The CyberWire Daily Briefing 7.17.17

Summary

By The CyberWire Staff

The Washington Post is citing anonymous sources within the US Intelligence Community in a report claiming that the United Arab Emirates was responsible for hacking Qatari news and information sources with fake stories expressing sympathy for Iran, Israel, and ISIS. The FBI, which assisted Qatar's investigation, had earlier attributed the hack to Russian actors, possibly criminals, freelancers, or hired guns. The United Arab Emirates denies any involvement in the hacking and disinformation, and insists the real story is Qatar's sympathy for terrorist organizations.

Russia's Foreign Ministry said Friday that it had been the victim of a protracted and damaging cyberattack: the Ministry says its email servers were hacked with "grave consequences." The attacks are said to have taken place last month and originated in Hungary and Iran. But a lot of other countries are mentioned in dispatches: China, India, the European Union, and, especially, the US. The Moscow Times, citing Ministry spokeswoman Maria Zakharova, says "88 percent of all visits to the Foreign Ministry’s site were cyber-villains with U.S. IP addresses."

There are also reports of doxing attempts, some successful, against online accounts of US experts on Russia, which are seen as potential battlespace preparation for ongoing information operations. No attribution, but Russia is suspected.

NemucodAES ransomware and Kovter click-fraud exploits are distributed by a common campaign.

Check Point reports a campaign against Mac systems that uses certificates to bypass Mac Gatekeeper. The malware steals banking credentials.

The White House apparently inadvertently released information about commenters on voter fraud.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Australia, Bahrain, Indonesia, Ireland, Israel, Japan, Kuwait, Netherlands, Oman, Qatar, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, and United States.

DNS Forensics: Where Intuition Meets Experience

If you’re in search of top notch cybersecurity powers, a great starting point is DNS Forensics. This new approach leverages both human and machine intelligence to unearth malicious infrastructure. This white paper will illustrate the effectiveness of domain name intelligence in your investigations as well as demonstrate examples of a DNS-centric strategy so you can apply this to your own security approach.

On the Podcast

In today's podcast, we hear from our partners at the Johns Hopkins University. The Information Security Institute's Joe Carrigan discusses various attempts to address the shortage of qualified cyber security workers.

Sponsored Events

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

BSides Las Vegas (Las Vegas, NV, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

UAE orchestrated hacking of Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials (Washington Post) Hackers planted news stories with false quotes attributed to Qatar’s emir, which were then cited to condemn his government.

UAE behind hacking of Qatari sites - US spies (Sky News) Fiery but false quotes attributed to Qatar's emir were published on government websites in a UAE plot, US intelligence claims.

Qatar crisis: UAE denies hacking news agency (BBC News) The incident in late May helped spark the current diplomatic rift between Qatar and its neighbours.

Opinion: 'Islamic State' jihadism could live on | Opinion (Deutsche Welle) With Mosul and Raqqa retaken, the fate of "Islamic State's" territorial caliphate is sealed. Yet Loay Mudhoon says that's no reason to give the all clear, as IS is nothing more than a symptom of a crisis of statehood.

Russian Foreign Ministry Says it Suffered ‘Large-Scale’ Cyber Attack (Moscow Times) Russia’s Foreign Ministry experienced “large-scale” cyber-attacks originating in Iran and Hungary last month, its spokesperson said

Private Email of Top U.S. Russia Intelligence Official Hacked (Foreign Policy) As concerns about cyberattacks grow, hackers are going after Russia wonks.

'It was always going to happen': Inside the cyber-attack on parliament (BBC News) The inside story of the day hackers attacked parliament - and how the security team fought back.

Blame Human Error for WWE and Verizon’s Massive Data Exposures (WIRED) What's behind the recent spat of database vulnerabilities? Good ol' fashioned human error.

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns (Threatpost) Researchers have spotted malicious email campaigns using Zip archives to spread NemucodAES ransomware and the Kovter click-fraud Trojan, simultaneously distributing both pieces of malware.

Keeping up with the Petyas: Demystifying the malware family (Malwarebytes Labs) Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family.

Who is a target for ransomware attacks? (CSO Online) While any enterprise is a possible ransomware target, some are more likely than others to be caught in a cybercriminal’s crosshairs.

Cyber attacks a wake-up call: Keenan (NewsComAu) Recent global ransomware attacks must act as a wake-up call for Australia as the digital economy grows, Justice Minister Michael Keenan says.

Windows, Linux distros, macOS pay for Kerberos 21-year-old 'cryptographic sin' (ZDNet) Researchers find an authentication protocol bug that affects Windows, Linux and Apple.

Malware installs Signal as part of scheme to steal macOS users' banking credentials (Graham Cluley) A piece of malware is currently installing the Signal messenger app on macOS users' mobile devices as part of a scheme to steal their banking credentials.

OSX/Dok malware hits Macs; bypasses Apple’ Gatekeeper (HackRead) IT security researchers at Checkpoint recently discovered that a new malware has started to rise and is targeting Mac devices. The malware is considered qu

SQL injection attacks controlled using Telegram messaging app (Naked Security) This weaponising of an encrypted messaging app prompts us to remind you that you should really be focusing on how to avoid SQLi attacks in the first place

751 domains hijacked to redirect visitors to exploit kit (Help Net Security) An unknown attacker has managed to modify the name servers assigned to 751 domains, redirecting visitor to a site hosting the Rig Exploit Kit.

Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More (TrendLabs Security Intelligence Blog) The information-stealing RETADUP worm was actually accompanied by another threat, GhostCtrl—an Android malware that can stealthily take over the device.

CopyCat adware uses Amazon Web Services, APK segmentation to evade detection (SC Media US) The CopyCat adware that infected over 14 million Android devices has been using advanced evasion techniques , according to new researcher from Appthority.

SMS Phishing induces victims to photograph its own token card (SANS Internet Storm Center) Today I faced quite an unusual SMS phishing campaign here in Brazil. A friend of mine received a SMS message supposedly sent from his bank asking him to update his registration data through the given URL. Otherwise, he could have his account blocked, as seen in Figure 1.

Cloud AV Can Serve as an Avenue for Exfiltration (Dark Reading) Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.

Office maldoc + .lnk (SANS Internet Storm Center) Reader nik submitted a malicious document. It's an Excel spreadsheet containing a Windows shortcut. As Windows shortcuts can contain interesting metadata like the MAC address of the computer that created the .lnk file, I took a closer look.

Porn Spam Botnet Has Evil Twitter Twin (KrebsOnSecurity) Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting “online dating” programs — affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of more than 80,000 automated female Twitter accounts has been pimping the same dating scheme and prompting millions of clicks from Twitter users in the process.

BUPA breach – why names and addresses matter (Naked Security) UK healthcare company BUPA just had an employee run off with half a million names and addresses – here’s what we can learn from the breach.

IoT 'Smart' Alarm has Vulnerabilities (Infosecurity Magazine) iSmartAlarm has several vulnerabilities which could enable cyber-assisted crime

Detroit Medical Center blames data breach on outside agency (Detroit Free Press) A data breach at the Detroit Medical Center that might affect 1,529 patients was the result of a contract employee turning over information to an unauthorized third party, officials said Thursday.

Let the cyber games begin: why big events are now trophy targets (Mandarin) Hacking has always been a competition. But do today’s big sports events still have what it takes to beat the bad guys?

White House released voter-fraud commenters' sensitive personal information (CSO Online) The White House published voter-fraud comments, including voters' sensitive personal information.

Hackers did not breach computer system, says ESB (RTE.ie) The ESB said there has been no breach of its computer system after hackers targeted it.

Security Patches, Mitigations, and Software Updates

No big deal. You can defeat Kaspersky's ATM antivirus with a really fat executable (Register) After you've gained arbitrary execution on the cash machine, natch

Cyber Trends

Lloyd's says cyber-attack could cost $120bn, same as Hurricane Katrina (the Guardian) World’s oldest insurance market warns cost to global economy of cyber-attack could be as much as worst natural disasters

A UK business will spend more than £1m recovering from a data breach (Help Net Security) Companies are right to worry about the financial impact of a data breach – both in terms of short-term financial losses and long-term brand damage.

Whose job is it to keep us safe from online harassment? (Naked Security) As more of us report having been the focus of abuse online, what steps can be taken to make the web better while protecting freedom of speech?

Marketplace

The gap between the haves and the have-nots in D.C.’s tech scene is getting bigger (Washington Post) The region is getting more venture funding than in the past, but it’s going to fewer and fewer firms.

Could e-discovery pros fill the insatiable demand for cybersecurity talent? (Help Net Security) As the industry commoditizes, opportunistic experts in electronic discovery are looking at cybersecurity as their next logical career path.

Six entry-level cybersecurity job seeker failings (CSO Online) More cybersecurity job openings mean more entry-level candidates are entering the market. These are the common mistakes they make when apply and interviewing for an opening.

Israeli cyber firm Votiro raises $11.2 million from Aussie investors (Financial Review) Votiro Cybersec has closed an oversubscribed capital raise ahead of an imminent Australian expansion and ASX IPO.

CyberArk Software | $CYBR Stock | Shares Crash as Company Posts Disappointing Guidance Numbers (Ticker TV) CyberArk Software Ltd. (CYBR), a global software-based IT security solutions yesterday reported their preliminary second quarter 2017 financial results.

Russian Cyber Firm Kaspersky Aches Amid Strained U.S. Relations (Fortune) The company is being punished for the sleights of the Kremlin.

Partners Could Feel Impact With Kaspersky Lab Caught in U.S.-Russia Cyber Beef (MSPMentor) Partner IT services provider partners could be left in a lurch as Kaspersky Lab appears to be paying the price for Vladamir Putin’s cyber campaign against the 2016 American presidential election, with the security software vendor this week losing key approvals to sell IT products to U.S. government agencies.

Atlassian Launches Public Bug Bounty Program (Security Week) Team collaboration and productivity software provider Atlassian announced this week the launch of a Bugcrowd-based public bug bounty program with rewards of up to $3,000 per vulnerability.

Products, Services, and Solutions

IBM unveils new mainframe capable of running more than 12 billion encrypted transactions a day (CNBC) IBM has launched a new mainframe system capable of running more than 12 billion encrypted transactions per day, in a bid to wade further into the financial cybersecurity market.

IBM dangles carrot of full encryption to lure buyers to new z14 mainframe (TechCrunch) IBM is doing its damnedest to keep the mainframe relevant in a modern context, and believe it or not, there are plenty of monster corporations throughout the..

IBM reboots iconic mainframe: Encrypt data all the time, at any scale (Help Net Security) IBM Z has an encryption engine that makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.

IBM's Plan To Encrypt Unthinkable Amounts of Sensitive Data (WIRED) The new IBM Z mainframe uses "pervasive encryption" to stop data breaches in their tracks.

Twistlock 2.1 Container Security Suite Released (InfoQ) Twistlock announced the general availability of version 2.1 of their container security product. Highlights of the release include an integrated firewall that understands application traffic, vulnerability detection, secrets management via integration with third party tools, and compliance alerting and enforcement.

DB Networks Aids GDPR Readiness for Structured Data (CIO Today) DB Networks Supports GDPR Readiness Assessments for Structured Data -- AI-based DBN-6300 dramatically reduces the time and effort necessary to discover structured data stores and create an accurate Personal Data Inventory

Darktrace & CITIC Telecom CPC to take "disruptive AI" security to APAC (Security Brief) This new partnership will further strengthen our ability to respond to the overwhelming demand for our cutting-edge machine learning technology."

Technologies, Techniques, and Standards

Verizon Data Exposure - A Lesson in Cloud Security Hygiene (SC Media US) According to reports, Verizon potentially exposed up to 14 million customers' personal information in a public-facing Amazon S3 (storage) bucket which was

How to protect yourself from the Verizon data breach (ZDNet) To be safe, you must change your Verizon PIN.

Launch your own cybersecurity sprint: 30 days to improved security (Help Net Security) Use these lessons to establish a realistic plan for achieving “quick wins” to prioritize risk reduction, quantify progress, and retain management support.

Design and Innovation

What is gamification? Lessons for awareness programs from Pokemon Go (CSO Online) Gamification is a way to reward people for exhibiting a desired behavior. It is not merely creating a game for people to play, nor making training a game. As Pokemon Go turns a year old, here are some of the things awareness programs can learn from the massively popular game..

How to make computer science education fun (CSO Online) Games that focus on concepts over programming languages teach students to think like a computer while having a little fun

Someone Made a Tool That Turns Twitter Threads Into Blogs 1/87 (Motherboard) It’s time for some Thread Theory.

Research and Development

New firewall designed to protect Android cellphones (Digital Journal) A security threat to smartphones comes from phone components, like touchscreens, chargers, and battery or sensor assemblies. These 'field replaceable units’ have weak security settings; but there is a new solution for this vulnerability.

To Truly Fake Intelligence, Chatbots Need To Be Able To Change Your Mind (Motherboard) To achieve social intelligence, AI needs to be able to be persuasive, argues researcher.

What an artificial intelligence researcher fears about AI [Commentary] (Fifth Domain | Cyber) As an artificial intelligence researcher, I often come across the idea that many people are afraid of what AI might bring. As an AI expert, what do I fear about artificial intelligence?

Academia

Dimension Data and Deakin University open cybersecurity accelerator (ZDNet) The six-month accelerator program designed to help early-stage cybersecurity startups is funded by the Victorian government's LaunchVic kitty.

Cybersecurity Education Takes Center Stage at Cyber Innovation Challenge (PRNewswire) Today, government, education and industry partners announced...

Legislation, Policy and Regulation

Defense Ministry plans to boost strength of unit tasked with countering cyberattacks (The Japan Times) The Defense Ministry is considering strengthening its unit tasked with responding to cyberattacks by increasing the number of staff to around 1,000 from...

Dutch Senate votes to grant intel agencies new surveillance powers (Register) Privacy groups concerned by data-slurping 'tapping' law

Australian government to introduce laws forcing tech companies to decrypt communications (CRN Australia) Legislation will force tech companies to open up encrypted messages.

White House leaves door open to U.S.-Russia cyber ‘dialogue’ (POLITICO) The Trump administration is still open to a cyber dialogue with Russia — despite having no plans to form the joint U.S.-Russian election security team that President Donald Trump float…

Encryption: It's not just for governments, it's for everybody (RedShark News) Quis custodiet ipsos custodes? More and more, governments seem to be calling for backdoors to be established into encryption programs in the name of p...

We Need 21st Century Responses – DFRLab (Medium) Secretary Albright Speaks At #DisinfoWeek

Military Cyber Operations Headed for Revamp after Long Delay (VOA) Under plans, US Cyber Command would eventually be split off from intelligence-focused National Security Agency

House Boosts CYBERCOM Budget But Cuts NIST Funds (Nextgov) The House version of the defense authorization bill requires a Pentagon and State Department cyber strategy.

Intel bill directs report on cyber-vulnerability disclosure process (C4ISRNET) The House Intelligence Committee's Intelligence Authorization Act calls for a report on the disclosure process for vulnerabilities.

Litigation, Investigation, and Enforcement

Co-founder of firm behind Trump-Russia dossier will not testify before Senate next week (POLITICO) The committee on Wednesday announced a July 19 hearing that listed Glenn Simpson as a witness.

The Hacker Hunters Chasing Russian Shadows (Moscow Times) U.S. investigators are stepping up the fight against Russian cybercriminals. But are they going after the right guys?

Telegram agrees to delete terrorist content in Indonesia following partial block (TechCrunch) Messaging app Telegram has agreed to block terrorist-related content in Indonesia after the government threatened to block the service over fears it was..

Russian cyber criminals identified by Australian spooks (Courier and Mail) Australian spooks have identified 10 cyber criminals – the majority from Russia and Eastern Europe – responsible for hundreds of online attacks on Australians.

US Border Patrol isn't allowed to search travelers' data stored in the cloud (Help Net Security) When searching travelers' mobile phones at the border, CBP officers do not have the authority to rifle through data stored solely "in the cloud".

US border agents: We won’t search data “located solely on remote servers” (Ars Technica) What does that mean in practice? CBP isn't saying for now.

Ashley Madison Reaches Proposed Settlement with Exposed Users (Infosecurity Magazine) Leaked data included usernames, first and last names, email addresses, passwords and credit card data

Congresswoman’s iPhone contained nude images, and an aide put them online (Ars Technica) Staffer allegedly accessed images while taking lawmaker's phone in for repair.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

CYBERCamp2017 (Herndon, Virginia, USA, July 17 - 28, 2017) Always wondered what “cyber attacks” really are? How a special group of cyber warriors protect and defend our banks, stores, and electric plants every second? Join experts from the FBI and the foremost companies in the nation for an interactive #CYBERcamp in the National Capital Region. Cyber Camp 2017 is a summer camp in which students will have the opportunity to learn about various aspects of cyber security. Students will also gain practical skills through instruction by experienced security and information technology (IT) professionals, and hands-on exercises. The camp is divided into two 1-week segments:

National Insider Threat Special Interest Group - Insider Threat Symposium & Expo (Laurel, Maryland, USA, July 18, 2017) The National Insider Threat Special Interest Group (NITSIG) is excited to announce that it will hold a 1 day Insider Threat Symposium & Expo (ITS&E), on July 18, 2017, at the Johns Hopkins University Applied Physics Laboratory, (JHU-APL) in Laurel, Maryland. This is a MUST ATTEND event if you are involved in Insider Threat Program Management or are interested in Employee Threat Identification and Mitigation.

2nd Annual Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 18, 2017) The 2017 Billington Automotive Cybersecurity summit will build on the 2016 inaugural summit that brought together a who’s who of speakers including the CEO of GM and the Secretary of Transportation, prestigious media coverage from The New York Times and The Wall Street Journal and some 500 attendees. NOTE: Attendees must be citizens of U.S. or allied nations to attend this event.

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Report: UAE hacked Qatar in disinformation campaign. Russia says it's a hacking victim, too. NemucodAES and Kovter distributed in common campaign. Malware vs. Macs. White House inadvertently releases commenters' info.