Our thanks to all the Patrons who've been so generous in their support of the CyberWire. We're happy to have added a new benefit this week: members of the Producer's Circle now receive exclusive access to our new Quarterly Report, which is a way-better membership benefit than that boxed set of Ed Snowden's pensées on VHS the ShadowBrokers are probably offering (we're not sure—the phone lines don't appear to be open). If you'd like to see a sample of the Quarterly Report (redacted, of course, because the Patrons' access is exclusive, and we're an honest shop), this is it. And thanks again, Patrons.
More Signal. Less Noise.
Cylance
Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com
Another unsecured AWS S3 bucket. FedEx says some NotPetya damage may be permanent. Initial coin offering hacked. Voting security initiative announced at Harvard's Belfer Center. Game of Thrones virus in Pirate Bay torrents? DHS, Commerce, consider anti-botnet "moonshot." Industry notes.
Announcements
Producer's Circle patrons now receive the CyberWire Quarterly Report
Summary
Another unsecured Amazon Web Services S3 bucket is found. This one belongs to Dow Jones, which says 2.2 million customers were affected. Security firm UpGuard offers a higher estimate, suggesting the possibility that around four million records were exposed.
A 10-K filing from FedEx says that the shipping company doesn't yet know how long it will take to restore systems affected by the NotPetya attack, and that it's possible the company's TNT unit—the one directly affected—may be unable to "fully restore all of the affected systems and recover all of the critical business data" the attack hit.
Cybercriminals hacked Israeli cryptocurrency start-up CoinDash's initial coin offering, stealing many of the tokens on sale. If the crooks cash out intelligently, they may go uncaught.
If you were planning to illegally stream Game of Thrones, think twice—there are reports of a virus targeting you lurking in Pirate Bay torrents.
In the US, a bipartisan initiative to secure electronic voting spins up at Harvard's Belfer Center. It's led by former Clinton and Romney presidential campaign managers; its advisors include security leads from Facebook, Google, and CrowdStrike.
The US Departments of Homeland Security and Commerce have commissioned studies looking into the possibility of a "moonshot" challenge for combatting botnets.
In industry news, Awake Security emerges from stealth with $31 million in funding (its technology has been compared to near-unicorn Darktrace). ScaleFT closes a $2 million seed round. And Rapid7 announces its acquisition of security orchestration start-up Komand for an undisclosed amount.
Notes.
Today's issue includes events affecting Australia, Brazil, China, European Union, Iraq, Germany, Malaysia, New Zealand, Peru, Russia, Singapore, Ukraine, United Kingdom, United States
Can artificial Intelligence increase the precision of threat hunting?
Artificial intelligence is key to making sense of big data and scaling security data analytics. The “spray and pray” shotgun approach is too expensive and too imprecise to combat advanced attacks. So how do you harness the power of AI to increase precision and to proactively stay ahead of advanced attacks? How do you evaluate threat hunting tools? Join an online fireside chat with guests Josh Zelonis and Stephen Pieraldi to get the answers.
On the Podcast
In today's podcast, we hear from our partners at Accenture as Justin Harvey discusses fileless malware. Our guest, Robert Hamilton from Imperva Incapsula, talks us through distributed denial-of-service attacks on video game servers.
Sponsored Events
Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.
BSides Las Vegas (Las Vegas, NV, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!
CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.
The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).
8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Fighting Petya at Ground Zero: An Interview with Dmytro Kyselyov of IBM Ukraine (Security Intelligence) In this exclusive podcast, Dmytro Kyselyov of IBM Ukraine describes his experience facing the June 27, 2017 Petya variant outbreak from ground zero.
FedEx Says Some Damage From NotPetya Ransomware May Be Permanent (BleepingComputer) US-based and international courier delivery service FedEx admitted on Monday that some of its systems were significantly affected by the NotPetya ransomware, and some of the damage may be permanent.
CoinDash crowdfunding hack further dents trust in crypto-trading world (Register) $7m pilfered from investors, white hats on the trail
What is GhostCtrl? Android malware 'possesses' devices to spy, steal and do its bidding (International Business Times UK) GhostCtrl is a variant of the commercially available OmniRAT malware that can target Android, Mac, Windows and Linux systems.
Coding Library Vulnerability May Trickle Down to Thousands of IoT Devices (BleepingComputer) A vulnerability codenamed Devil's Ivy is putting thousands of Internet-connected devices at risk of hacking.
Home Security System Fails at Being Secure, Opens Homes to Hacking & Burglaries (BleepingComputer) The maker of a smart home security system has failed to patch five security issues in the firmware of his product. These flaws allow an attacker to bypass authentication, take over devices, and disable alarm systems, leaving homes exposed to burglaries.
Millions of Dow Jones customers exposed on misconfigured AWS server (CRN Australia) Personal details and some credit card info made vulnerable.
What customers of Verizon need to know about the info leak (GOOD4UTAH) Verizon has confirmed that personal information of 6 million customers was recently leaked online.
Who's responsible for protecting patient data in the cloud? (Healthcare IT News) Cybersecurity experts lay out the facts, and misperceptions, about securing data in the cloud. The answer is not so simple.
Ransomware is Not the Only Ransom Attack (Panda Security Mediacenter) Ransomware is not the only form of extortion that threatens user security. We take a look at other attacks that demand a "ransom" from their victims.
Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking (The Hacker News) Over 70,000 Memcached servers are still vulnerable to critical remote code execution vulnerabilities
Attackers are taking over NAS devices via SambaCry flaw (Help Net Security) A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures. Patch for SambaCry today!
When good extensions go bad: buyer turns Particle into adware (Naked Security) The tale of what happened when the Particle extension was sold and turned by its buyer into adware is a reminder that it’s a good idea to keep an eye on what you’ve added to your browse…
90 billion: The number of times hackers have tried to infiltrate Pa. computer systems (PennLive.com) Cybersecurity measures remain in place, but hackers last year made more than 90 billion attempts to break into state databases.
Premier Health hospitals impacted by vendor’s cyber attack (Dayton Daily News) The hospital's transcription services are down.
2017 will be a very big year for iOS vulnerabilities – Skycure MTD report (iTWire) The number of new disclosed iOS (CVE) vulnerabilities in the first quarter of 2017 was greater than all of 2016, according to mobile threat defence ve...
A massive botnet was tweeting you porn for months (CNET) Researchers say Siren was one of the largest spam campaigns on social media.
Game Of Thrones season 7 TORRENT WARNING - Free downloads could have a hidden DANGER (Express) MILLIONS of Game Of Thrones fans plan on illegally downloading or streaming the first episode of season 7 in the UK tonight, research has revealed. But a virus targeted at those who download the show from The Pirate Bay should be a cautionary tale to many illegal viewers.
Security Patches, Mitigations, and Software Updates
Microsoft announces new Windows 10 security features (Tecgenix) Recognizing that the “threat landscape continues to grow increasingly more sophisticated,” Microsoft has added several new Windows 10 security features.
Windows 10 support could end early on some Intel systems (Ars Technica) It all depends on what the “supported lifetime” of a system is.
Cyber Trends
Editorial: Blame Game (Infosecurity Magazine) Eleanor Dallaway considers the difference in the way that cybercrime victims and real-world crime victims are treated
Lastline says cyber-pros have some gaps in their malware knowledge (SC Media UK) Low awareness of some common malware behaviours could decrease the effectiveness of detection and mitigation efforts, according to the company.
Achieving 'always-on' availability in the shadow of two longstanding vulnerabilities: Malaysia cybersecurity interview (MIS Asia) 'There are two security challenges that will always continue to face the IT industry,' Veeam's Danny Allan told Computerworld Malaysia during a 'rapidfire' interview.
Kiwis, data privacy and IoT: Yeah, nah? Or only for the right reasons? (Security Brief) “People are happy to use their smartwatches to alert police to their location when they need help, but they don’t want police to freely access data."
Marketplace
Exclusive: Cyber Startup Awake Security Debuts With $31 Million in Funding (Forutne) The company has been in stealth mode for two years.
The Funded: Former Symantec CEO joins security startup board (San Jose Business Journal) Enrique Salem, the former CEO of Symantec Corp. who is now a managing director at Bain Capital Ventures, co-led a big round for Awake Security as it emerged from stealth on Monday.
ScaleFT Closes $2 Million Seed Funding Round; Launches “Zero Trust” Solution to Help Modernize Cloud Security (ScaleFT) Inspired by Google’s BeyondCorp architecture, ScaleFT Zero Trust Access Management protects corporate resources without VPNs
Rapid7 slurps security orchestration biz Komand (Register) When a problem comes along, you must whip it. Without having to get off your chair
Which cybersecurity start-ups have raised the most money in 2017? (Channelweb) CRN profiles the cybersecurity vendors with the largest funding rounds in 2017 so fa
Evolution Equity Partners Announces Final Close of New Cybersecurity Focused Fund (BusinessWire) Evolution Equity Partners announces final close of $125 million new fund to make investments in cybersecurity in North America, Europe and Israel.
Versasec Expands its German Operations with 300 Percent Growth Expected in 2017 (Versasec) Growing team supports company’s R&D efforts
Leadership In Cognitive Cybersecurity Makes IBM A Worthy Investment (Seeking Alpha) Investors should now take a good look at IBM's emergence as an early leader in cognitive cybersecurity. Watson, IBM's most famous creation for Artificial Intell
Is FireEye a Potential Turnaround Candidate? (Guru Focus) The company's transition to a subscription-based model will reap benefits
Is FireEye Inc (FEYE) Stock the Best IT Security Play? (InvestorPlace) FireEye should be among Wall Street's best security stocks over the next year. FEYE stock has the potential to hit $20 by next July.
Tenable Exec: Our 'Battle Cry' Is Enabling Channel Opportunities In IoT Security, Helping Secure Both IT And OT (CRN) Tenable Chief Revenue Officer John Negron talks about the security company's strategy around the Internet of Things and why solution providers should get on board.
Le maillon fort de la lutte cybersécuritaire (Largeur) La cryptographie constitue un élément essentiel pour sécuriser les données informatiques. À la pointe du secteur figure l’entreprise genevoise ID Quantique.
Michael Dell takes long view with 'Dell 2.0' (Mail Online) His first company became the world's largest maker of personal computers. Now Michael Dell says he is building a broader technology firm with similar...
Cellebrite’s Mobile Lifecycle Division to Rebrand as Mobilogy (EIN News) Cellebrite’s Mobile Lifecycle Division to Rebrand as Mobilogy Move enhances the division’s visibility and will accelerate growth to new segments across the
Britain's cyber security center says has never certified Kaspersky products (Reuters) Britain's National Cyber Security Centre said on Tuesday it had never certified products from Russian cyber security firm Kaspersky Lab.
Doing a Startup Involving Cryptography? Get Out of the U.S. (IEEE Spectrum: Technology, Engineering, and Science News) Singapore entrepreneurs say being able to avoid NSA requirements gives their companies a big advantage
Herndon-based IT firm names new CEO (Washington Business Journal) Herndon-based NetCentrics Corp. announced Tuesday that Cyndi Barreda, the company's current president, will take over for departing CEO and co-founder Bob Dougherty.
Mara Motherway Named Govt Relations Head at Booz Allen (GovCon Wire) Mara Motherway, a principal at Booz Allen Hamilton (NYSE: BAH), has been named head of government re
Trident Capital Cybersecurity Recruits Ken Gonzalez as Managing Director to Strengthen Its Experienced Cybersecurity Investment Team (GlobeNewswire News Room) Gonzalez Brings Deep Operational Experience, Strong Go-To-Market Knowledge and Broad Network of Corporate Partners to the Early-Stage Cybersecurity Venture Firm
Colorado Cyber Founder, Tom McConnell Promoted to Managing Director at Headwaters MB (BusinessWire) Headwaters MB, a leading middle-market investment bank, announced today that Tom McConnell has been promoted to Managing Director. Tom has been at Hea
Former Cylance Executive Joins SentinelOne to Lead Product Design and Strategy (Marketwired) Raj Rajamani, former Cylance Head of Products, Joins as Vice President of Product Management
ICF Names Randy James Head of Cybersecurity and Resilience Business (BusinessWire) ICF has named Randy James SVP and division lead for the company’s enterprise cybersecurity and resilience (ECR) practice.
Products, Services, and Solutions
Prey Business Adds Anti-Theft and Mass Management Features for More Secure Mobile Environments (EconoTimes) Prey Software, provider of the cross-platform, open source anti-theft software that protects more than eight million mobile devices, today announced a new version of its enterprise...
Minerva Advances Anti-Evasion Security to Protect Against Ransomware (eWEEK) The security startup uses ransomware attacks as an opportunity to help organizations improve security by backing up data at risk.
AlienVault Unified Security Management: Threat Intelligence Product Overview and Insight (eSecurity Planet) We review AlienVault Unified Security Management, which taps AlienVault Labs and a massive crowd-sourced exchange to identify and respond to threats.
EdgeWave Announces New ThreatCheck Service Advancing Phishing Detection and Security Awareness for Customers (Marketwired) New service enables real-time threat detection to foster security awareness at the end user
Splunk and Booz Allen Hamilton Announce Cyber Intelligence Service to Manage Advanced Threats with Greater Precision and Speed (BusinessWire) To help organizations improve how they detect and defend against cyber attacks, Splunk Inc. (NASDAQ:SPLK), provider of the leading software platform f
NexDefense Unleashes Next Evolution of Award-Winning IIoT, Industrial Cybersecurity Software: Integrity 3.2 (BusinessWire) NexDefense, a global leader for industrial IoT (IIoT) environments and cybersecurity, today announced the next evolution of its flagship Sophia platfo
Ixia Brings in ProtectWise to Strengthen Cloud Visibility Product (SDxCentral) ProtectWise and Ixia partnered to provide an integrated product to help enterprises monitor their public, private, and hybrid clouds.
KnowBe4 Releases Innovative, Customizable Automated Security Awareness Program Builder: ASAP (PRWeb) No-charge ASAP tool is an industry-first that helps IT professionals and security practitioners create a human firewall: their last line of defense.
The digital afterlife: app lets friends and family unlock your accounts after death (TechRadar) Gone but not forgotten
DCCC Employs Encrypted Messaging App to Prevent Hacks (Newsmax) The Democratic Congressional Campaign Committee (DCCC) is trying to guard against future computer hacks by using an encrypted messaging program for communications between employees and the campaign teams for 20 Democrats in the 2018 midterm elections....
Fpweb Unveils Hyper Secure Cloud® (Benzinga) Trustworthy, layered defense and industry-leading, next-generation security tools for organizations needing a more secure cloud.
BeyondTrust Partners with Secure Internet Storage Solutions to offer First Privileged Access Managed Security Service in Australia (Marketwired) BeyondTrust Partners with Secure Internet Storage Solutions to offer First Privileged Access Managed Security Service in Australia
Radware Powers TierPoint’s Best-In-Class DDoS Mitigation Service (NASDAQ.com) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, announced that it is powering TierPoint's new Managed DDoS Defense service via Radware's Attack Mitigation Solution (AMS), ERT Premium service, and extensive support services.
IBM Launches New Encrypted Transaction System That Can Even Address Cyberattacks (Futurism) IBM has announced its new IBM Z mainframe which can run more than 12 billion encrypted transactions per day.
Wombat Security Releases Securing Your Email - Fundamental Anti-Phishing Training Series (PRNewswire) Wombat Security Technologies (Wombat), the leading provider of cyber...
STEALTHbits Releases Splunk Apps for Threat Hunting, Active Directory Monitoring, File Activity Monitoring (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Technologies, Techniques, and Standards
Security experts from Google, Facebook, Crowdstrike want to save US elections (Ars Technica) "Defending Digital Democracy" will "generate innovative ideas" to safeguard democracy.
Former Clinton and Romney campaign chiefs join forces to fight election hacking (Washington Post) 21st century propaganda operations target all parties, former politicos say.
SIEM Complexities Increase IR Costs, Decrease IR Productivity (Marketwired) New report from Cyphort and Osterman Research puts spotlight on SIEM user challenges and how incident responders spend their time
Is cybersecurity a risk for fundraisers? The SC guide for charities (SC Media UK) Charities are being targeted by cybercriminals
Access all areas – but for how long after you’ve left the company? (Naked Security) How quickly do you push the big red Delete button on someone’s access after they leave?
The Cyber Kill Chain is making us dumber (Obsidian Tower) As soon as I read “cyber kill chain” I immediately hated it.
Analyzing Threats from Multiple Perspectives for Context (Bricata) Some point to security analytics as the answer, but the challenge remains nested in the source data being fed into the analytics tool. As the saying goes, garbage in equals garbage out.
Design and Innovation
Google wants you to bid farewell to SMS authentication (Naked Security) Google’s shift to a more secure option is welcome, but also adds to the confusion of the post-password world
Why Machine Learning will Boost Cyber Security Defenses (Infosecurity Magazine) Machine learning is our best hope for securing the exponential growth of technology. Imagine systems designed to learn the behavior of its users.
Research and Development
US Army Seeks Internet-of-Battlefield-Things, Distributed Bot Swarms (Defense One) After nearly two decades of war against technologically unsophisticated foes, the Army Research Lab is reorienting to counter China and Russia.
Advisory Group Prepping ‘Moonshot’ Plan to Fight Botnets (Defense One) DHS has commissioned two reports describing what might be done about networks of compromised computers.
Cyber security collaboration wins Health Data Provenance Challenge (University of Southampton) An innovative proposal from scientists at the University of Southampton to trace the origin of data has been named a winner of an international provenance challenge.
Academia
High School Girls Learn 'Virtuous Hacking' in Computer Science Program (THE Journal) The no-cost program is intended to woo more women into data security.
Bellingham cybersecurity organization funds new Western scholarship (Bellingham Business Journal) Computer science students studying cybersecurity at Western Washington University have the chance to get a new scholarship, thanks to a Bellingham organization.
5 University of Wisconsin Campuses Are Accepting Applications to Online Degree in Applied Computing (PRNewswire) Driven by industry demand, five University of Wisconsin...
Legislation, Policy and Regulation
Corker: Russia sanctions could move before August recess (POLITICO) "I was a little worried about adding North Korea to it because of floor time," Corker told reporters. "But it seems we have a gap in the floor."
On Cooperating with Bad Actors in Cyberspace (Lawfare) What are the subjects, if any, on which cyber cooperation is not a bad idea?
Ukraine separatist 'Little Russia' sparks concern over peace deal (Deutsche Welle) Pro-Russian separatists in Donetsk have declared all of Ukraine to be part of "Little Russia." Could the move undo the Minsk Protocol aimed at keeping the peace in the region?
Knesset passes law allowing courts to censor internet (Haaretz) The new law requires local ISPs to block access to gambling and pedophilia sites, websites that advertise prostitution or drugs, and sites that support acts of terror
How Badly Is China’s Great Firewall Hurting the Country’s Economy? (Foreign Policy) Beijing's paranoia is about to kill the country's booming live-streaming sector — and it won't be the only victim.
Dutton gets sweeping national security powers as head of new super-ministry (ABC News) Peter Dutton will be given the job of overseeing national security at the head of a new Home Affairs super-ministry, PM Malcolm Turnbull says.
Credlin slams PM’s ‘super security’ ministry (NewsComAu) SKY News political commentator Peta Credlin has weighed in on the Turnbull Government’s Home Affairs super portfolio, slamming the new ministry as “cooked up”.
Long favoured by Australian PM, Wickr could become his decryption Waterloo (CSO) Once lauded by prime minister Malcolm Turnbull as a paragon of secure communications, encrypted-messaging app Wickr could turn out to be one of the biggest opponents to his government’s new legislative push to force technology companies to divulge users’ encrypted communications.
Peru and Brazil Cooperate More Closely on Security and Defense (Dialogo Americas) The two countries’ armed forces agree to take action against mafias involved in organized crime.
[Open Letter to the Senior Official Performing the Duties of the Under Secretary, National Protection and Programs Directorate] (Senator Ron Wyden | Senator for Oregon) I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies...
What Is DMARC? (ValiMail) DMARC builds on two earlier email authentication standards, SPF and DKIM, adding validation for the address that appears in the From field of an email message.
Senator: Why Are Fed Agencies So Vulnerable to Email Fraud? (ValiMail) Senator Ron Wyden today called on DHS to enforce email authentication at all federal agencies. It's a good call.
House panel signs off on $1.8B for DHS cyber office (TheHill) Bill maintains funds for cybersecurity directorate but cuts DHS research and development.
White House 'rumoured to close State Department's only cyber security office' as top diplomat quits (The Independent) It has been reported that the cyber security office in the State Department may be closed as its top diplomat quits.
House Dems say voter data request poses serious cybersecurity concerns (FCW) Demanding that the Kris Kobach resign from the White House's election integrity commission, the legislators warn the request for state voter data could run afoul of the president’s cybersecurity executive order.
US Senate confirms Shanahan, but Democrats still slowing Trump picks (Defense News) The Senate on Tuesday confirmed the Pentagon’s new No. 2, Boeing executive Patrick Shanahan, 92-7, but Democrats say they will continue to delay Trump administration nominees.
Acquisition nominee Lord, others cruise in confirmation hearing (Defense News) Ellen Lord appears poised to become the last undersecretary of defense for acquisition, technology and logistics.
UK government wants to maintain unhindered data flows (Infosecurity Magazine) Inquiry by the Lords Select Committee explores implications for UK and EU data flows
Cybersecurity audit on radar as inspector general sets new course for watchdog agency after rough year (Richmond Times-Dispatch) July 1 was the fifth anniversary of the creation of the Office of the State Inspector General and the end of a tough year for the independent watchdog.
Litigation, Investigation, and Enforcement
German authorities probe identities of women found in Mosul tunnel (Deutsche Welle) German authorities are trying to find out if a 16-year-old who converted to Islam and disappeared from her home near Dresden last year is one of 20 women found in a tunnel in Iraq. She had been under investigation.
German jihadist girl Linda Wenzel was lured by internet lover to join Isis in Iraq (Times (London)) A young Isis member captured in the ruins of Mosul is believed to be a German schoolgirl who was lured into joining the jihadists a year ago by specialist recruiters who target vulnerable western...
Tory austerity leaving police officers struggling to collect terrorist intelligence – ex-Met chief (RT International) Britain’s counterterrorist strategy may be at risk as the police force is stretched to near “breaking point,” leading officers struggling to collect intelligence on terrorism, the former head of the Metropolitan Police has said.
Feinstein: Mueller won’t object to public testimony from Trump Jr., Manafort (POLITICO) Grassley last week said he planned to invite Trump Jr. and Manafort to testify before his panel as early as this week.
8th Person Identified at Trump Son's Russia Meeting (VOA) Ike Kaveladze is executive for Russian oligarch who initiated younger Trump's meeting with a Russian lawyer on promise that incriminating material about Hillary Clinton would be handed over
Elijah Cummings demands details on how Secret Service vetted Russians at Trump Tower meeting (Washington Examiner) 'It remains unclear what security protocols the Secret Service may have had in place at Trump Tower while the protectee was present.'
ACLJ Files Federal Lawsuit Against NSA – Whatever it Takes to Get to the Bottom of the Dangerous Susan Rice “Unmasking” Scandal (American Center for Law and Justice) Today, the American Center for Law and Justice (ACLJ) just filed its second lawsuit against the National Security Agency (NSA). We made lawful demands for...
Qualcomm loses antitrust appeal, faces daily fines (CRN Australia) Fails to provide regulators with necessary information.
Industry Events
upcoming Events
SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANSFIRE 2017 (July 22-29) is Washington Marriott Wardman Park.
ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll cover secure-by-design concepts inherent in DevSecOps, effective training and awareness practices, and how to lead organizational change management to embed security into your company’s DNA.
AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.
BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.
Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.
Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.
RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.
DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.
North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.
Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.
Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.
PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).
2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.
SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.
Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.
TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.
The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.
The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.
U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.
7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.