The CyberWire Daily Briefing 7.12.17

Summary

By The CyberWire Staff

The new Kremlinological subdiscipline of threat-actor tracking yields (in WIRED) a scorecard of infrastructure hacking suspects: Havex-purveyor Energetic Bear, Sandworm (Fancy Bear's GRU cousin), and Palmetto Fusion.

Yesterday was (still) patch Tuesday, and both Microsoft and Adobe issued security updates for their products. Microsoft's fifty-five security fixes included patches to two vulnerabilities Preempt Security found in Microsoft's NT LAN Manager (NTLM). Experts advise users of NTLM to address these issues as soon as possible. Adobe's patches addressed Flash Player (one fixed a remote-code execution bug) and Adobe Connect for Windows.

"After review and careful consideration," the US General Services Administration has removed Kaspersky from Schedule 70 (IT) and Schedule 67 (Photographic Equipment and Related Supplies and Services). It's not, as some have reported, an outright ban, and there's no statement on the GSA site that connects the removal with allegations that Kaspersky's in bed with Russia's FSB, but that's how the general media are treating the matter. Agencies will remain free to hire Kaspersky under other contract vehicles, but the action does remove an easy avenue for the company to sell into the Federal Government. Kaspersky denounces the Bloomberg story about the company's alleged connection to FSB as a politically motivated hack job. Congressional interest in restricting Kaspersky continues unabated, and some observers see the GSA action as a Trump administration shot across Russia's bow.

Investigation of election influence operations continues in the US: Donald Trump Jr.'s campaign season email exchanges with Russian sources of opposition research receive foreseeable scrutiny.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Germany, India, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Nigeria, Qatar, Russia, Switzerland, Syria, United Kingdom, and United States.

A note to our readers: two Cylance videos, prepared in partnership with the CyberWire, are now up and available for viewing. The first is an interview with Thom Landford on the very notion of risk; the second is a discussion of security incident preparedness with Piero DePaoli. And Recorded Future's latest threat intelligence podcast, WannaCry about NotPetya, also produced in partnership with the CyberWire, is up, too.

On the Podcast

In today's podcast, Jonathan Katz from our partners at the University of Maryland discusses a potential crack of 1024-bit RSA Encryption. Our guest, Jennie Kam, security researcher at Cisco, talks about her online panel for DEFCON first timers.

Sponsored Events

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

A Brief Tour of Russia's Infrastructure Hacking Teams (WIRED) Which of Russia's hacking groups is targeting American energy utilities?

The Big Dark: Motive, not Means, is what holds back a Crippling Grid Hack (The Security Ledger) In-brief: A crippling cyber attack that could damage and destroy equipment needed to keep the lights on in major US cities is already possible. The only thing that’s lacking is a motive to ca…

Cybersecurity expert fights for realism (TheHill) Robert M. Lee thinks we should start taking infrastructure cybersecurity seriously.

Industrial Cybersecurity Explosion (Automation World) The prevalence of malware impacting manufacturers is getting increasingly difficult to downplay or ignore.

Firms that didn’t patch and enabled local admin rights continue to suffer post cyber-attack (Bitdefender Business Insights) Firms that didn’t patch and enabled local admin rights continue to suffer post cyber-attack

Threat spotlight: Petya-like ransomware is a nasty wiper (Cylance) Since being released on June 27th, the Cylance Threat Guidance team have been analyzing the Petya-like ransomware that was highly effective in targeting organizations around the world.

WannaCry About NotPetya? (Recorded Future) In this episode, we’ll talk about what the WannaCry and NotPetya attacks mean for the future — do they represent harbingers of the “big one” we all fear?

Cyber attacks on S. Korean military, ATMs connected: Kaspersky Lab (India.com) The cyberespionage attack on South Korea's defence agency and the malware that stole data from over 2,000 financial cards by compromising 60 ATMs in the country were connected, Russian cybersecurity firm Kaspersky Lab said on Tuesday.

Preempt Uncovers Vulnerabilities in Microsoft Windows’ NTLM Security Protocol (Preempt) Preempt, pioneer of the industry’s first behavioral firewall, today announced its research team has uncovered two vulnerabilities within the Microsoft Windows NT LAN Manager (NTLM) security protocols.

New LDAP & RDP Relay Vulnerabilities in NTLM (Preempt Blog) Preempt researchers discovered two vulnerabilities with NTLM security protocols These vulnerabilities can result in domain compromise, credential compromise and risk of password cracking

Is Baghdadi Dead? For ISIS, it May Not Matter (US News and World Report) Renewed Russian claims that it killed the elusive leader face skepticism from the U.S. and scrutiny among analysts.

What Comes After ISIS? (Foreign Policy) The jihadi group's defeat in Mosul and Raqqa is about to usher in a new era — and new conflicts — across the Middle East.

More than 100m records potentially lost in huge telecoms breach (Naked Security) India’s newest telecoms provider denies that subscriber records posted online were authentic, but users claim the data is real

MTN: Our employees weren't involved in fraudulent transactions (TheCable) Telecommunications giant MTN has denied the reports that some of its employees were involved in a syndicated crime resulting in fraudulent bank transactions

Fintech Cyber Security: The Hidden Risks of Digital Financial Services (Chipin Crowdfunding) These fast technology adopters are disrupting traditional financial services and their delivery. Circumventing regulation is part of their cost advantage

Cyber Weapon of War That Fits in Your Pocket (Recorded Future) Katyusha Scanner allows criminals to initiate large-scale penetration attacks against a massive number of targeted websites using only their smartphones.

3 New Ways That Criminals Are Making Money Off Your Stolen Data (Inc.com) Faked DocuSign emails and credential stuffing are among the variety of new attacks.

How Magecart attackers monetize stolen payment card info (Help Net Security) The Magecart campaign is still going strong, and researchers have pinpointed another way threat actors behind it monetize stolen payment card info.

Two-factor via your mobile phone – should you stop using it? (Naked Security) Although SIM cards themselves are very secure, it’s annoyingly easy for a crook to get hold of one for your number

Breach Transparency Kudos to Hacked Kiosk Maker (BankInfo Security) Kudos to the breached business - in this case, kiosk manufacturer Avanti Markets - that quickly alerts victims and gives them actionable information for protecting themselves. Unfortunately, not all breached businesses are so forthright...

Trump Hotels customers hit by credit-card stealing hackers. Again. (HOTforSecurity) Donald Trump may know more about hacking than he's letting on. That's because it has been revealed that the US president's family-run hotel business has once again been hit by hackers...

Pranksters keep hacking UK radio station to play 'I'm a w**ker' comedy song (International Business Times UK) 'It might be increasing our audience,' said radio boss as hacker takes over broadcasts.

Security Patches, Mitigations, and Software Updates

Adobe, Microsoft Push Critical Security Fixes (KrebsOnSecurity) It’s Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe’s got a new version of its Flash Player available that addresses at least three vulnerabilities.

Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks (Threatpost) Microsoft today addressed two NTLM-related vulnerabilities privately disclosed by Preempt Security. The flaws allow for credential relay attacks.

Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update (Threatpost) Adobe only fixed six vulnerabilities in two products, making it the company’s smallest security bulletin of the year.

Microsoft's July Patch Tuesday Fixes 55 Security Issues (BleepingComputer) Microsoft has released updates today for the Windows 10 operating system, as well as for other of the company's products, updates that fix 55 security issues ranging from remote code execution to simple spoofing attacks.

Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking (Threatpost) Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions.

Cyber Trends

IT Leaders Still Believe Perimeter Security Will Keep Hackers Out (Infosecurity Magazine) IT Leaders Still Believe Perimeter Security Will Keep Hackers Out. Gemalto reveals “head-in-the-sand” remains a favorite posture for many

Gemalto releases findings of 2016 Breach Level Index (Gemalto) Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

It’s here: The 2017 WhiteHat Security Application Security Statistics Report (WhiteHat Security) WhiteHat's Annual Application Security Statistics Report provides valuable insights and recommendations on how to secure the apps that drive your business.

Attack Detection in the Expanding Digital Enterprise (CyberadAPT) The need for speed: faster detection requires a new type of platform.

Event-driven architecture to become essential skill (Help Net Security) Event-driven architecture (EDA) is a key technology approach to delivering on the growth agenda that many CEOs see as their highest business priority.

Kaspersky Lab Survey: One-in-Four Hide Cybersecurity Incidents From Their Employers (BusinessWire) Kaspersky Lab announced a new report from Kaspersky Lab and B2B International, "Human Factor in IT Security: How Employees are Making Businesses...

Industrial firms billed $500,000 a year from cyber breaches (The National) Kaspersky Labs' new report shows more than half industrial firms faced up to five cyber attacks over 12 months

ESG Research Highlights Growing Cybersecurity Operational Challenges Despite Increase in Spending (BusinessWire) ThreatQuotient™ today unveiled research results from Enterprise Strategy Group’s (ESG) 2017 Next-Generation Analytics and Operations Study

Hospitals Brace for Cyber Attack (Handelsblatt Global Edition) Two out of three German hospitals have already been the victims of cyber crime, according to a new study.

UK organisations risk penalties by ignoring upcoming GDPR (Computing) Research by Sharp suggests that almost one quarter of employees store data in public cloud services without permission

UK's SMEs aren't considering the aftermath of cyber-attacks (IT Pro Portal) Securing work operations is all well and good, but what if security measures fail?

Marketplace

Edgewise Networks Emerges from Stealth to Protect Where Firewalls Fail with Introduction of Trusted Application Networking (BusinessWire) Edgewise Networks, the first provider of Trusted Application Networking to secure the modern data center and cloud, emerges today from stealth.

Launch Announcement (Edgewise) Welcome to Edgewise Networks! A message from our founders.

Lastline Secures $28.5M in Latest Funding Round Led by Thomvest Ventures (BusinessWire) Lastline, Inc., the leader in advanced malware protection, today announced it has secured $28.5 million in its latest round of funding led by Thomvest

()

11 Ways Palo Alto Networks Is Changing The Game For Partners (CRN) Ron Myers, senior vice president of worldwide channels, and Karl Soderlund, newly appointed vice president, Americas channels, speak with CRN about helping partners win in competitive situations and the 'temendous opportunity' for partner-led services.

Better Buy: Palo Alto Networks Inc. vs. FireEye (The Motley Fool) Both data security upstarts are in the midst of sweeping changes, and their recent share-price performance doesn't tell the whole story.

3 Growth Stocks for Shrewd Investors (The Motley Fool) Thinking outside the box can pay big dividends for shrewd investors willing and able to look past the fanfare for hidden gems.

This Computer Security Firm Scored More Funding and Data Security Smarts (Fortune) Data Gravity had cool tech, not enough revenue.

CrowdStrike Helped Trace The DNC Hack To Russia -- Now Business Is Booming (Forbes) When the Democratic National Committee suspected it had suffered a cyberattack in 2016, it turned to George Kurtz to figure out what went wrong. Kurtz and his firm, CrowdStrike, examined the DNC's networks and discovered that the organization had fallen victim to hackers affiliated with the Russian government.

Chubb creates global cyber unit under Bill Stewart (Insurance Insider) Chubb is setting up a standalone cyber division under commercial cyber risk specialist Bill Stewart, who will lead its global practice in the segment across property and casualty (P&C) lines.

Cyxtera Appoints Brigadier General Greg Touhill as President of Newly Formed Federal Division (PRNewswire) Cyxtera Technologies, the secure infrastructure company, today...

Leading Cyber Security Software Architect, Bill Easton, Joins Verve Industrial Protection as Chief Technical Officer (PRNewswire) Verve Industrial Protection is pleased to announce the...

Microsoft CIO Jim DuBois leaves as the company restructures (Computing) DuBois rose up through the ranks at Microsoft over more than two decades

Arxan Strengthens Executive Team with New CFO and SVP of Global Customer Success (Arxan) Industry veterans join leader in application protection solutions to support record-breaking growth as it surpasses protecting over 1 billion apps San Francisco, CA – July 11, 2017 – Arxan Technologies, the trusted leader for application protection solutions, today announced the appointment of Dick Davidson as CFO and Dennis Reno as SVP of global customer success. Following... Read more »

Imperva Shifts Executive Technical Bench with Creation of Chief Scientist Position (BusinessWire) Imperva chief product strategist, Terry Ray, named chief technology officer (CTO) and former CTO, Amichai Shulman named chief scientist

Bitglass Names Senior Product and Marketing Executive Rich Campagna Next CEO (Marketwired) Cybersecurity standout builds on success with new leadership

Products, Services, and Solutions

Group-IB and EclecticIQ partner to deliver top-quality cyber threat intelligence on Russian-language hackers (EclecticIQ) Group-IB, a global leader in high-grade threat intelligence and best-in-class anti-fraud solutions, and EclecticIQ, the leading vendor of products and services dedicated to augmenting threat analysts’ capabilities, today announced a partnership to integrate Group-IB’s unique data on Russian-language hackers into EclecticIQ Platform.

Core Security Introduces New Flexible Pricing for Core Impact (Core Security) Core Security, a leader in Vulnerability, Access Risk Management...

Webroot Announces General Availability (Webroot) Advanced machine learning-based technology detects zero-day, polymorphic, and highly targeted malware...

Cymulate Helps Businesses Strengthen Cyber Defenses with New Breach and Attack Simulation Technology for Security System Testing (KEYC News 12) New launch exposes hidden vulnerabilities, assesses readiness to fight cyber attacks

Arxan Now Protecting More Than 1 Billion Apps (Arxan) Corporate growth driven by enterprise solutions, executive hires, product innovation and industry recognition San Francisco, CA – July 11, 2017 – Arxan Technologies, the trusted leader for application protection solutions, today announced milestones from the first half of 2017, illustrating exceptional growth and leadership in the mobile application security market. Through accelerated product innovation and... Read more »

Marubeni IT Solutions Selects Secdo's Incident Response Solution (PRNewswire) Secdo, provider of automated incident response solutions announced today that...

FairWarning® Announces Record Growth of Cloud Security Offering (PRNewswire) FairWarning® announced today that the company's cloud security...

Zentera Systems to Showcase CoIP Cloud-Ready Enclave at IoT Evolution Expo 2017 (PRNewswire) Zentera Systems, Inc., the leader in infrastructure security for the...

New Forcepoint Cloud Security, NGFW and Cross Domain Solutions Enhance Government IT Modernization and Security Capabilities (PRNewswire) Global cybersecurity leader Forcepoint today announced new enhancements...

KnectIQ and U of IL Enter Agreement to Enhance Marketplace Cybersecurity (PRWeb) KnectIQ's next generation secure authentication technology creates "Trusted Environments" by protecting computing devices and the Internet of Things.

ISO Launches Cyber Insurance Program with Enhanced Rating and Coverage Options (NASDAQ) ISO has launched a cyber insurance program with enhanced rating variables and coverage options designed to help insurers respond to the rapidly changing world of cyber risk. ISO is a Verisk Analytics (Nasdaq:VRSK) business.

Tanium Improves EDR With Threat Response Security Platform (eWEEK) Tanium updates its endpoint detection and response capabilities with a new offering that combines multiple security features to help rapidly find and deal with issues.

Akamai Delivers Cloud-Based Security, Powered by Smart Algorithms, To Thwart DNS, Malware Attacks (Integration Developer News) Akamai Technologies, well known for high-performance content delivery over the Internet, is leveraging that knowledge to deliver a high-impact security service from the cloud. IDN talks with Akamai’s Frank Childs to learn how its Enterprise Threat Protector thwarts DNS, malware and bot attacks.

Bitdefender unveils 2018 edition of Total Security, Internet Security, Family Pack, Antivirus Plus (Windows Report - Windows 10 and Microsoft News, How-to Tips) BitDefender's latest suite of products aim at providing ransomware protection, malware protection and other security tools that will help users stay safe from both online and offline threats.

Zenedge and Internet2 Team up for DDoS Mitigation; Benefits Extended to Thousands of Institutions Across the U.S. Research and Education Community (PRNewswire) Zenedge, a leading provider of cloud-based, artificial intelligence...

Lieberman Software Helps Utilities Meet NERC Critical Infrastructure Protection (CIP) Standards (Marketwired) Lieberman RED Suite provides essential cybersecurity access controls and mitigations to help achieve NERC CIP compliance

Men & Mice xDNS Redundancy Revolutionizes DNS Management Across Multiple Service Provider Platforms (IT News Online) Men & Mice, experts in software overlay DNS, DHCP and IP Address Management (DDI), announces the release of Men & Mice xDNS Redundancy, a revolutionary approach to maintaining DNS high availability.

Technologies, Techniques, and Standards

Thom Langford Digs Into the Notion of Risk (Cylance) Security luminary Thom Langford digs into the notion of risk and its impact on the security decisions organizations have to make.

Piero DePaoli on Security Incident Preparedness (Cylance) Piero DePaoli discusses the virtues of having a plan in place to react once a negative security event has happened.

What will it take to improve the ICS patch process? (Help Net Security) Here are some ideas on how to evolve the ICS patch process to better match the real-world needs of Operational Technology organizations.

4 ways to protect your agency’s site from DDoS attacks [Commentary] (Fifth Domain | Cyber) DDoS attacks are important not because of their size. Rather, they are damaging due to the nature of the attack, which targets the underlying fabric of websites and ties up resources or pulls information from the database powering sites.

4 tips to make use of Wannacry in awareness programs (CSO Online) When security events make news, you can take advantage of the wake-up call — if you know what to do.

Design and Innovation

FDD and CPRI Research Blockchain For Supply Chain Protection (ETHNews.com) The Foundation for Defense of Democracies and The Cybersecurity Policy and Research Institute investigate blockchain solutions to supply chain problems.

Defending Borders with Blockchain: Former Cheney Advisor Calls for Action (CoinDesk) A new report from the Foundation for Defense of Democracies details how blockchain could be used to protect government supply chains.

Research and Development

Army rapid prototyping office wants EW, PNT solutions (C4ISRNET) Among a series of questions these EW solutions should be able to answer, the Army is interested if a potential solution can use machine learning and artificial intelligence to assist in understanding local electromagnetic spectrum usage and the performance of command and control of available EW assets.

AI will solve the challenge of unstructured data, says IBM (Computing) Text, images and voice are difficult for computers to process - but artificial intelligence is making contextual understanding a possibility

Academia

UCI Cybersecurity Policy & Research Institute Launches Initiatives to Combat Cyber Threats (Newswise) New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat one of our greatest security challenges: vulnerabilities and attacks in cyberspace.

Legislation, Policy and Regulation

Trump and Putin's Meeting of the Minds (Foreign Affairs) Putin wants to win acceptance as a major player at the international table. And that's what Trump gave him at the G-20 summit.

US signs anti-terror agreement with Qatar (Dawn) The agreement is aimed to shore up Qatar's counter-terrorism efforts.

Net Neutrality Activists Launch Massive ‘Day of Action’ to Protest Trump’s FCC (Motherboard) An online show of force opposing the FCC’s plan to dismantle net neutrality protections.

IoT cybersecurity a hot topic for White House adviser (FCW) A White House cybersecurity adviser warns on the interconnected ecosystem of the internet of things.

Litigation, Investigation, and Enforcement

Kaspersky Lab Has Been Working With Russian Intelligence (Bloomberg.com) Emails show the software-security maker developed products for the FSB and accompanied agents on raids.

Kaspersky Lab response clarifying the inaccurate statements published in a Bloomberg Businessweek article on July 11, 2017 (Kaspersky Lab) “Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.

Kaspersky Lab denies leaked emails prove it worked with Russia's FSB (CSO Online) Bloomberg says leaked emails prove Kaspersky Lab has closer ties to Russia than the cybersecurity firm has acknowledged. Kaspersky claims that is not true.

Trump administration considering governmentwide ban on popular Russian software (ABC News) A final decision could be made in the coming days.

The Trump administration just fired back at Russia (Business Insider) The Trump administration is weighing whether to blacklist Kaspersky Labs, a popular Russian cybersecurity firm that may pose a threat.

US government backing away from Russia-based Kaspersky Labs (Fifth Domain | Cyber) The fate of Kaspersky Labs within the U.S. government appears to be in a death spiral as fresh reports seem to link the Russian cybersecurity company directly to Russian government intelligence and security agencies, a long founded claim disavowed by the company’s chief.

How Worried Should We Really Be About Security Firm Kaspersky Lab’s Ties to Russia? (Slate Magazine) It’s possible that Kaspersky is busy selling out all of its customers to the Russian government—but the evidence isn't there yet. At least not publicly.

Russian Hysteria Now Threatens to Undermine U.S. Cybersecurity (LifeZette) Now that hysterical anti-Trumpers have failed to prove collusion between Putin and the president, they are going after anything that breathes Russian air. Unfortunately, the crazed behavior has extended to include members of Congress.

Fake news could prove vexing in Mueller probe (POLITICO) The special counsel faces the challenge of showing Trump’s aides colluded with the Russia-linked Twitter bots and Facebook trolls.

Donald Trump Jr. Hires Lawyer and Pledges to Work With Congress (Wall Street Journal) President Donald Trump’s eldest son retained a private attorney on Monday and said he would work with congressional investigators who have sought his testimony as part of ongoing probes into whether the president’s campaign colluded with Moscow to influence the election.

Russian Dirt on Clinton? ‘I Love It,’ Donald Trump Jr. Said (New York Times) Email exchanges reviewed by The Times offer a detailed unspooling of how an eager Donald Trump Jr. came to meet with a Kremlin-connected lawyer.

Congressional Democrats say Donald Trump Jr.'s emails show collusion and treason (Washington Examiner) 'If this isn't treasonous, I'm not sure what is.'

In Donald Trump Jr.'s Emails, Intent Matters More Than Intel (WIRED) The conservative defense of Donald Trump Jr. misses the point.

The Wall Begins to Crumble: Notes on Collusion (Foreign Policy) Donald Trump Jr.’s meeting with a Russian lawyer is looking fishier and fishier.

China Breakthroughs: Cyber Space Court ushers in 'digital justice' (CCTV) A new era of justice is emerging. China's courts are transforming into a hub for hi-tech innovations while the nation faces an increasing number of internet-related cases entering the judicial system.

“Gates Procedures,” dating to 1992, Released For First Time, Govern Congressional Identity Information (IC on the Record) In carrying out their national security mission, Intelligence Community elements may, on occasion, incidentally acquire intelligence information concerning a Member of Congress or congressional staff such as when a surveillance target makes mention of a Member of Congress in a communication.

ATO will continue to use Cellebrite tools (ZDNet) The Australian Taxation Office has not stepped back from its use of phone cracking tools, saying it will continue to use Cellebrite forensic software.

FBI didn’t need warrant for stingray in attempted murder case, DOJ says (Ars Technica) Prosecutors: “signals emitted from a phone are… not by their nature private.”

Your gadget could save your life: smart device phones police (Naked Security) We write a lot about the privacy issues of connected things in your home – but one device might have saved lives

Owner of The Intercept assisting accused NSA leaker’s legal defense (Atlanta Journal Constitution) Owner of The Intercept assisting accused NSA leaker’s legal defense

Events that led to arrest of Army soldier on terrorism charges (Army Times) After years of red flags and reprimands by the U.S. Army, the FBI took an active-duty soldier into custody on terrorism charges over the weekend. The yearlong federal investigation that led to his arrest involved multiple undercover agents and confidential informants. Sgt. 1st Class Ikaika Kang made an initial appearance Monday in federal court.

Man Pleads Guilty to Manipulating Lottery Winning Tickets via Hacked Computer (BleepingComputer) Eddie Tipton, 54, admitted to creating malware in the form of a DLL file, which he loaded on the secure computers of the Multi-State Lottery Association (MSLA), a company that runs lotteries in 33 states, but also in the District of Columbia, Puerto Rico and the U.S. Virgin Islands.

Australian Man Arrested for Helping Group of Tech Support & Ransomware Operators (BleepingComputer) Australian police have arrested a man from the city of Mackay on allegations of laundering money for the operators of a tech support and ransomware scheme.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Kremlinology goes cyber. Patch Tuesday notes. GSA dumps Kaspersky Lab from Schedules 70 and 67. Election influence investigations turn to Donald Trump Jr. emails.