"So what do I get for becoming a Producer's Circle patron of the CyberWire?" we've been asked. Well, unlike that membership in the ShadowBrokers' exploit-of-the-month club you might have been considering (not that we'd necessarily recommend signing up for that club, Wealthy Elite), your support of the CyberWire gets you more than an EternalBlue tote bag or a Guccifer 2.0 bobblehead. You now receive exclusive access to our new Quarterly Report. If you'd like to see a sample (redacted, of course), here you go. And thanks to all the Patrons who've been so generous in their support of the CyberWire.
More Signal. Less Noise.
Cylance
Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com
Qatar accuses UAE of hacking, violations of international law. NotPetya's not over for shippers. Devil's Ivy vulnerability found in gSOAP IoT code. GhostCtrl, Adwind, are out, about, and dangerous. G-Men say don't buy kids IoT toys.
Announcements
Producer's Circle patrons now receive the CyberWire Quarterly Report
Summary
Qatar continues to accuse the United Arab Emirates of hacking Qatar News Agency and other targets to plan disinformation discreditable to Qatar's government. The Emirates continue to deny involvement. Relying on an anonymously sourced report in the Washington Post said to derive from the US Intelligence Community, officials in Qatar call the incident a violation of international law and several international agreements.
NotPetya continues to reverberate in the shipping and logistics sector even after the malware attack itself has been contained and remediated. Delays in receipt of various shipments are being ascribed to the attack. NotPetya's effect on FedEx seems, at the very least, to have put the brakes on the shipping company's full integration of its TNT acquisition. Other companies have experienced material consequences as well, which gives added point to insurance giant Lloyd's assessment that a major cyber attack could inflict worldwide damages in the range of $53.1 billion to $121.4 billion.
Axis Communications patched an issue Senrio researchers found with Axis high-end and widely used security cameras. Axis deserves some credit here, because they're early to the patching. The flaw, "Devil's Ivy," is found in the widely used open-source code gSOAP. The problem is widespread and extends far beyond Axis. The vulnerability is likely to endure, given the notoriously low rates at which IoT devices are patched.
GhostCtrl, a versatile Trojan afflicting Android devices, is active in the wild. So is a resurgent Adwind RAT.
The FBI warns parents against buying their children toys with IoT features.
Notes.
Today's issue includes events affecting Australia, Bahrain, Egypt, European Union, France, Germany, Israel, New Zealand, Pakistan, Qatar, Russia, Saudi Arabia, Singapore, Thailand, United Arab Emirates, United Kingdom, United States
Can artificial Intelligence increase the precision of threat hunting?
Artificial intelligence is key to making sense of big data and scaling security data analytics. The “spray and pray” shotgun approach is too expensive and too imprecise to combat advanced attacks. So how do you harness the power of AI to increase precision and to proactively stay ahead of advanced attacks? How do you evaluate threat hunting tools? Join an online fireside chat with guests Josh Zelonis and Stephen Pieraldi to get the answers.
On the Podcast
In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Markus Rauschecker talks about how Facebook ran afoul of European privacy laws. Our guest is Tina Ladabouche, NSA GenCyber Program Manager, on the program that supports summer camp for middle school girls. And don't miss Recorded Future's latest threat intelligence podcast, produced in partnership with the CyberWire. This edition is the second part of their discussion of how to educate yourself for a career as a threat analyst.
Sponsored Events
Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.
BSides Las Vegas (Las Vegas, NV, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!
CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.
The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).
8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
UAE ‘planted fake news to trigger Qatar crisis’ (Times (London)) Qatar accused the United Arab Emirates of a “shameful act of cyberterrorism” after reports that US intelligence officials had evidence that it orchestrated a hack of Qatar’s state news agency and...
UAE denies Qatar media hack that set off diplomatic crisis (Deutsche Welle) The United Arab Emirates has rejected a report alleging it arranged for the Qatari government's news sites to be hacked. The incident has sparked a diplomatic crisis and left Qatar largely isolated in the Gulf region.
Qatar alleges Gulf rivals broke international law by hacking its websites (the Guardian) Alleged hack reported by Washington Post precipitated diplomatic and economic blockade, but UAE minister denies claims
Qatar lashes out at UAE over QNA hacking (Al Jazeera) Qatar says UAE's involvement in the hacking of the Qatar news agency is a violation of international law.
FedEx still feeling effects of TNT cyber attack (The Commercial Appeal) TNT Express is still feeling effects of Petya, an information technology virus that was spread to TNT through a Ukrainian tax software product.
FedEx-TNT integration plans hit as cyber attack wreaks hi-tech havoc (LoadStar) FedEx could change its integration plans for TNT following last month’s Petya cyber attack, admitting that some systems may never be fully recovered.
Didn’t get your Oreo cookie shipment? Last month’s global cyber attack may be to blame (HOTforSecurity) More and more details are emerging of the financial impact that last month's malware attack has had on major businesses. As everyone who works in IT security is all too aware, a massive malware attack crippled organisations and critical infrastructure in late June...
GCHQ Says Hackers Have Likely Compromised UK Energy Sector Targets (Motherboard) The news comes after the FBI and Homeland Security warned hackers had targeted US energy firms too.
"Devil's Ivy" Vulnerability Could Hit Millions of IoT Devices (WIRED) An obscure bug in 34 companies' physical secure gadgets could leave them open to hackers.
Experts in Lather Over ‘gSOAP’ Security Flaw (KrebsOnSecurity) Axis Communications — a maker of high-end security cameras whose devices can be found in many high-security areas — recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices.
IoT Security Incidents Rampant and Costly (Dark Reading) New research offers details about the hidden - and not so hidden - costs of defending the Internet of Things.
Exploit Derived From ETERNALSYNERGY Upgraded to Target Newer Windows Versions (BleepingComputer) Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system.
Why it took more than a week to resolve the Verizon data leak (Washington Post) A communication breakdown and an employee's vacation were why it took nine days for Verizon to stop a data leak.
GhostCtrl malware silently haunts Android users, hijacking functionality (SC Media US) Researchers have uncovered a highly versatile Android remote access trojan that hijacks device functionality, steals information and can even perform ransomware attacks.
Android backdoor GhostCtrl can do many unusual things (Help Net Security) There is no shortage of Android malware, but it's not often that one encounters an Android threat that can do as much as the GhostCtrl backdoor.
The Adwind Remote Access Tool Experiences a Resurgence (Security Intelligence) A new report detailed how Adwind, a remote access tool, is surging in popularity and putting countless users at risk for cyberattack.
Attackers are taking over NAS devices via SambaCry flaw (Help Net Security) A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures. Patch for SambaCry today!
Code Execution, DoS Vulnerabilities Found in FreeRADIUS (SecurityWeek) Security testing of FreeRADIUS using a technique known as fuzzing revealed more than a dozen issues, including vulnerabilities that can be exploited for denial-of-service (DoS) attacks and remote code execution.
751 Domains Hijacked to Redirect Traffic to Exploit Kits (BleepingComputer) On July 7, French domain registrar Gandi lost control over 751 customer domains, which had their DNS records altered to point incoming traffic to websites hosting exploits kits.
RoughTed Malvertising Peaks in June, According to Check Point's Latest Global Threat Impact Index (GlobeNewswire News Room) 28% of organizations globally impacted by RoughTed malvertising campaign in June 2017
A Myspace Security Flaw Let Anyone Take Over Any Account (WIRED) If you know someone's date of birth, you can crack their Myspace account.
Hackers tried to infiltrate state's voter registration system almost 150,000 times on US election day (The Independent) Hackers tried to access South Carolina's voter registration system almost 150,000 times on Election Day alone, a new report from the state's Election Commission has revealed. The report plays into a larger pattern of attempted hacking in the 2016 election, in which the Department of Homeland Security (DHS) says more than 20 US states were targeted. Intelligence officials believe much of the election meddling was carried out by Russian hackers.
Hackers secretly burn businesses (Stuff) Infecting a computer with ransomware isn't the worst thing a hacker could do - more damage can go on behind the scenes.
Newcastle City Council Leaks Data of Thousands of Adopted Children (Infosecurity Magazine) Blunder took place on June 15 2017
Religare suffers cyber attack; data completely safe: Company (Moneycontrol) IT systems across the globe in the recent past have been facing some or the other kind of malware attacks with the intention to extract money from the system owners.
You can buy password stealing malware 'Ovidiy Stealer' for $7 (HackRead) Researchers at Proofpoint recently discovered a mass-marketed malware called Ovidiy stealer whose main purpose is to steal passwords from victims. It is th
Botnet Tweeting, Spamming Porn Shut Down (Threatpost) Researchers discovered an active Twitter botnet made up of 38,000 bots, generating 8.5 million tweets and netting over 30 million clicks from its victims.
Siri implicated in yet another iPhone lockscreen hole (Naked Security) We can’t reproduce an iPhone lockscreen bug that hit the news last week – but there are plenty of lockscreen lessons to learn anyway.
Alexa is listening to what you say – and might share that with developers (Naked Security) How do you feel about the possibility of your recorded requests to Alexa being shared with third-party developers? Here’s what we know about that – and some tips to manage your data
FBI Issues Warning on IoT Toy Security (Dark Reading) IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
Think twice before buying a smart toy for your child (Help Net Security) The potential misuse of sensitive data such as location, visual identifiers, and known interests to garner trust from a child present exploitation risks.
Free Certs Come With a Cost (Threatpost) Leading certificate authority Let’s Encrypt is facing criticism that its rapid growth and eagerness to encrypt internet communications is happening at a cost.
Security Patches, Mitigations, and Software Updates
Linux Users Urged to Update as a New Threat Exploits SambaCry (TrendLabs Security Intelligence Blog) A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited.
Cisco Patches Another Critical Ormandy Bug in WebEx Extension (Threatpost) Researchers Tavis Ormandy and Cris Neckar privately disclosed a critical vulnerability in Cisco’s WebEx extension for Chrome and Firefox that allows for remote code execution.
FreeRADIUS Update Patches Bugs Static Analysis Tools Missed (Threatpost) FreeRADIUS today released an update that patches a number of vulnerabilities uncovered in a commissioned engagement using a customer fuzzer.
What You Need to Know About Comodo’s DCV Changes (SSL Store) Changes to Comodo’s Domain Validation Procedures coming next week
Cyber Trends
Damages From a Well Executed Cyber Attack Could Reach $121.4 Billion (BleepingComputer) Lloyd's of London, one of the world's largest insurers, warns that a well executed cyber attack could cause damages around to world ranging from $53.1 billion to $121.4 billion, according to a report the company released today.
10 Years of (Hacking) iOS (Skycure) Skycure helps to celebrate the 10-year anniversary of the iPhone with this latest Mobile Threat Intelligence Report. As iOS devices continue to become more and more popular in the enterprise …
Mobile Threat Intelligence Report Q1 2017 (Skycure) This report seeks to expose the security impact of iOS in the enterprise at this 10-year anniversary of the iPhone.
The Cloud in 2017: Trends in Security (Clutch) Clutch's new survey data analyzes trends in cloud security, revealing companies' preference for the cloud, their willingness to invest heavily in additional cloud security, and the most popular cloud security features and regulations.
New Study Reveals Companies Generally Unprepared to Meet EU GDPR (BusinessWire) With the European Union General Data Protection Regulation (EU GDPR) set to go into effect in less than a year, Crowd Research Partners today released
EU GDPR Report (Crowd Research (presented by STEALTHbits) The EU GDPR study focuses on identifying the impact of the new regulations on organizations and how they plan to be compliant. The study, sponsored by STEALTHbits Technologies, is based on input from over 500 global cybersecurity professionals who are members of the 370,000 member Information Security Community on Linkedin.
AI technologies will be in almost every new software product by 2020 (Help Net Security) Analysts predict that by 2020, AI technologies will be virtually pervasive in almost every new software product and service.
Continental business leaders trounce UK leaders on cyber risk management (Computing) Business leaders in France and Germany are more aware of cyber risks and more likely to take steps to mitigate failures than those in the UK
As security AI explodes, lack of efficacy comparisons leaves CSOs flying blind (CSO) Machine-learning security tools flooding market but customers lack concrete methods for comparing their efficacy
FIRST: Sleeping with the enemy - How cyber criminals are the new monsters under our beds (The Malta Independent) "Hey @CloudPets, someone named S. Atan keeps sending messages to my kids' cloud pets and the app won't let me block him. Please help."
Wait, you didn’t want to clean the toilets? Should have read the terms! (Naked Security) Some 22,000 people unwittingly agreed to clean bathrooms and hug stray cats and dogs in return for free WiFi – and their experience is a good reminder to be aware of what you’re agreeing…
Vietnam falls in global cyber security index (Xinhua) Vietnam ranked 101st out of 193 countries with a score of 0.245 in the Global Cyber security Index (GCI) 2017 compiled by the International Telecommunication Union, while Singapore topped the ranking with a score of 0.925.
Marketplace
Make war on cybercrime work for you (TheBull) Cyber-economy researcher Cyber Ventures recently predicted that global spending on cybersecurity will exceed US$1 trillion over 2017-2021. Firms will spend more than US$120 billion this year alone on cybersecurity, up 35 times in little over a decade.
Sandvine to be combined with Procera in $444M deal (FierceWilreless) Private equity firm Francisco Partners said it will spend roughly $444 million to acquire Sandvine Corp., then will combine the company with its own Procera Networks.
Exclusive: Cyber Startup Awake Security Debuts With $31 Million in Funding (Fortune) The company has been in stealth mode for two years.
Ironhack raises $3 million for its coding bootcamp (TechCrunch) As the focus on new educational models and coding bootcamps continues to attract attention (rightly or wrongly) as a cure for the world's economic woes..
Cybersecurity programme at STATION F (Thales) Thales joins STATION F to accelerate the future of cybersecurity, by partnering the field’s expert startups in their development.
5 questions with Team8 (The Straits Times) Q How did Team8 start and what is it about?. Read more at straitstimes.com.
Former AVG Executives Beef Up Cyber Security Investment Fund (New York Times) A group of former executives and investors from antivirus software maker AVG Technologies have raised an additional $55 million for their fund that invests in cyber security companies, its managing partner said.
Leadership In Cognitive Cybersecurity Makes IBM A Worthy Investment (Seeking Alpha) Investors should now take a good look at IBM's emergence as an early leader in cognitive cybersecurity. Watson, IBM's most famous creation for Artificial Intell
IBM: Riskier, But The Payoff Could Be Greater (Seeking Alpha) IBM's cognitive computing strategy is relatively more speculative than that of competitors. The company is somewhat placing its eggs in one basket with its Wats
Will CyberArk Software Ltd. Sink or Swim? (The Motley Fool) The Israeli cybersecurity firm’s shocking second-quarter miss raises bright red flags.
Lockheed Martin’s UK Cyber Works centre (Software Testing News) American global aerospace, defence, security and technologies company, Lockheed Martin, has invested £3million in a cyber security centre in Gloucester.
CrowdStrike eyes Germany and France as next European expansion targets (Channelnomics) Freshly appointed channel and business development boss sets course for geographic expansion
CrowdStrike Appoints Laurel Finch as Chief Legal Officer (BusinessWire) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced the appointment of Laurel Finch as chief legal officer and s
Products, Services, and Solutions
Bay Dynamics Announces Technology Partnership with Symantec to Detect and Stop Insider Threats (Bay Dynamics) Bay Dynamics’ User and Entity Behavior Analytics (UEBA) technology partnership with Symantec enables organizations to identify malicious insiders & prioritize threats to data assets
CrowdStrike and Dragos Inc. Partner to Drive Unmatched Cybersecurity Capabilities for Industrial Control Systems (CrowdStrike) Read more about how CrowdStrike and Dragos Inc. to drive unmatched cybersecurity capabilities for industrial control systems.
StackRox Unveils First Container Security Platform That Adapts to Evolving Threats (BusinessWire) Partnered with Sequoia Capital, StackRox Unveils First Container Security Platform That Adapts to Evolving Threats
etouches Announces EU-U.S. and Swiss-U.S. Privacy Shield Framework Certification (BusinessWire) etouches announces EU-U.S. and Swiss-U.S. Privacy Shield framework certification, representing an industry-first in U.S. event management solutions.
Infoblox introduces cloud service to protect remote workers (4-Traders) Infoblox has launched the global availability of Infoblox ActiveTrust Cloud, a service that will address the needs of enterprises with a mobile workforce.
How Netronome Systems is optimizing distributed security (SiliconANGLE) How Netronome Systems is optimizing distributed security - SiliconANGLE
Gas producer gets boost from SolarWinds network monitoring software (SearchNetworking) To boost its network infrastructure monitoring, Chart Industries, an industrial gas producer, chooses SolarWinds network monitoring software.
IBM Z Mainframe Brings Encryption Super Powers (CIO Today) Aimed at enterprise customers facing increasing threats of data breaches, the new IBM Z mainframe features "breakthrough" encryption capabilities that can secure information in any cloud application or database at all times, the company said today.
Dicker Data picks up Symantec's Blue Coat network security portfolio (CRN Australia) Expands existing deal with Symantec.
Technologies, Techniques, and Standards
Crowdsourcing cyber defence is now a necessity (Information Age) The recent wave of cyber attacks reinforces the need for greater global collaboration on cyber threat intelligence sharing
How ISPs Can Lead the Charge in DDoS Protection (CED) Malicious traffic has long been a problem for internet service providers (ISPs). In recent years, it has become much more difficult for ISPs to deliver “clean pipe,” primarily because malware, botnets, and distributed denial of service (DDoS) attacks have increased in size, sophistication, and frequency. In particular, the DDoS threat is decreasing internet service availability across the globe. Fortunately, some ISPs are taking a proactive role to thwart this threat.
Preventing the Next Petya: Block New Exploits by Defending Old Vulnerabilities (McAfee Blogs) For ransomware enthusiasts, the April release of stolen NSA Windows exploits is a gift that will not stop giving. Just weeks after the Shadowbrokers' "Lost
The complete list of Infosec related cheat sheets (Peerlyst) I do not think I have collected them all yet, but here's what I have so far. Please suggest more.
Becoming an Analyst Part 2: Educational Foundations (Recorded Future) In this episode, we discuss unconventional educational pathways to working in threat intelligence, including benefits, lessons learned, and advice.
SIEM Training Needs a Better Focus on the Human Factor (Dark Reading) The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
Design and Innovation
Security guard robot ends it all by throwing itself into a watery grave (Ars Technica) Knightscope K5 security bot shows your job is probably safe from automation. For now.
How to fight the forces in the cyber threat universe (Information Age) Every day hundreds of network security devices generate millions of log files, creating a detailed millisecond-by-millisecond record of all authorised and unauthorised user activity. Finding a way to extract meaningful evidence of cyber threat activity from this vast data set is crucial to the long-term security of any organisation. In the past few years
The future of macOS security: Baked-in protection and third-party tools (Help Net Security) What can we expect from future macOS security? Security researcher Patrick Wardle, developer of free, open source Mac security tools, looks ahead.
What does Imogen Heap have in common with mail? The blockchain (Naked Security) The blockchain isn’t just for verifying Bitcoin transactions – a number of very different ventures are using it to cut out middlemen and keep people honest
The Curious Comeback of the Dreaded QR Code (WIRED) Don't look now, but QR codes are back—and they're going to change your digital life in all sorts of previously impossible ways.
Research and Development
Defence awards AU$3.26m to QuintessenceLabs for quantum cyber development (ZDNet) The Australian Department of Defence has allocated AU$3.26 million to explore the feasibility of the establishment of highly secure communications links to defend against 'malicious cyber intrusion and disruption'.
Academia
Winning Hackers Announced for U.S. Cyber Challenge Competition at Southern Utah University (USCC) This morning, a number of the nation’s rising cybersecurity talent competed in the annual U.S. Cyber Challenge (USCC) Capture-the-Flag (CTF) competition at Southern Utah University (SUU) in Cedar City, UT.
Institute for CyberScience to offer graduate student travel awards (Penn State University) The Institute for CyberScience is accepting applications for the SuperComputing '17 Student Travel Awards. Through this new program, graduate students can receive funding to attend the SuperComputing 2017 conference in Denver, Colorado, this November.
Local colleges educate students on cybersecurity (Times Telegram) For people such as Jake Mihevc, sometimes educating students to work in a rapidly changing global market starts with seeds planted locally.
NSA's GenCyber Reaches New Territories (NSA) This year, the GenCyber Program, co-sponsored by the National Security Agency (NSA) and the National Science Foundation (NSF), is bigger and better than before. The program is offering more than 130 summer camps in 39 states across the nation, and in Washington D.C. and Puerto Rico.
PDX Cyber Camp 2017 Kicks Off Today; Cybersecurity Camp for Local High School Students Receives Widespread Community Support (PRWeb) Industry experts and hands-on education program teach students high-demand skills in cybersecurity
Singtel's new CSX platform aims to entice Singaporeans to cybersecurity careers (Security Brief) Singtel is promising to strengthen Singapore’s cybersecurity talent for students and mid-career professionals who want to get a start in the industry.
Legislation, Policy and Regulation
Estonia to open world's first 'data embassy' (The Straits Times) Cyber-savvy Estonia has taken yet another step forward in global technology - the small Baltic state is set to open the world's first "data embassy" in Luxembourg early next year.. Read more at straitstimes.com.
Credlin slams PM’s ‘super security’ ministry (NewsComAu) SKY News political commentator Peta Credlin has weighed in on the Turnbull Government’s Home Affairs super portfolio, slamming the new ministry as “cooked up”.
Dev to El Reg: Making web pages pretty is harder than building crypto (Register) 'Brandis.io' secures messages with APIs and 445 lines of JavaScript, so good luck with crypto-cracking laws!
'Trump administration has zero patience for Pakistan's terror policy' (Deutsche Welle) The US is aiming to impose aid restrictions on Pakistan. In an interview with DW, analyst Michael Kugelman says if there's one US administration likely to take a hard line against Pakistan, it's the Trump administration.
US to create independent military cyber command (AP via Fios Trending) The US plans to create independent military cyber command in order to enable military to more aggressively wage cyberwar against IS and others
US Places Cyberattacks on Par With Traditional Warfare Via Cyber Command Reform (Sputnik News) Donald Trump's administration is finalizing plans to revolutionize the US' military command for defensive and offensive cyber operations, in hopes of intensifying America's ability to wage cyberwar against foes such as Daesh. Serious questions abound as to whether Cyber Command can function as an independent entity, however.
Cuts Proposed for Key Cybersecurity Agency (Defense One) House Appropriations Committee reduces but retains White House cuts to the National Institute of Standards and Technology.
State Department's top cyber official to leave post (TheHill) Chris Painter appointed cyber coordinator in 2011 under Obama.
Governors told to not let up in cyber war; Sandoval reveals feds inspected Nevada voting security ahead of 2016 election (Nevada Independent) Governors who gathered in Rhode Island for their semiannual meeting this weekend got a chilling warning from the tech experts who know best -- the hacks and cyberattacks they’ve seen so far are just the beginning.
Tech vs. Telecom: Closing Arguments in Net Neutrality Battle (Motherboard) It’s a clash of corporate titans over the future of internet governance.
Litigation, Investigation, and Enforcement
Appeals court OKs secrecy of FBI national security data requests (Ars Technica) Targets of NSLs can't challenge them because ISPs can't tell the target about them.
Justice Department: 2 Iranians charged with hacking into Vermont software companies (Washington Examiner) Iranians sought to market and sell information relating to projectile technology and aerodynamics, prosecutors said.
Susan Rice's testimony to House Intelligence committee delayed: Report (Washington Examiner) Her testimony is still expected at a later date.
Fate of Kushner’s security clearance could ultimately lie with Trump (POLITICO) The president’s son-in-law and adviser has come under fire for initially failing to disclose meetings with Russian officials.
Lawyers score big in settlement for Ashley Madison cheating site data breach (Ars Technica) Members who paid $19 for their data to be deleted (it wasn't) might get a refund.
Facial Recognition Coming to Police Body Cameras (Defense One) An approach to machine learning inspired by the human brain is about to revolutionize street search.
People Keep Getting Charged With a Crime for Selling Bitcoin (Motherboard) We called a lawyer to find out when selling bitcoin is "operating an illegal money transmission business" in the eyes of the law.
Industry Events
newly Noted Events
4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for presenting cutting-edge, practical, and balanced training for cyber security lawyers, in-house legal personnel, cyber security service providers, law enforcement, military, members of the bar, bench, and ambassadors and consul generals from all over the world.
upcoming Events
SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.
ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.
AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.
BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.
Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.
Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.
RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.
DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.
North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.
Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).
2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.
SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.
Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.
TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.
The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.
The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.
U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.
7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.