The CyberWire Daily Briefing 7.11.17

Summary

By The CyberWire Staff

More on the cyber attempt on the US energy sector comes to light. It was apparently a phishing campaign, mounted from Russia, and without effect on operational systems. Nonetheless, members of the US Congress are expressing concern and demanding explanations. EnergyWire reports that the campaign has been in progress since May, and that the attackers are "drawing from the Ukraine playbook," that is, the complex attacks used to take down sections of the Ukrainian grid twice since late 2015.

Europe is seeing similar probes. Robert Hannigan, former head of the UK's GCHQ, told the BBC that "there is a disproportionate amount of mayhem in cyberspace coming from Russia, from state activity," and that this may be deterred only through retaliation.

NATO has announced that it's providing Ukraine with a range of cyber capabilities to aid that country in the hybrid war Russia is waging against it.

There will be no joint US-Russian effort to shore up cybersecurity. Speculation to that effect lasted slightly less than thirteen hours Sunday, between two of President Trump's tweets that touched on the matter.

Trend Micro warns that a spam campaign pushing the cross-platform remote access Trojan Adwind is in progress.

Several significant bits of industry news are breaking. DarkTrace has raised $75 million for a just-shy-of-unicorn valuation of $825 million. RiskLens has secured $5 million in Series A funding. HyTrust has raised $36 million and acquired DataGravity. Symantec buys Skycure as a mobile security play, and StarHub will fully acquire Accel for SG$26 million.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, China, European Union, India, Israel, Mexico, NATO/OTAN, New Zealand, Oman, Russia, Saudi Arabia, Singapore, Ukraine, United Kingdom, and United States.

On the Podcast

In today's podcast we speak with our partners at Level 3 Communications: Dale Drew talks botnets. Our guest, Ntrepid's Lance Cottrell, discusses ad tracking and Apple's new ad blocking features.

Sponsored Events

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector (BleepingComputer) Last week, the media was abuzz with apocalyptic headlines about how Russian hackers were launching cyber-attacks on the US energy and nuclear sector.

US officials aware of possible hacking at nuclear facilities (Fifth Domain | Cyber) Nuclear and other energy providers have been advised by the Department of Homeland Security and the FBI that hackers may be trying to breach their computer systems.

US Acknowledges Cyber Attack On Kansas Nuclear Power Plant (Silicon UK) The Wolf Creek facility in Kansas was one of at least a dozen energy companies affected by the hacks, but officials say there's no risk to public safety

NUCLEAR: 'Who did it?' zeroes in on Russian hacking (E&E News) A sophisticated group of hackers has targeted U.S. nuclear plants in a wide-ranging hacking campaign since at least May, according to multiple U.S. authorities.

Russia causing mayhem in cyberspace, says former GCHQ chief (The Telegraph) Russia’s cyber subversion is a threat to Britain’s democratic process a former head of GCHQ has warned.

Foreign hackers probe European critical infrastructure networks: sources (Reuters) Cyber attackers are regularly trying to attack data networks connected to critical national infrastructure systems around Europe, according to current and former European government sources with knowledge of the issue.

Security Researchers Find Way To Recover Encrypted NotPetya Files (Silicon UK) Encryption errors mean it may be possible to manually recover files encrypted by the NotPetya malware last month, researchers say

LeakerLocker ransomware threatens to dox Android users as extortion (Graham Cluley) Mobile ransomware known as LeakerLocker threatens to dox Android users with whom it comes into contact as a means of extortion.

Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (TrendLabs Security Intelligence Blog) Adwind/jRAT, a cross-platform remote access Trojan (RAT), can be run on any machine installed with Java, including Windows, Mac OSX, Linux, and Android.

WordPress REST API flaw: How did it lead to widespread attacks? (SearchSecurity) A WordPress REST API vulnerability enabled attackers to deface over 1.5 million sites. Find out how your enterprise can secure its WordPress pages.

An Italian bank’s server was hijacked to mine bitcoin (Quartz) Employees also hid servers under the flooring to secretly mine bitcoin.

BYOD Blamed for Massive Cryptocurrency Breach (eSecurity Planet) 30,000 customers' information was exposed when an employee's home computer was hacked.

How Cryptocurrencies Really Work (Popular Mechanics) The tech behind decentralized money.

EMC products hit by multiple vulnerabilities including SQL injection (SC Media US) Multiple SQL injection flaws in EMC products could allow hackers to gain web access and take information from applications.

Basic Office maldoc analysis (SANS Internet Storm Center) Malicious Office documents come in all type of flavors, sometimes very simple: they contain just an embedded file (for example an EXE), without any script or exploit to automatically launch the embedded file. The user is persuaded through social engineering to extract and execute the embedded file.

Dark Web Hosting Service Hacked, Some Data Was Stolen (BleepingComputer) Deep Hosting — a Dark Web hosting service — admitted yesterday to suffering a major security incident during which "some sites have been exported."

Tendulkar wants your number on Twitter, what do you do? (Naked Security) Indian cricket legend Sachin Tendulkar asked 17m Twitter followers to send him their friends’ phone numbers – good intentions, bad idea!

Jayden K Smith's Facebook friendship request - not a hacker, it's a hoax (Graham Cluley) Another hoax warning spreads quickly on Facebook. Will people ever learn?

Reports: Reliance Jio deals with possible data breach (RCRWireless) Reliance Jio says posted customer data is “unauthentic”, but reports conflict

BRIEF-India's Bengal Tea and Fabrics says co faced cyber attack on June 27 (Reuters) Bengal Tea and Fabrics Ltd

West Hartford Town Website Hacked (Spamfighter) The website of West Hartford town is reported to have been attacked in the morning of July 6; however, according to the authorities, the website's user data wasn't breached. The site named www.westhartfordct.gov continues to be inaccessible; while it is broadcasting a notification stating that it's not possible to reach the site alternatively "www.westhartfordct.gov took too long to respond."

Security Patches, Mitigations, and Software Updates

Google Patches Critical Android Vulnerabilities (Security Intelligence) Google recently disclosed 138 Android vulnerabilities, including media framework issues that could enable attackers to execute arbitrary code remotely.

Kill it! Kill Windows XP now! (Computerworld) Or are you OK with leaving yourself open to something that can kill your business?

Cyber Trends

Why IoT education is necessary to protect yourself from cyber attacks (TechRepublic) An expert panel at the Global Cybersecurity Summit in Kiev, Ukraine, discussed various devices that could be connected in the future, and how they might impact consumers, governments, and industries.

The future of security and the Internet of Identities (IoI) (CSO Online) IoT, mobility, cloud and pressing security needs mean that every node must have a trustworthy identity and a secure path to network services.

Australian Businesses 'Worryingly Underprepared' For Rising Ransomware Threat: Experts (CSO) In recent months the WannaCry and Petya outbreaks have caused widespread disruption and losses for businesses and public-sector bodies

Marketplace

Panel recommends chief cyber security expert for every company board (iTWire) With cyber security top-of-mind after the WannaCry and other attacks, IT governance and board expert Monica Schlesinger says that company boards can n...

Hot UK cyber security startup Darktrace has raised a huge $75m (City A.M.) One of the Uk's hottest startups has millions of pounds in fresh funding, pushing the firm's valuation surging past the half a billion dollars mark.

Exclusive: Cybersecurity Startup Darktrace Worth $825 Million After New Funding (Fortune) The company is one of Britain's top tech startups.

Darktrace Enters into Strategic Partnership with CITIC Telecom CPC (ACN) Darktrace, the leader in Enterprise Immune System technology, has today announced it has entered into a strategic partnership with industry-leading managed security services provider (MSSP) CITIC Telecom CPC, a wholly owned subsidiary of CITIC Telecom International Holdings Limited (SEHK:1883), to bring next-generation cyber defense to businesses across Asia Pacific

HyTrust raises $36M and acquires DataGravity (TechCrunch) Word spread late last week that data visibility and security startup DataGravity had been acquired. At the time, though, it was unclear by whom. Now we know...

RskLens secures S5m Series A equity investment (Marketwired) Consistently recognized for its product innovation leadership, RiskLens helps enterprise security and risk management professionals quantify their information security risk posture

http://www.marketwired.com/press-release/risklens-secures-5m-series-a-equity-investment-2225572.htm (Marketwired) Consistently recognized for its product innovation leadership, RiskLens helps enterprise security and risk management professionals quantify their information security risk posture

Symantec Snaps Up Skycure in Mobile Security Move (Dark Reading) Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.

StarHub to fully acquire cybersecurity company Accel for SG$26m (ZDNet) Accel Systems & Technologies will become a wholly owned subsidiary of StarHub after the carrier acquires the remaining 49 percent stake for a maximum of SG$26.22 million.

Palo Alto Networks Inc (PANW) Stock Could Be Worth $200 (InvestorPlace) Petya ransomware has cost companies hundreds of millions of dollars, and that's big for Palo Alto (PANW) stock, which could hit $200 soon.

Jade split into two companies in major revamp (Stuff) Jade founder Sir Gil Simpson says the amount he was paid for his remaining stake "more like a lolly than the lolly jar".

Canadian Group Company Above Security Re-branded as Hitachi Systems Security (BusinessWire) The company name of Above Security Inc. will be changed to Hitachi Systems Security Inc.

Israel's Check Point Software to ramp up India operations (International Business Times, India Edition) Israel's biggest tech company is looking to push value additions to its worldwide security products and services clients.

India and Israel’s Cyber Security Partnership Could be a Game Changer (The Wire) A partnership can be critical for India to meet its goals in securing its cyber infrastructure and expanding opportunities for the country’s tech sector.

DTRA awards network survivability contract (C4ISRNET) CENTRA Technology has been awarded a $61.7 million Defense Threat Reduction Agency contract to assess vulnerabilities.

How to write an information security analyst job description (CSO Online) A thorough, clear job description will ensure that security analysts stay on the same page with management expectations.

Security Threats Create Talent Challenges, Opportunities (Hunt Scanlon Media) Cybersecurity might well might the greatest challenge facing corporate America today. The threat to reputation, private information and dollars — both from immediate theft and the cost of repairing the damage of a cyber-attack — can be staggering. Yet too few companies have taken adequate measures to protect themselves. No one can deny that it is

SIA Announces Kathleen Carroll of HID Global as Chair of Data Privacy Advisory Board, Craig Sharman of Johnson Controls as Government Relations Committee Chair (Security Industry Association) SIA Announces Kathleen Carroll of HID Global as Chair of Data Privacy Advisory Board, Craig Sharman of Johnson Controls as Government Relations Committee Chair.

IBM names CMO for Watson division (Marketing Dive) Michael Mendenhall assumed the chief marketer title for the artificial intelligence brand as competition in the space heats up.

FireEye Chief Marketing Officer Departs For New Role Outside Security Industry (CRN) Longtime marketing executive Kara Wilson, who has been CMO at FireEye since 2013, has left the security vendor.

SafeStack snags Google, Microsoft cybersecurity experts for new advisory board (Security Brief) New Zealand-based cybersecurity firm SafeStack has signed up major talent to its advisory board to help the company achieve further growth.

Products, Services, and Solutions

Cylance Integrates AI-driven CylancePROTECT Engine into VirusTotal (BusinessWire) Cylance® Inc., the company that revolutionized the antivirus industry with AI-powered prevention that blocks everyday malware along with today&rsq

Cornet Technology, Inc. Announces a Partnership with Redwall Technologies (PRWeb) Cornet Technology, Inc. is pleased to announce that it is collaborating with Redwall Technologies to offer cyber-hardening of Cornet’s defense offerings.

SAP wants to bridge the gap between IoT and business data (TechCrunch) SAP announced a new tool today called the Leonardo IoT Bridge designed to help bridge the gap between data coming from sensors in the field and business..

Waterfall's Unidirectional Security Gateway fortifies the SCADA network (Financial News) Waterfall Security Solutions, a global leader in cybersecurity technologies for critical infrastructure and industrial control systems, has announced the deployment of its Unidirectional Security Gateway together with IBM´s QRadarÂ® Security Intelligence solution at Dorad Energy, the company said.

Tech Billionaires Positioning Themselves for $1 Trillion Cybersecurity Boom (Sys-Con Media) Make no mistake: Your data is under attack and hacker extortionists are getting rich-but this is a war with opportunities on both sides, and for the warriors fighting cybercrime, it's a $200-billion-plus opportunity with endless market potential.

Trend Micro & VMware tie the knot around mobile threat management (Security Brief) Trend Micro has joined VMware’s Mobile Security Alliance this week, as the companies seek to tackle the growing number of mobile security threats.

MasterCard, Dell EMC fight cyberfraud with machine learning (SiliconANGLE) MasterCard, Dell EMC fight cyberfraud with machine learning - SiliconANGLE

Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud (Motherboard) 1Password is moving away from its one-time license, local storage option, and security researchers are not happy about it.

Technologies, Techniques, and Standards

GIAC Launches New Certification for GIAC Response and Industrial Defense, GRID (IT Business Net) GIAC, the leading provider and developer of Cyber Security Certifications, has launched a new certification for GIAC Response and Industrial Defense (GRID).

How Vulnerable Are Texas Voter Rolls To Cyber Attack? | Houston Public Media (Houston Public Media) We discuss cyber security and its role in our election process and learn what one county clerk is doing to ensure that security.

Getting the most out of your SIEM investment (Help Net Security) What can you do to get the most from your SIEM investment? Innovations in security automation technologies can definitely help.

How Code Vulnerabilities Can Lead to Bad Accidents (Dark Reading) The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.

Jim Koenig on Law Firm Hacks and How to Prevent Them (Bloomberg BNA) Jim Koenig thinks that law firms need to adopt comprehensive information security programs and train their employees to become better versed in handling the fallout of a cyber attack. Perhaps there’s no clearer reminder of this than last month’s global malware attack, which, along with a number of global companies, hit DLA Piper and forced the...

The Men Behind the Infamous Fake North Korean Twitter Account (The Daily Beast) The DPRK News Service is not actually the DPRK’s news service—but it’s the closest peek behind the curtain we may get.

Design and Innovation

The case for the software-defined battlefield (C4ISRNET) After more than 15 years of nearly constant deployments, the U.S. military’s balancing act between modernization and readiness is reaching a tipping point.

Google Is Testing A "Panic Button" in Android So Users Can Close Malicious Apps (BleepingComputer) Starting with Android 7.1, Google has added a so-called "panic button" behavior in its mobile operating system, so users can immediately shut down any app they suspect of being infected with malware.

Quantum Computers vs Bitcoin – How Worried Should We Be? (The Merkle) One of the greatest computer innovations everyone seems to be eyeing lately is Quantum Computing. In essence, quantum computing exploits quantum mechanics to perform computational tasks far quicker t

Research and Development

Galois Awarded $2.7 Million Navy Contract To Develop New Cyber Resilience Capability (PRWeb) Project award by Office of Naval Research (ONR) will focus on protecting real-time and embedded military software systems by making them resilient to attack

Global Cybersecurity Firm BioCatch Granted Breakthrough Patent for Detecting Remote Access, Among the Most Persistent Cyber Threats Today (BioCatch) Latest grant extends the company's intellectual property portfolio to 23 granted patents and 25 more pending.

Google, IBM look to mimic the human brain (Network World) Two projects—one from Google and one from IBM and the U.S. Air Force—propose building neural computers that provide more power and consume less energy than supercomputers.

Academia

UCI cybersecurity group launches initiatives to combat cyber threats (EurekAlert!) New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat one of our greatest security challenges: vulnerabilities and attacks in cyberspace.

Legislation, Policy and Regulation

NATO: We're supplying new cybersecurity equipment to Ukraine (Fifth Domain | Cyber) NATO's secretary-general says the 29-member alliance is supplying hardware to the Ukrainian government to help protect its government networks from cyberattacks.

NATO Chief Calls On Russia To Remove 'Thousands Of Troops' From Ukraine (RadioFreeEurope/RadioLiberty) NATO Secretary-General Jens Stoltenberg has affirmed the alliance's "unwavering support" for Ukraine's territorial integrity and has called on Russia to remove its "thousands of soldiers from Ukraine and stop supporting the militants with command-and-control and military equipment."

Cybersecurity Debate on the Agenda at the G20 (Panda Security Mediacenter) At a time when cyberwarfare has more presence than ever in meetings like the G20, governments are still far from making broad cybersecurity agreements.

What Trump’s Cybersecurity Flip-Flop Reveals (The Atlantic) Days after announcing an agreement with Russia on cybersecurity, the president declared it dead. Meanwhile, his government has taken no action to safeguard U.S. elections.

Trump's 'Impenetrable' Cyber Unit That Never Was (NPR.org) President Trump may have saved himself and the government a lot of trouble by pulling the plug on a joint cyber unit with Russia before work got seriously underway.

In first substantive comment on talks with Putin, Trump says he 'pressed' Russian leader on meddling (Los Angeles Times) President Trump says he “strongly pressed” Russian President Vladimir Putin over interference in last year’s U.S. election, but he did ...

Trump's cyber tweets cause dismay, confusion (POLITICO) Twelve hours apart, a pair of tweets about Russia get everyone talking.

It's Time to Get Real about Russia (National Review) The U.S. should not collaborate with the Russians on cyber-security, and its interests are not identical in Syria ...

Does Trump have a point about Obama and Russia? (POLITICO) Tom Donilon, former national security adviser, says ‘no doubt about it’ Obama should have done more about Russia hacking of 2016 election.

Dem seeks to block funding for cyber effort with Russia (TheHill) Rep. Don Beyer proposed blocking the funding in a key defense policy bill.

Granting NSA permanent bulk surveillance authority would be a mistake (TheHill) OPINION | The Section 702 provision authorizing bulk surveillance will expire this year unless Congress takes action.

Intelligence Professionals Learning to Speak Trump’s Language (Foreign Policy) Spies are adapting to a president with a short attention span.

Former GCHQ chief: End-to-end encryption is an “overwhelmingly good thing” (Alphr) The former head of GCHQ has spoken about the importance of end-to-end encryption, saying backdoors are a “threat to everybody”

Government Warms to Continuous Monitoring of Personnel With Clearances (Defense One) Software that scours public records for potential red flags gains traction as officials wrestle with a serious security clearance backlog.

A new approach to federal cybersecurity, 2 years after the OPM breach (FederalNewsRadio.com) John Chirhart, the federal technical director of Tenable, argues for a fundamental change in the way agencies approach cybersecurity for the long-term.

Ukraine’s priority task is to reform security and defense field – Poroshenko (Ukrinform News) The priority task of Ukraine at the current stage of cooperation with NATO is reforming and strengthening of the country's defense capability.

China’s mobile operators are reportedly being told to ban all use of VPNs (TechCrunch) China's latest move to crackdown on VPN software that enables people to circumvent its internet censorship system appears to be a very worrying one...

Proposed Cyber Security Bill: Experts hail proposals but some concerned about cost (The Straits Times) Security vendors, lawyers and operators of essential services laud steps taken by the Singapore Government to protect the continuity of essential services such as telecommunications, banking and healthcare with the release of a draft Cyber Security Bill yesterday...

Belligerent Saudis made the wrong choice in sidelining Qatar (Alaraby) Comment: Bullying Qatar with the rhetoric of anti-terrorism is...

Trump picks low-key director to lead FBI through tumultuous times (Federal Times) The attorney selected to replace James Comey as FBI director is described by those close to him as admirably low-key, yet he'd be taking over the law enforcement agency at a moment that's anything but tranquil.

The Marine Corps starts its first cyberwarfare expeditionary group (Marine Corps Times) The Marines Corps takes cyberspace.

Litigation, Investigation, and Enforcement

FBI: US soldier pledged allegiance to Islamic State group (Army Times) An active duty soldier based in Hawaii pledged his allegiance to the Islamic State group, helped purchase a drone for it to use against American forces and said he wanted to use his rifle to "kill a bunch of people," according to an FBI affidavit.

Interview: Its 'Aura' Dented By Lost Foothold, Islamic State Still Poses Threat (RadioFreeEurope/RadioLiberty) Some three years after its fighters stunned the world by seizing vast swaths of territory in Syria and Iraq, IS is on the run. But experts warn that the radical Sunni group is decidedly not defeated.

Ex-CIA officer accused of spying for China denied bail (South China Morning Post) Kevin Mallory was in possession of documents that could have compromised human intelligence sources, court hears

Spyware Sold to Mexican Government Targeted International Officials (New York Times) Investigators looking for 43 students who vanished after clashing with the police say the spying took place during a campaign to block them from solving the case.

Spyware Sold to Mexican Government Was Used to Target Experts Investigating Missing Students (Foreign Policy) The spyware is meant to track terrorists, but Mexico apparently turned it on journalists, activists and others.

Reckless III: Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware (The Citizen Lab) The international investigation into the 2014 Iguala Mass Disappearance was targeted with infection attempts using spyware developed by the NSO group

Senators want answers on risk of nuclear power plant hacks (CNET) Sen. Ed Markey is one of the lawmakers pressing agencies for info on potential cyberattacks.

Congress Unnerved by Energy Grid Hack (Roll Call) The recent hack of the energy grid is attracting the attention of Congress, including members who have been warning about such an event.

Comey’s private memos on Trump conversations contained classified material (TheHill) More than half of the memos former FBI Director James Comey wrote as personal recollections of his conversations with President Trump about the Russia investigation have been determined to contain classified information, according to interviews with officials familiar with the documents.

Rachel Maddow’s Exclusive “Scoop” About a Fake NSA Document Raises Several Key Questions (The Intercept) There is no reason to believe someone obtained The Intercept’s NSA document prior to publication, and every reason to believe they did not.

Trump Jr. Was Told in Email of Russian Effort to Aid Campaign (New York Times) The president’s son was told in an email that the Russian government wanted to help Donald J. Trump’s election bid last year.

AT&T, Verizon, Other Telco Providers Lag Behind Tech Industry in Protecting Users from Government Overreach, EFF Annual Survey Shows (Common Dreams) While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an EFF annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.

FTC slaps $104m judgment on loan application firm (Naked Security) Blue Global wasn’t a loan company, didn’t safeguard data and sold leads to third parties for $200 each

When ex-workers attack (again): man used Trojan to cause havoc (Naked Security) Former staffer used a remote Trojan to trash client databases, steal credit cards and masquerade as another employee to make allegations about the company

Volunteers Are Helping Europol Geo-Locate Child Abuse Images (Motherboard) In June, the European Union's law enforcement agency launched a crowdsourcing project to identify items in child abuse images. Online sleuths have already matched plenty of localized objects.

Elderly Aussie Man Charged for Part in Ransomware Tech Support Scam (Infosecurity Magazine) Elderly Aussie Man Charged for Part in Ransomware Tech Support Scam. The 75-year-old is alleged to have set up three fake companies to launder money

Smart home device calls cops during domestic dispute (CSO Online) A smart device is being credited for potentially saving a life when it misheard what was said, took it as a command and called the cops.

The Former CEO of Mt. Gox Is Going to Trial for Allegedly Embezzling Bitcoins (Motherboard) The trial may close a notorious chapter in bitcoin’s history.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security R&D Showcase (Washington, DC, USA, July 11 - 13, 2017) This is not your average government conference. It is the federal government’s largest cybersecurity R&D event, featuring presentations of 115 cutting-edge cybersecurity R&D projects.

upcoming Events

East Midlands Cyber Security Conference and Expo (Leicester, England, UK, July 11, 2017) The conference and expo will bring together over 150 businesses, information security providers and key influencers to discuss the threats posed by online criminals and the practical ways in which business make themselves more resilient to cybercrime. Core themes will include: the evolving cyber threat; cyber resilience in the supply chain; and essential cyber skills.

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

The attempt on the US energy sector seems to have been phishing (it's also been seen in Europe). NATO provides cyber support to Ukraine, and there will be no joint US-Russian cybersecurity initiative. Adwind RAT is out in the wild, again. Industry developments.