The CyberWire Daily Briefing 7.13.17

Summary

By The CyberWire Staff

US Energy Secretary Perry says the threat to power plants (nuclear and otherwise) is real, and that Government and industry are working to address it. Recent probes have been ascribed to Russian threat actors.

Booz Allen has published research that suggests NotPetya may have been in large part misdirection. Researchers think they've discovered evidence that Telebots (a.k.a. Sandworm, that is, most believe, Russia's GRU) used the destructive campaign to conceal traces of long-running, widespread cyber espionage against a large number of targets.

Influence operations, phishing of critical infrastructure, and broad malware campaigns may well be motivated by a common goal, according to Darktrace: fostering general mistrust of otherwise trusted institutions and practices.

Verizon has sustained a major data breach: some 14 million subscriber records are affected, including sensitive credentials. It appears to be a third-party breach: the data were exposed on an unprotected Amazon S3 server controlled by Nice Systems, a Verizon vendor. People who called customer services over the past six months are affected.

Emsisoft has released a decryptor for NemucodAES ransomware.

In industry news, social media security shop ZeroFox picks up $40 million in Series C funding. Deep Instinct raises $32 million (much from Nvidia). OwnBackup raises $7.5 million in Series B. And Cisco announces its acquisition of Observable Networks.

A Carbon Black survey says one in four Americans would consider not voting because they're concerned about cyber threats. Given that about two in four aren't voting in any case, maybe not voting is what philosophers call "overdetermined."

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bahrain, Belgium, China, Congo, Egypt, Estonia, European Union, Ireland, Kenya, Lithuania, Mauritius, Qatar, Romania, Russia, Rwanda, Samoa, Saudi Arabia, Tajikistan, United Arab Emirates, United Kingdom, United States, Yemen, and and Zimbabwe.

On the Podcast

In today's podcast we hear from our partners at Webroot, as David Dufour discusses homoglyph attacks. Our guest will be Thomas Jones from Bay Dynamics. He talks about the requirement for US Federal agencies to submit a Framework Implementation Action Plan as well as a set of metrics that will show how they're protecting their most valuable information assets from cyber-attacks and breaches. (This requirement is a part of President Trump’s recently signed cybersecurity Executive Order. The deadline is tomorrow, July 14, 2017).

Sponsored Events

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Perry: Hacking threat to US nuclear reactors 'real,' ongoing (Fifth Domain | Cyber) Energy Secretary Rick Perry said Tuesday that "state-sponsored" or criminal hackers are targeting U.S. nuclear power plants and other energy providers, but said the government has resources to safeguard the nation's electric grid.

Was Petya a Cover-Up for Prior Attacks? (Booz Allen Hamilton) Analysis of malicious M.E.Doc updates tied to the Petya suggest that the ransomware that wreaked havoc on Ukraine provided cover for traditional espionage.

Telebots Group may have used PETYA variant to destroy evidence of long-term campaign. (Booz Allen Hamilton Cyber4Sight®) The Booz Allen Cyber4Sight® threat intelligence solutions team investigated the Script2Exe-compiled TeleBots backdoors identified by ESET researchers and identified evidence that suggests that the TeleBots actors may have compromised the MEDoc update service with the goal of performing more traditional intrusion activities across multiple organizations.

EternalBlue vulnerability scanner statistics reveal there are exposed hosts worldwide (Help Net Security) EternalBlue vulnerability scanner statistics show that after the NotPetya attack, people's awareness of the threat did increase.

Recent cyber attacks out to sow distrust: Darktrace (Techgoondu) This new trend in digital attacks is sowing distrust, leading people to lose confidence in organisations and businesses, according to cyber security firm Darktrace.

Industrial control security practitioners worry about threats ... for a reason (WeLiveSecurity) Recent research from the SANS Institute confirms that security of industrial control systems is increasingly seen and understood to be a serious issue.

IOT Security Risks Begin With Supply Chains (GovTechWorks) The Internet of Things (loT) greatly expands the attack surface of federal networks – and many connected components may be purchased outside of the normal technology supply chain. Developing standards and best practices is essential to balancing the power of IoT with government’s growing security needs.

Millions of Verizon customer records exposed in security lapse (ZDNet) Customer records for at least 14 million subscribers, including phone numbers and account PINs, were exposed.

Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers (Dark Reading) Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.

Exposed Verizon customer data could be a shortcut for hijacking many online accounts (Help Net Security) Names, phone numbers, and account PINs of some 14 million Verizon customers have been found exposed on an unprotected "bucket" on an Amazon AWS server.

One Backdoor in the Amazon Cloud That Companies Frequently Leave Unlocked (Observer) How good websites do bad.

Bupa Suffers Data Breach (Infosecurity Magazine) Data includes the names, dates of birth and nationality of customers

Magala Trojan Uses Virtual Desktops to Secretly Click on Search Results Ads (BleepingComputer) A new click-fraud trojan is infecting Windows computers and using virtual desktops to click on ads in search results to earn a profit for its creator(s).

New Point-of-Sale Malware LockPoS Hitches Ride with FlokiBot (Threatpost) Botnets distributing FlokiBot point-of-sale malware are back in business spewing a new malware dubbed LockPoS.

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability (TrendLabs Security Intelligence Blog) The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plugin is available that allows developer to use existing Struts 1 Actions and ActionForms in Struts 2 web applications. A vulnerability has been found in this plugin that could allow remote code execution on the affected server, if used with Struts 2.3.x. (Versions 2.5.x are not affected.)

The Second Most Popular Mac Malware Is a Cryptocurrency Miner (BleepingComputer) According to statistics released by Symantec today, the second most widespread Mac malware today is a cryptocurrency miner called DevilRobber, which saw a huge spike in activity last month.

SAP E-Recruiting: Is Your Recruitment Application Secure? (Bowbridge) New research shows most implementations of E-Recruiting, the SAP recruitment application, are highly vulnerable to cyberattack. See if your company is at risk.

New SQL Injection Tool Makes Attacks Possible from a Smartphone (Dark Reading) Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.

PSA: Don't Open SPAM Containing Password Protected Word Docs (BleepingComputer) I wanted to alert everyone of a new malware distributing SPAM that I just received that contains a password protected Word document, which pretends to be about a payment I would be receiving shortly. As I always love free money, I had to take a look and see what I was getting for free.

WhatsApp in the NHS: symptomatic of a few poor choices, or a chronic problem? (Computing) Web-based contextual communications can replace existing unified communications tools to aid traceability and raise security at work

Businesses warned of insider cyber threat (Financial Review) While companies focus on external cyber threats, the risks presented by employees and contractors within their own walls cannot be ignored.

24% of companies suffered data breaches by former staff members (Infosecurity Magazine) Study finds businesses fail to adequately protect networks from potential threat posed by ex-employees

Security Patches, Mitigations, and Software Updates

SAP Patches High-Risk Flaws in SAP POS, Host Agent (Threatpost) SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws in SAP POS and SAP Host Agent.

Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution (Threatpost) Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies.

Microsoft releases Windows 10 build 15063.483, 14393.1480 and 10586.1007 - here's what's new (Neowin) Today is Patch Tuesday, which means that it's time for Microsoft to release cumulative updates for all versions of Windows 10, including builds 15063.483, 14393.1480, 10586.1007, and 10240.17488.

Cyber Trends

Half of Corporate Web Apps Contain Flaws That Are at Least a Year Old (eWEEK) A WhiteHat Security study finds that corporate web applications have fewer security flaws overall this year, but more than half of the flaws remain unfixed for at least a full year.

Look at the Past to Fight Today’s Attacks (Infosecurity Magazine) Even with stringent controls and up-to-date security software, malicious actors are adept at breaking through barriers.

Security analytics and operations are becoming more difficult (Help Net Security) Organizations are facing more cybersecurity challenges than ever, but 72% are experiencing more challenges now than 2 years ago despite increased spending.

Which countries are most exposed to cyber threats, surveillance? (Fifth Domain | Cyber) It’s difficult to determine the net level of exposure of individuals and organizations globally, and until recently, few tried.

Mauritius, Rwanda and Kenya – Africa's top cybercrime fighters (ITWeb Africa) The Global Cybersecurity Index 2017 has placed Mauritius, Rwanda and Kenya as the top three countries in Africa that have a sustainable framework in fighting cybercrime.

One in four will consider not voting in elections due to cybersecurity (TheHill) Twenty-seven percent of voters say that cybersecurity will influence their decision whether to vote, according to a new report from the cybersecurity firm Carbon Black.

Security specter still haunts cloud computing (GCN) Security for cloud services is improving, but some significant hurdles remain, security experts say.

Marketplace

ZeroFox secures $40m Series C to help manage social media risk (TechCrunch) ZeroFox, a startup that helps companies manage social media risk including scams, malicious links and account hijacking, announced a $40 million Series C..

Cybersecurity co Deep Instinct raises $32m (Globes) The Tel Aviv based startup says it is the first company to apply deep learning to cybersecurity.

Nvidia Invests In Deep Instinct, A Deep Learning-Based Cybersecurity Startup (Tom's Hardware) Nvidia announced that it invested in "Deep Instinct," an Israeli company that uses deep learning technology to detect 99% of cyber threats.

OwnBackup grabs $7.5M Series B investment for SaaS data backup service (TechCrunch) One of the great advantages of the cloud is that your vendor is supposed to takes care of all the hard management bits for you -- including backup. While..

Behind the scenes with Tezos, a new blockchain upstart (TechCrunch) With a whopping $200m raised (at current btc and eth prices) Tezos breaks all Initial Coin Offering records to date. That’s saying something given over $1..

Cisco acquires network security startup Observable Networks (TechCrunch) Cisco has made another acquisition in the enterprise security space -- underscoring the ongoing market demand for security services amid a growing threat of..

Booz Allen Hamilton wins $40 million BPA to enhance DoD cybersecurity automation (Military Embedded Systems) McLean, Va. Defense Information Systems Agency (DISA) officials selected Booz Allen Hamilton for a $40 million single-award Blanket Purchase Agreement to help improve Department of Defense (DoD) cybersecurity and risk management using automated security solutions for the agency’s Enterprise Mission Assurance Support Service (eMASS).

Post-Breach Share Prices Plummet Below NASDAQ Average (Infosecurity Magazine) An analysis shows that Apple, Home Depot and others have under-performing stocks after high-profile breaches.

Look beyond job boards to fill cybersecurity jobs (CSO Online) The cybersecurity staffing shortage is reaching crisis proportions, and companies are looking beyond the traditional channels of job boards and headhunters to find and hire new talent. Here are some of the unconventional ways companies are identifying talent.

Majority of IT Security Professionals Work Weekends (Dark Reading) A survey finds that 57% of IT security professionals work weekends, and most say they still find their jobs rewarding.

Symantec Corporation (NASDAQ:SYMC) Looking To Sell Website Certification Unit (Market Exclusive) Reports indicate that Symantec Corporation (NASDAQ:SYMC) is considering plans to dispose of its web certification business potentially earning the cybersecurity company over $1 billion. The move could also extricate the cybersecurity firm from an ongoing feud with Google’s parent company, Alphabet Inc (NASDAQ:GOOGL).

Sun Valley: Verizon Chief Shoots Down Disney Purchase Reports (Variety) Verizon CEO Lowell McAdam didn’t mince words when asked if the telecom giant will buy Disney. “No,” was his blunt response when peppered with questions…

Apple to Build China Data Center to Meet New Cybersecurity Law (Wall Street Journal) The iPhone maker will begin storing all cloud data for its customers in China with a government-owned company—a move that means relinquishing some control over its data.

GDPR is Stifling Innovation, Says Infosec Community (Infosecurity Magazine) New regulation could encourage organizations to cover up security breaches, survey finds

Forcepoint Expands Brand Campaign to Emphasize the Human Side of Cybersecurity (PRNewswire) Introduces "Protecting the Human Point" to mainstream audiences

Corero Announces Edinburgh Office Expansion to fuel DDoS Research & Development (Corero) Corero Announces Edinburgh Office Expansion to fuel DDoS Research & Development

Focal Point Data Risk Appoints Yvette Connor as Chief Risk Officer (Focal Point) Connor leads Focal Point’s Executive Risk Consulting practice, bringing an extensive background including more than 20 years of strategic risk management experience

Products, Services, and Solutions

eSentire Launches Next-generation Logging and Event Management Platform for Managed Detection and Response (MDR) (Marketwired) Purpose-built cloud platform MDR integration empowers elite eSentire security analysts to hunt and kill threats in real-time

WPS Customers Prepared for Petya Ransomware as Virus Infects PCs Globally (Marketwired) Impact of Ukrainian borne virus reduced by business users of WPS Office

RedSeal Further Expands Its Hybrid Datacenter Modeling Capability with Seamless Integration with Cisco ACI (Marketwired) Security teams will gain holistic view of their entire network and boost productivity

AsTech Expands Paragon Security Program Guarantee Against Data Breach-Related Costs to $5 Million (AsTech) AsTech has announced today that that the company is expanding its hallmark Paragon Security Program warranty to $5 million.

Tanium Improves EDR With Threat Response Security Platform (eWEEK) Tanium updates its endpoint detection and response capabilities with a new offering that combines multiple security features to help rapidly find and deal with issues.

Akamai Delivers Cloud-Based Security, Powered by Smart Algorithms, To Thwart DNS, Malware Attacks (Integration Developer News) Akamai Technologies, well known for high-performance content delivery over the Internet, is leveraging that knowledge to deliver a high-impact security service from the cloud. IDN talks with Akamai’s Frank Childs to learn how its Enterprise Threat Protector thwarts DNS, malware and bot attacks.

Kaspersky offers cyber-protection for Kamaz (Telecompaper) Kaspersky Laboratory has started providing cyber-protection services for the Russian automotive company Kamaz. Kaspersky Endpoint Securityfor businesses has been integrated into the corporate network of the automotive company. The project was carried out by the company Softline, a partner of Kaspersky Laboratory.

Hoboken's eMazzanti Technologies Brings Customer-tracking Guest Wi-Fi to Area Retailers (Benzinga) A NYC area retail technology consultant and MSP shows how high-tech guest Wi-Fi can boost sales for retailers by tracking customers to generate real-time offers on customer's devices—in a new article on the eMazzanti Technologies website.

Gemalto kiosks help retailers authenticate customer ID for branded credit cards (BiometricUpdate) In a Q&A interview with FierceRetail, Gemalto’s SVP of banking and payments, Paul Kobos, discussed how the company’s biometrics-based, self-serve credit card kiosks can help retailers authentic…

Thales provides database encryption solution for Beyond Platform's peer-to-peer lending service (PRNewswire) Thales, a leader in critical information systems, cybersecurity and...

Grab offers hackers bug bounty (Tech in Asia) Grab is offering rewards of up to US$10,000 to hackers who are able to identify security weaknesses in its ride-hailing platform.

Atlassian launches public bug bounty with Bugcrowd (ZDNet) The economics of bug bounties are too overwhelming to ignore, Atlassian's head of security says.

Bitdefender Home Scanner: Scan your Home Network for vulnerabilities (The Windows Club) Bitdefender Home Scanner scans your home for all kinds of network vulnerabilities. This tool can take out security flaws and weaknesses of your network.

Technologies, Techniques, and Standards

NIST pulling together best practices for boosting federal cyber workforce (Fifth Domain | Cyber) The National Initiative for Cybersecurity Education has released a request for information document asking for ideas and viewpoints on efforts to educate and train a cybersecurity workforce.

Why linguistics can't always identify cyber attackers' nationality (CSO Online) The security whodunnit: analyzing the language used in an attack is just one tool to assign attribution, and it’s not always reliable.

Your industrial control system is vulnerable to cyber attack (PLANT) Manufacturers beware – your industrial control systems (ICS) are vulnerable to cyber attack. Isolation as a complete security solution won’t work.

Decrypted: Emsisoft Releases a Decryptor for NemucodAES Ransomware (BleepingComputer) Fabian Wosar of Emsisoft has been able to crack the decryption used by the NemucodAES ransomware so that victims can get their files back for free. This guide will walk you through using the decryptor and provide a brief explanation on the NemucodAES Ransomware.

4 ways to avoid the next Petya or WannaCry attack (CNET) These tips will keep your computer safe from the next wave of ransomware.

Exploit attacker playbooks to improve security (CSO Online) Rick Howard lines up a Security Slap Shot on improving security by going after attacker playbooks.

Backup Scripts, the FIM of the Poor (SANS Internet Storm Center) File Integrity Management or "FIM" is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often.

The Rise of Ransomware is Far From Over, How to Fight Back (Shaun Murphy) It seems like ransomware attacks are becoming more and more common. This is not surprising because in the grand scheme of things for cyber criminals this type of attack is one of the easiest, simplest and most lucrative to execute.

Security by Obscurity [Infographic – Updated Q2 2017] | (The SiteLock Blog) When businesses, especially SMBs, take the...

Companies must hire a CISO to address cyber threats at the executive level (Financial Review) Many top listed companies have hired specialist cyber security executives, others are yet to have the epiphany.

CISOs Should Build Situational Awareness to Thwart Cyber Threats: Study (CXO) CISOs and IT leaders in India should hone their situational awareness skills in order to better defend their organizations against cyber threats, said cyber security solutions firm Fortinet.

Incident Response in Government (FederalNewsRadio.com) How cyber incident response benefits from orchestration

BEC scams: How to avoid them and how to fight back (Help Net Security) Companies might not want to be just sitting ducks for BEC scams, and do their part to actively frustrate and discourage scammers now, and in the future.

How Active Intrusion Detection Can Seek and Block Attacks (Dark Reading) Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.

How IoT Device Discovery and Activity Detection can Work (Infosecurity Magazine) IoT device discovery offers a critical foundation to an IoT security solution.

Design and Innovation

DoD sends industry its cyber wish list (Fifth Domain | Cyber) In a notice this week, the Pentagon provided a variety of technologies it desires in the cyber realm.

The Fraud Management Solution: Biometrics (PYMNTS.com) Teach a man to phish and he’ll launch a phishing attempt every 30 seconds for the rest of his life. So what can businesses do to keep customers from biting, yet still provide a convenient platform for them to conduct digital payments and financial services? Customers want to conduct these activities through a digital portal, […]

Here’s How Comics Can Boost Cyber Training (Nextgov) A DHS grantee created a web comic template for cyber training.

Research and Development

China makes quantum leap forward by 'teleporting' data from Tibet to satellite (The Sydney Morning Herald) The breakthrough gives China a significant edge in developing unbreakable codes.

Google pays academics millions for key support (Times (London)) Google has paid millions of dollars to academics at British and American universities for research that it hoped would sway public opinion and influence policy in favour of the tech giant. A...

IARPA wants to know when someone tries to trick biometric scanners (C4ISRNET) SRI will develop "dynamic biometrics" that can detect attempts to evade or deceive biometric systems such as fingerprint, iris and face scanners.

Academia

ASUMH faculty recently speaks at Community Cyber College Summit (The Baxter Bulletin) Conference helps educators with best practices on what's been used in technology

Legislation, Policy and Regulation

Cyber security: What the new ECB requirements mean (Director of Finance Online) Palo Alto Networks' Greg Day explains what the European Central Bank's (ECB) new cyber security requirements mean for your business.

The country with the world’s best cybersecurity is planning a new law to license hackers (Quartz) Hacking without a license will land you two years' jail and a fine of up to $36,000

GDPR, the Cloud, and Government Spying (AlienVault) Infosecurity 2017 took place against a backdrop of change; so much change in fact, that some might call it chaos. The deadline for the GDPR moves ever-closer, but the British government is in a state of disarray at a time when negotiations to leave the EU are underway, all while it’s trying to increase its surveillance capabilities as well.

How Saudi Arabia Botched Its Campaign Against Qatar (Foreign Affairs) The best hope for Saudi Arabia and its allies is that some face-saving resolution to the conflict with Qatar can be found.

Why Mexican Security is Crumbling – and How That Matters Here (The Cipher Brief) Mexico was ranked the most-worsened country this year on the Fund for Peace's Fragile States Index (FSI), tying with Ethiopia for the bottom spot.

If FCC gets its way, we’ll lose a lot more than net neutrality (Ars Technica) Beyond no-blocking rules, Title II plays big role in overall consumer protection.

Senators call on Army undersecretary nominee to get new tech to soldiers faster (Army Times) The Army may be in a readiness crisis, Sen. John McCain said Wednesday, but the Senate is reluctant to pour more money into the service as it blows billions of dollars on failed acquisitions programs.

NHS trusts handed extra £21m to improve IT security as Department of Health responds to CQC review (Computing) Government accepts all ten of Dame Fiona Caldicott's recommended data security standards

NHS systems to be strengthened after cyber attack (Financial Times) Ministers announce new funds and seek to make hospital heads more accountable for IT

German military aviation command launches cyber threat initiative (Reuters) The German military's aviation safety chief has launched a new initiative against cyber threats, citing research that he said shows hackers can commandeer military airplanes with the help of equipment that costs about 5,000 euros ($5,700).

Where Trump’s FBI nominee stands on tech’s hot privacy issues (TechCrunch) While questions about Russia attracted more initial scrutiny at his Senate confirmation hearing today, Trump's proposed James Comey replacement Chris Wray did..

Litigation, Investigation, and Enforcement

Duma passes bill on protection of Russian state data networks (Newsline) Russia’s lower house has approved a bill that defines which of the country’s informational infrastructure is to be considered critical, while setting a maximum sentence of 10 years imprisonment for hackers that attack it.

Kaspersky axed from governmentwide contracts (FCW) Russian cybersecurity vendor Kaspersky Lab has been taken off key government contract vehicles NASA SEWP and GSA Schedule 70 as part of an overall move to address possible risks posed by the firm.

Kaspersky claims that it's 'a pawn in a geopolitical game' after US government de-listing (Computing) 'Kaspersky has no ties to any government, and has never helped any government with cyber-espionage,' argues company

Kaspersky Lab says it has become pawn in U.S.-Russia geopolitical game (Reuters) Russian cyber security firm Kaspersky Lab, reacting to a U.S. government move restricting its activities, said on Wednesday it had fallen victim to U.S.-Russia global sparring while the Kremlin criticized the U.S. action as politically-motivated.

Islamist extremism funded by donations from public (Times (London)) Hundreds of thousands of pounds in small donations from within the UK are the main source of income for some Islamist extremist organisations, according to a secret government report. Extremists...

New Information In A Bizarre Story About A Quest To Hunt Down Hillary Clinton’s Deleted Emails (The Daily Caller) New details have emerged about a Republican opposition researcher's failed attempt to get Hillary Clinton deleted emails from Russian computer hackers who claimed to have the documents. Earlier thi

Dershowitz: Did Donald Trump Jr. commit a crime or merely political sin? It depends (Fox News) The entire issue of alleged collusion with, and interference by, the Russians should be investigated openly by an independent nonpartisan commission, rather than by a prosecutor behind the closed doors of a grand jury.

Alan Dershowitz: Who will guard the guardians? (Washington Examiner) James Comey should be rebuked by the Justice Department for violating their rules, but there isn't enough evidence at the moment to warrant...

Russians told to log in to Pornhub using verified social media accounts (Naked Security) Russians need a passport to get a SIM card, a cell number to get a VK account, and the VK account to log into Pornhub. What’s behind this new requirement?

Sophos joins global alliance to fight the cybercrooks (Sophos) Along with law enforcement, educational institutions and financial organizations, Sophos becomes part of the Global Cyber Alliance.

Creators of dark web chat room arrested for facilitating child abuse (HackRead) Brett McBain, 51 and David Buckley, 54 were arrested for creating a dark web chat room called £1TheOtherPlace which was used to share images of children be

EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON (Help Net Security) Security researchers attending Black Hat, B-Sides and DEF CON can visit the EFF booths to have their research-related law questions answered.

‘Share Until This Pig Is Caught’: Germany’s Far Right Hunts an Innocent Man Online (Motherboard) A right-wing Facebook page started a witch hunt by claiming that a protester had blinded a policeman at the G20 protests.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

International Conference on Cyber Security: Forging Global Alliances for Cyber Resilience (New York, New York, USA, January 8 - 11, 2018) The Federal Bureau of Investigation and Fordham University will host the Seventh International Conference on Cyber Security (ICCS 2018) on January 8-11, 2018, in New York City. ICCS is held every eighteen months. It is an unparalleled opportunity for global leaders in cyberthreat analysis, operations, research, and law enforcement to coordinate their efforts to create a more secure world.

upcoming Events

Electronic Warfare Olympics & Symposium (Colorado Springs, Colorado, USA, July 13 - 14, 2017) The 2017 Electronic Warfare Olympics & Symposium will improve the capability, and marketability, of spectrum warriors by building the local EW/IO community. and bringing awareness to the capabilities in the region. The event will consist of speakers, government and industry exhibits, and Electronic Warfare Olympics.

3rd Edition CISO Summit India 2017 (Mumbai, India, July 14, 2017) Cyber security has gone through a tremendous change over the last couple of months. Ecosystem disruptions like demonetization, emergence of payment banks and fintech play have put technology as the sine qua non and a savior for banks. But gifts are bundled often with miseries. While technology works as a catalyst for scale and speed, security unpreparedness could play a spoilsport.

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

US Energy Secretary says cyber threat to grid is real. BAH research suggests NotPetya may have been misdirection for espionage. Verizon customer data exposed by third party. Emsisoft has a NemucodAES decryptor. Industry notes, and reasons for not voting.