Thoughts on Regional Cybersecurity at San Diego Startup Week (DVIDS) Space and Naval Warfare Systems Command (SPAWAR) participated in a cybersecurity economy panel during the 5th annual San Diego Startup Week (SDSW), June 21.

New Executives Strengthen Contrast Security's Leadership in Self-Protecting Software (PRNewswire) Contrast Security, the first company to enable self-protecting...

CyberSN Expanding Cyber Security & Software Sales Staffing Services in Boston; Ryan C. Andaluz, Managing Director, Leads Expansion (PRNewswire) Today CyberSN announces their new office expansion to Boston's Back Bay...

CRN Exclusive: Tanium Names Former Salesforce Exec As Chief Revenue Officer (CRN) Tanium has appointed former Salesforce Senior Vice President of Marketing for Cloud, Mark Wayland, as its new chief revenue officer, starting on July 10.

HII Hires Davis to Lead Cyber Security Program (MarineLink) Ron A. Davis has joined Huntington Ingalls Industries (HII) as chief information systems officer (CISO). In this new role, he will…

LookingGlass CTO, Allan Thomson Receives OASIS Distinguished Contributor Award for Commitment to Open Standards in Threat Intelligence (BusinessWire) LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, today announced that the company’s Chief Technology Office

Denver cybersecurity company adds former U.S. senator to its board (Denver Business Journal) SecureSet, a private intensive cybersecurity training course, said former U.S. Sen. Mark Udall is joining its board.

Products, Services, and Solutions

Santander Brasil Chooses GuardiCore Centra Security Platform to Protect Data Center - GuardiCore - Data Center and Cloud Security (GuardiCore - Data Center and Cloud Security) GuardiCore, a leader in internal data center security and breach detection, today announced that Santander Brasil, the largest subsidiary of Santander Group, has selected GuardiCore’s Centra Security Platform to provide advanced data center security. Santander Brasil is the fifth largest commercial bank in Brazil with about 36 million …

Trustonic and MediaTek announce co-operation in automotive sector - Trustonic (Trustonic) Trustonic today announces a collaboration with systems-on-chips (SoCs) specialist MediaTek to provide the automotive industry with highly secure telematics and in-car entertainment systems for connected vehicles.

Claroty Adds Secure Remote Access Product to the Claroty Platform and Further Enhances Company’s Industry-Leading ICS Threat Detection (Claroty) Claroty, an innovator in Operational Technology (OT) network protection, today announced the general availability of Secure Remote Access, the latest addition to the company’s award-winning OT security platform.

Little Snitch: Version 4 of macOS-Firewall Launched (PRNewswire) With new features and a whole range of improvements and enhancements, version 4...

ForeScout Extends Agentless Visibility, Classification and Control Across Campus, Data Center and Cloud (ForeScout) Expanded collaboration with VMware offers agentless visibility and control in software-defined data centers Advanced out-of-the-box device classification with new taxonomy for IoT and OT devices

ForeScout Unveils New Security Solution for VMware Software-Defined Data Center Environments (ForeScout) ForeScout expands collaboration to offer enhanced security, improved compliance and optimized data center utilization in VMware environments

GlobalSCAPE, Inc. Launches Kenetix: a Simple but Powerful Way to Integrate Cloud Data (GlobalSCAPE) Company’s first iPaaS offering provides unmatched scale, agility and ease of use

Free security solution will block malware, zero-day attacks (TechRepublic) Cybersecurity provider Comodo is offering a new endpoint detection and response solution free to enterprise users.

Google's DeepMind signs deal with Taunton and Somerset NHS Foundation Trust (Computing) Five-year deal for DeepMind's Streams app follows controversy about transfer of sensitive patient data

More Microsoft services certified to handle Australian government data (CRN Australia) Expands sensitive data storage and processing eligibility.

RedSeal offers powerful, passive network protection (CSO Online) The RedSeal appliance doesn't actually fix anything on its own, but it does act as a force multiplier for every other security device within a network.

Banks' blockchain consortium picks IBM for trade finance platform (Reuters) Tech giant IBM is building a blockchain-based platform for seven big European banks, including HSBC and Deutsche Bank, that is aimed at simplifying trade finance transactions for small- and medium-sized companies.

Trustonic, MediaTek Partner to Secure Smart Car Software (Mobile ID World) Trustonic has teamed up with MediaTek, a company specializing on system-on-chip technology for consumer electronics, to offer...

Trend Micro Developing Decryption Tool to Decrypt Files Infected by MacRansom (IT Business Net) Trend Micro (TYO:4704) announces the development of a decryption tool that helps Mac users access encrypted files infected by MacRansom.

Technologies, Techniques, and Standards

GDPR Explained: What are the Security Requirements? (ERPScan) The upcoming GDPR will bring substantial changes to how organizations process personal data. Companies will learn how to be transparent and credible or face fines of up to €20 million or 4% of annual global turnover – whichever is the greatest. The key elements of GDPR will be explained here.

What GDPR Means for your Cybersecurity Strategy (SecureWorks) This white paper explores how organizations can use the requirements laid down by GDPR that affect information security to promote privacy, security, and business enablement.

New EU Privacy Laws Will Complicate B2B Data Sharing (Threatpost) Exploring the legality of the international business-to-business sharing of IP addresses within the cyber threat intelligence community.

US may forgo using EW capabilities if coalition tech isn't compatible (C4ISRNET) In a high-end fight, the U.S. might opt out of using high-tech gear if a partner's capability is not on the same level, according to the DoD's deputy director of electronic warfare.

Here's why it takes more than great technology to secure your business information (Business Insider Australia) These days the business world seems to be rocked on a daily basis by a new cybersecurity threat to be dodged. But while world-class security technology can help, there’s one big risk factor that can’t ever be controlled with software: people.

15 things to do to prevent DDOS attacks (Penetration Testing) On this post, i am going to describes the 15 things against DDoS attacks, DDoS attacks mainly to two categories: bandwidth exhaustion attacks and resource exhaustion attacks, in order to effectively curb these two...

Democratisation of data can lead to organisational problems, says expert panel (Computing) Democratising data puts power in the hands of staff instead of managers, which can bring with it a whole host of problems, warn experts at a recent Computing event

Making enterprise content management secure and scalable (Help Net Security) Organisations want to invest in systems and technology that allow them to adapt to changing markets, but traditional ECM often hinders this progress.

Cloud security: The castle vs open-ended city model (Cloud Pro) With the cloud, borders blur - so how do organisations protect data, wherever it is?

Can Frequent Security Training Help Thwart "As-A-Service" Attacks? (Windows IT Pro) Ditch the old school training for an approach that keeps employees on their toes, IT security expert says.

Design and Innovation

Lastline: Machine Learning Is The Key To Tackling Rising Cyber Security Threats (Silicon UK) INTERVIEW: Silicon discusses machine learning in cyber security with Dr Giovanni Vigna, co-founder and CTO of AI firm Lastline

Research and Development

DARPA moves to innovate cyber intel capability with real-time threat visualization (Fifth Domain | Cyber) The Defense Advanced Research Projects Agency (DARPA) has awarded a contract to five organizations in a bid to develop a real-time threat intelligence capability at a time when the amount of raw digital data continues to increase exponentially.

Academia

NTU Singapore teams with US firm to sharpen up cybersecurity research (Security Brief) NTU Singapore has partnered with US firm GrammaTech to sharpen up the university's research projects with better static and binary analysis tools.

Diverse team leads $12.23 million cyber security project (Voxy) Meena Mungro is from Mauritius, an island in the Indian Ocean. She represents one of 17 nationalities in the Cyber Security Researchers of Waikato (CROW team at the University of Waikato.

Legislation, Policy and Regulation

Resistance growing to German government's surveillance measures (Deutsche Welle) Politicians and NGOs say that a spate of security measures go too far and are beginning to impinge on personal liberty. Angela Merkel's potential next coalition partners are demanding a "general reversal" on the issue.

Russia threatening to ban Telegram encrypted messaging app (Help Net Security) Roskomnadzor, Russia's communications regulator, is threatening to ban the use of popular encrypted messaging app Telegram.

Vladimir Wants To See Your Source Code (ExportLawBlog) According to this Reuters report, the Russians are demanding from U.S. companies the right to view source code of software that these companies wish to sell in Russia. The software at issue include…

Trump eager for big meeting with Putin; some advisers wary (Military Times) President Donald Trump is eager to meet Russian President Vladimir Putin with full diplomatic bells and whistles when the two are in Germany for a multinational summit next month. But the idea is exposing deep divisions within the administration on the best way to approach Moscow in the midst of an ongoing investigation into Russian meddling in the U.S. elections.

Trump admin unveils cyber pact with Israel (TheHill) U.S.-Israeli partnership kicks of this week with meetings.

US official announces cyber pact with Israel (Fifth Domain | Cyber) Tom Bossert says the new working group will focus on key cyber issues and encourage international cooperation.

U.S. and Israel Team Up to Fight 'Bad Actors' in Cyberspace (Bloomberg.com) Israel and the U.S. are starting a high-level partnership to create a bulwark against increasingly sophisticated cyber attackers who target critical national infrastructure.

Qatar accused of "military escalation" as inter-Arab rift deepens (Defense News) Bahrain chides tiny Qatar for "bringing in foreign armies" as standoff between U.S. allies grows increasingly testy

Corker vows to block US arms sales to GCC (Defense News) Powerful Senate Foreign Relations Committee Chairman Bob Corker announced he is blocking U.S. arms sales to Gulf Cooperation Council member states to pressure a resolution to the escalating row over Qatar.

Beijing’s Views on Norms in Cyberspace and Cyber Warfare Strategy Pt. 1 (Center for International Maritime Security) By LCDR Jake Bebber USN The following is a two-part series looking at PRC use of cyberspace operations in pursuit of its national strategies and the establ

NSA Director Gave Senator Private Tour During Debate Over Foreign intelligence Collection (Foreign Policy) Admiral Michael Rogers appears to be stepping up his efforts to preserve the intelligence community’s “crown jewels.”

There Is Now Proof the NSA Overindulges in Data Collection (Observer) Politicians of both parties are complacent in agency’s abuse of power.

Litigation, Investigation, and Enforcement

CIA director says intelligence leaks have 'accelerated' (POLITICO) Pompeo said he's "counting on" leakers being stopped and punished soon.

CIA chief: Intel leaks on the rise, cites leaker 'worship' (Military Times) CIA Director Mike Pompeo says he thinks disclosure of America's secret intelligence is on the rise, fueled partly by the "worship" of leakers like Edward Snowden.

Firm that created 'Russian dossier' on Trump facing increased scrutiny (Washington Examiner) The FBI won't confirm it has a relationship with Fusion GPS.

Why Rep. Adam Kinzinger Is Raising ‘Holy Hell’ Over Russia (POLITICO) The up-and-coming member of the House Foreign Affairs Committee is prepared to wage a GOP rebellion.

Obama admin cautious when dealing with Russia’s election meddling (Fifth Domain | Cyber) The Washington Post reveals a shocking look into the Obama administration’s struggle to deal with Russia’s meddling in the democratic process.

Adam Schiff thinks Obama 'should have done a lot more' to alert public about Russian meddling (Washington Examiner) He said Trump shouldn't be criticizing Obama for not doing more.

How Moscow's Spies Keep Duping America—Over and Over Again (The Daily Beast) The White House wants to warm up to Moscow, eventually. But CIA veterans say we tried that.

Analysis: 2 US cases provide unique window into Iran’s global terror network (FDD's Long War Journal) On June 8, the Department of Justice (DOJ) made an announcement that deserves more attention.

Former State Department special agent charged with espionage (Federal Times) A Virginia man caught with $16,500 in cash in his carry-on luggage was charged Thursday with transmitting top-secret documents to an apparent Chinese agent.

FBI's Cyber Most Wanted, part I [Slideshow] (Fifth Domain | Cyber) Rundown on the top cyber criminals the FBI is seeking worldwide. Part I of II.

Europe versus Google: EC applies record-breaking £2.1 billion anti-trust fine (Computing) European Commission says that Google promoted its own services in search results, denying competitors opportunities

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

cybergamut Tech Tuesday (Elkridge, Maryland, USA, June 27, 2017) The cyber security universe remains an increasing and dynamic threat to the American national infrastructure. This presentation provides a quantitative analysis of the attacks seen by IBM and the thousands of IBM customers in the preceding year. Specific attention is paid to the protocols engaged, attack patterns, and trends seen in these attacks. (Accessible through various online nodes.)

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

SIA GovSummit (Washington, DC, USA, June 28 - 29, 2017) The 2017 SIA GovSummit focuses on how government leverages security technologies to drive success across a wide spectrum of missions. Held annually in Washington, the Security Industry Association's government summit examines emerging policy trends, technology needs of the government and changes in the risk environment that shape development of products and advanced systems integration to meet evolving security challenges.

2017 Community College Cyber Summit (C3S) (National Harbor, Maryland, USA, June 28 - 30, 2017) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Four tracks are available for college faculty and administrators, IT faculty who are involved or who would like to become involved in cybersecurity education, non-IT faculty in critical infrastructure fields who are interested in incorporating cybersecurity topics into their curricula, decision makers in positions that influence cybersecurity education programs, and community college students interested in learning about security or expanding their current knowledge.

Cyber Security Summit: DC (Washington, DC, USA, June 29, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: DC. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: DC is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives. (New York, New York, USA, June 29, 2017) SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

CyberSecurity International Symposium (Chcago, Illinois, USA, July 10 - 11, 2017) The Symposium will take an in-depth look at the latest cyber security threats and trends, as well as real-world strategies for securing critical networks and data in enterprise, commercial, government and industrial environments. The event will bring together several hundred industry practitioners, researchers, regulators and solution providers for two days of in-depth, focused networking and information sharing at the cutting edge of cyber security. Many leading companies in the sector will be presenting.

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Major ransomware campaign (probably Petya) centers on Ukraine, but has global effect. Lessons from the Westminster email hack. ISIS hits Maryland webpages as well as Ohio's.