The CyberWire Daily Briefing 7.25.17

Summary

By The CyberWire Staff

ClearSky and Trend Micro release the results of their research into CopyKittens, which they characterize as a cyberespionage group, operating from and on behalf of Iran. The CopyKittens have been operating since 2013 at least; their interests are consistent with nation-state strategic intelligence objectives: legislative bodies, foreign and defense ministries, the defense and aerospace industry, academic research institutes, and so on. The nations principally targeted include Israel, Saudi Arabia, Turkey, the United States, Jordan, and Germany. Some recent high-profile victims have been Germany's Bundestag and the Jerusalem Post. The group uses DNS for both command-and-control communications and data exfiltration. ClearSky and Trend Micro call CopyKittens' latest campaign "Wilted Tulip."

Another user configuration error exposes cloud data. This time it's Google Groups, not AWS. RedLock finds that "hundreds" of enterprises have left their information out for inspection; the problem seems to arise from the casual choice to make groups "public on the internet."

Criminals have hit another Ethereum initial coin offering. On Sunday about $8.4 million in VERI tokens were stolen from Veritaseum's ICO.

After last week's theft of $32 million in Ethereum cryptocurrency via a flaw in the wallets' contract, the White Hat Group said they intended to "rescue" and return Ether exposed to the same vulnerability. We were skeptical, but our skepticism was misplaced: apparently the White Hat Group is proving as good as its word. Motherboard reports the the White Hat Group obtained control of about $208 million in Ethereum assets, and will finish returning the funds Monday.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Bahrain, China, Egypt, Hungary, Iran, Israel, Netherlands, New Zealand, Qatar, Russia, Saudi Arabia, Singapore, Sweden, United Arab Emirates, United Kingdom, United States

Best Practices for Applying Threat Intelligence

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

On the Podcast

In today's podcast we hear from our partners at Terbium Labs, as Emily Wilson discusses what does (and does not) count as personal information on the dark web. Our guest, Doug Clare from FICO, familiar for their credit scoring, describes FICO's effort to establish FICO-like scores for companies on cyber security.

You'll also find Recorded Future's podcast, produced in cooperation with the CyberWire, of interest. The topic of the latest edition is "Making Sense of Artificial Intelligence and Machine Learning."

Sponsored Events

CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Selected Reading

Dateline

Las Vegas UPS Store makes risk adjustments due to DEF CON (CSO Online) The UPS Store in Caesars Palace is preparing to host thousands of hackers this weekend by issuing a warning to hotel guests who are looking for printing services – no USB printing and no links.

7 Hardware & Firmware Hacks Highlighted at Black Hat 2017 (Dark Reading) Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.

Zscaler Reveals Insights From the World's Largest Security Cloud at Black Hat USA 2017 (Marketwired) Zscaler, Inc., the leading cloud security company, today announced that it will host a series of presentations on ThreatLabZ research and secure network transformation at Black Hat 2017 in booth #1160. Presentations will include such subjects as IoT and mobile risks in the enterprise, evolving ransomware tactics, and the latest trends in exploit kits.

Why We Need Guardians of the BIOS (Cylance) The move to UEFI and the spread of the Secure Boot scheme changed the bootkit landscape, drawing more attention to BIOS firmware from security researchers. In my upcoming Black Hat talk, I focus on BIOS protection technologies, and why it’s important to protect the platform boot process properly.

Best of Black Hat: 20 Epic Talks in 20 Years (Dark Reading) In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.

Anybody Can Fire This 'Locked' Smart Gun With $15 Worth of Magnets (WIRED) One smart gun model's protections turn out to be easily overcome–by cheap magnets.

Cyber Attacks, Threats, and Vulnerabilities

CopyKittens: A New Report Details Possible Iranian Threat Group (Infosecurity Magazine) CopyKittens: A New Report Details Possible Iranian Threat Group. Cyber espionage group uses in-house and commercial tools to target wide range of victims

Operation Wilted Tulip: Exposing a cyber espionage apparatus (ClearSky Cyber Security and Trend Micro) CopyKittens is a cyberespionage group that has been operating since at least 2013. In November 2015, ClearSky and Minerva Labs published the first public report exposing its activity. In March 2017, ClearSky published a second report2 exposing further incidents, some of which impacted the German Bundestag.

Configuration errors blamed for sensitive data exposed via Google Groups (CSO Online) Researchers at RedLock, working within the Cloud Security Intelligence team, say they've discovered hundreds of organizations exposing sensitive data via Google Groups, pinning the cause on basic configuration issues.

Weather.com, Fusion Expose Data Via Google Groups Config Error (Dark Reading) Companies that leaked data accidentally chose the sharing setting public on the Internet, which enabled anyone on the Web to access all information contained in the messages

Veritaseum Hack: Another Ethereum ICO Hacked; Loses $8.4 Million (HackRead) Another day another Ethereum related breach - This time its Veritaseum platform, whose Initial Coin Offering (ICO) suffered a data breach in which around U

How Coders Hacked Back to ‘Rescue’ $208 Million in Ethereum (Motherboard) "We were in the zone. We'd done this before."

Devil’s Ivy and the Future of IoT Security (Digital Guardian) Security researchers have discovered a serious, remotely exploitable vulnerability in a code library that’s present in potentially tens of millions of devices, mainly Internet-connected security cameras.

“Perverse” malware infecting hundreds of Macs remained undetected for years (Ars Technica) Surveillance malware dubbed Fruitfly was easy to spot but flew under the radar anyway.

MacOS malware used to spy on home users in the US (Help Net Security) A new variant of the macOS malware Fruitfly has been found on some 400 machines of (mostly) home users located in the US.

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities (Threatpost) This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoo…

New Form of Cyber-Attack Targets Energy Sector (Infosecurity Magazine) The approach has the potential to cause power cuts, disrupt vital facilities and even cost lives.

WannaCry, Petya ransomware attacks were 'non-events' for DoD systems (FederalNewsRadio.com) Pentagon cybersecurity officials say two global ransomware attacks highlighted improvements the Defense Department has made to its own networks.

Reckitt Benckiser still dealing with fallout from cyber attack (Financial Times) Consumer goods giant Reckitt Benckiser reported a rise in profits in its second quarter, but confirmed it was lowering its full-year revenue guidance as it adjusted to a “challenging” trading environment exacerbated by a cyber attack last month.

Cyber attack costs weigh on Reckitt revenue forecast (NASDAQ.com) CEO calls full-year target "challenging." Not yet at normal operations everywhere after attack. Shares down 2 percent

Global Cyber Attack: The New Natural Disaster (Enterprise Mobility Exchange) The financial impact of a cyber attack could be worse than some of the most devastating storms in history, according to Lloyd's of London.

Voter Registration Data from 9 States Available for Sale on Dark Web (Dark Reading) Nearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.

Leaked Exploits Spark Major Cybercrime Incidents According to 2017 Mid-Year Report By Surfwatch Labs (PRWeb) Ransomware, large-scale data dumps and cybercrime-as-a-service dominated first half of 2017

Comodo publishes strategic analysis of 97M malware incidents in Q2 (Comodo News and Internet Security Information) Comodo detected and analyzed nearly 100 million incidents in Q2 2017, almost quadruple the number from its Q1 report. Download the Q2 threat report.

Comodo Threat Research Labs Q2 2017 REPORT (Comodo Threat Research Labs) Comodo detected 97 million (M) malware incidents in every corner of the globe.

Malware takes stealth approach to global content delivery networks (Security Brief) 'Domain fronting' is rampant across tens of thousands of high-reputation domains, including one that controls 15-30% of the world's web traffic.

Malware Growth for Apple iOS Outnumbers Android’s (Spamfighter) Android devices across the world far outsell Apple devices; despite so hackers seek to attack iOS devices. Indeed, with Cisco Systems and IBM partnering with Apple for providing business associated services intended for corporate users, it's expected that iOS devices will more-and-more become targets of malicious software.

Atlantis warns guests after cyber attack (Tribune 242) A recent data security incident “may have compromised” the security of payment information of some customers who used debit or credit cards at food and beverage and retail locations at the Atlantis resort on Paradise Island between November 1, 2016 and April 3, 2017, the hotel said.

Bots Make Lousy Dates, But Not Cheap Ones (Dark Reading) The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.

Security Patches, Mitigations, and Software Updates

Verizon Rolling Out July 2017 Security Patch For The LG V20 (AndroidHeadlines.com) The LG V20 on Verizon's network is now receiving a software update, and it happens to come with the Android Security Patch for the month of July.

Cyber Trends

Custom Source Code Accounts for 93% of App Vulnerabilities (Dark Reading) A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.

Changing motivations have made profit-minded hackers a clear and present danger (CSO) Hacking for fun and profit? Not so much; these days it’s mostly just about profit.

As GDPR approaches, retail data breaches remain unacceptably high (Help Net Security) As GDPR approaches, 43 percent of retailers had experienced a data breach in the last year, with a third claiming more than one.

Compliance and Employee Behavior Bother Data Security (Infosecurity Magazine) Compliance and regulation and the unpredictable behavior of employees have the biggest impact on data security

Majority of Security Pros Let Productivity Trump Security (Dark Reading) A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.

Why security automation should be welcomed, not feared (Computer Business Review) As part of CBR's Tech Express series, Huntsman Security CEO Peter Woollacott sits down with CBR's Ellie Burns to discuss security automation.

Marketplace

Is cyber insurance worth the paper it's written on? (Help Net Security) Is cyber insurance worth it? Is there any point spending good money on cyber insurance when you could put that money into robust protection instead?

From hacked casino fish tanks to malicious links, cybersecurity threats are everywhere — and startups are raking in the dough (Business Insider) Cybersecurity is a $81.7 billion market, which means plenty of venture capital for boutique startups.

Top 10 cybersecurity acquisitions so far this year (CRN) CRN ranks 2017's biggest acquisitions in cybersecurity

Israel's Checkmarx buys security education firm Codebashing (Reuters) Israel's Checkmarx, which provides application security testing technology, said on Monday it acquired UK-based Codebashing, an application security education company.

Opposition critic calls for security review of offer to acquire Sandvine Corp. (TheRecord.com) The federal government must do a complete and formal security review of the proposed sale of Waterloo-based Sandvine Corp., says the Conservative party’s public safety critic.

Snopes seeks crowdfunding in ownership battle (TechCrunch) How many times have you heard some urban legend, chain letter or misleading bit of news repeated and immediately found a thorough, fact-based debunking on..

Darktrace gains momentum in South Africa (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.

Products, Services, and Solutions

Webroot Launches Worldwide Certification (Webroot) Program Includes Best Practices and Tools to Help Partners Sell to and Support

TruSTAR Partners with Retail Cyber Intelligence Sharing Center (R-CISC) to Power Intelligence Exchange (TruSTAR) TruSTAR is partnering with R–CISC to enhance their threat intelligence exchange infrastructure for members.

Core Security Continues its Position as Industry Leader in Penetration Testing (PRNewswire) Core Security, a leader in Vulnerability, Access Risk Management and Network...

NetScout, Arbor Team on Security Data (Light Reading) NetScout's ISNG platform will be integrated into Arbor Networks' advanced threat detection platform.

Fortinet Launches Global Threat Intelligence Service (NASDAQ) FortiGuard Threat Intelligence Service arms CISOs with actionable and prioritized threat intelligence enabling a quick and proactive response to targeted attacks

Mastercard and Cisco Join Enterprise Ethereum Alliance (Bitcoin Magazine) The Enterprise Ethereum Alliance (EEA) was recently joined by 34 new members, including Mastercard, Cisco, Scotiabank and the Government of Andhra Pradesh, ...

Fighting Ransomware and Malware Attacks with Improved Security and IT Ops--Endpoint Visibility and Management Identified as Key Factors (Benzinga) New Ziften Zenith features empower security and IT operations teams in the fight against ransomware attacks

Defending the domain (ITP) Infoblox expertise is in protecting DNS, a foundational Internet technology that regional organisations are starting to pay greater attention to

Technologies, Techniques, and Standards

Making Sense of Artificial Intelligence and Machine Learning (Recorded Future) Will artificial intelligence (AI) and machine learning (ML) be our virtual saviors or can we expect killer bots? In this episode we try to sort it all out.

5 reasons to take a fresh look your security policy (CSO Online) Evolving ransomware and DDoS attacks, new technology such as IoT, and changing user behavior are all good reasons to revise your security policy.

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks (Agari) facebook Twitter Google+ LinkedIn Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. But without this information, it’s impossible for the doctor to know how to treat you. From a cybersecurity …

Learning from the Financial Sector's Cybersecurity Regulations (Infosecurity Magazine) That financial institutions have become critical to the functioning of society is clear with just a glance at the headlines.

The endless hunt: Looking for patterns in malware data (Cyberscoop) New data from Comodo shows that malware incidents map to geo-political crises, as well as revealing the character of a nation's networks.

Design and Innovation

A Clever New Tool Shuts Down Ransomware Before It's Too Late (WIRED) By sniffing out ransomware in real-time, ShieldFS might be the cure to the internet's latest security scourge.

Elon Musk says Mark Zuckerberg’s understanding of the future of AI is ‘limited’ (TechCrunch) It's fascinating to imagine the conversations that happened behind closed doors between the world's richest and most powerful, so when they occur in the open..

A US Firm Will Install Microchips in Employees (HackRead) A Wisconsin based firm that designs break room markets’ software has announced its plan to implant microchips in its employees. The company’s press release

32M Microchips Employees Company-Wide (Thirty-Two Market) Three Square Market will become the first U.S. company to provide implanted microchip technology to their employees.

Research and Development

Netherlands-U.S. Cybersecurity R&D Partnership is Thriving (Newswise) S&T has established active partnerships with cybersecurity organizations in 13 countries—including the United Kingdom, Australia, Canada, Singapore and Israel—and an international body—the European Union.

IBM Patents System to Secure Cryptographic Keys and Codes for Data Protection (PRNewswire) IBM (NYSE: IBM) today announced that its engineers have been granted a...

Academia

UK govt urges teenagers to apply for cyber security training programme (Help Net Security) UK cyber security training (Cyber Schools Programme) is offered to teenagers to help the nation address the risk of a future skills shortage.

Legislation, Policy and Regulation

Putin's representative: Russia is a combat cyber elephant (PravdaReport) Special representative of the Russian president on international cooperation in the field of information security, Andrei Krutskikh, believes that Russia has won respect on the international arena

Most Russians believe Western countries fear and respect Russia (PravdaReport) Many Russians believe that Russia should stay strong and insist on its interests, despite sanctions from the West

Global cyber-security tie-ups critical, says former CIA official (The Straits Times) Mr Gus Hunt deals in a dystopian-sounding space of aggressive cyber attacks, simmering geopolitical tensions and damaging hacking scandals. But the former chief technology officer of the United States Central Intelligence Agency (CIA) is surprisingly affable - and optimistic about the future of the cyber-security industry.. Read more at straitstimes.com.

Cyber expert: Israel, West must be ready to counter-hack adversaries (The Jerusalem Post) Former United States defense official Matthew Devost advises the 'The Jerusalem Post' about the current affairs of cyber warfare.

Don't Mind the Gulf (Foreign Affairs) For all the high drama, the worsening rift in the Gulf between Qatar and the gang of four—Bahrain, Egypt, Saudi Arabia, and the United Arab Emirates—is more intrigue than a real threat to either regional stability or to American interests. That is why Washington should steer clear of the crisis.

Should NSA and CYBERCOM Split? The Legal and Policy Hurdles as They Developed Over the Past Year (Lawfare) In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises.

ITIF Calls on United States to Lead in Developing a New Approach to International Law Enforcement Cooperation for Cross-Border Requests for Data (Information Technology and Innovation Foundation) Outdated laws, court decisions, and treaties make it unnecessarily difficult for law enforcement to access data as part of lawful investigations that traverse borders, according to a report released today by the Information Technology and Innovation Foundation (ITIF), the leading U.S. think tank for science and technology policy.

UK Gov Launches £20m Security Skills Program Website (Infosecurity Magazine) UK Gov Launches £20m Security Skills Program Website. Teachers, students and industry players urged to register interest

Addressing the deficit in cyber security workforce and national policy (Help Net Security) Whether they like it or not, nearly all organizations have to think about their cybersecurity posture and find a way to minimize cybersecurity risk.

Litigation, Investigation, and Enforcement

NZ judge: Our spies surveilled Kim Dotcom for 2 months longer than admitted (Ars Technica) "The US extradition case is dying. And someone is going to pay for this mess."

Trump voting commission wins right to collect state voter data (Ars Technica) “The Commission is putting at risk the privacy of millions of registered voters.”

Sweden Tries to Stem Fallout of Security Breach in IBM Contract (Bloomberg) Swedish Prime Minister Stefan Lofven says his government is trying to safeguard sensitive information and minimize damage done by an IT outsourcing deal that could have exposed classified details to foreign powers.

Cyber arm of UK spy agency left without PGP for four months (Register) Meanwhile Huawei gets green light, despite failure to verify source code

Xinjiang Users Arrested over State Spyware Usage (Infosecurity Magazine) Latest crackdown on Uyghurs in the name of anti-terrorism.

Russia's Election Meddling Is Part of a Bigger Story (The Atlantic) To influence U.S. politics, foreign governments don’t have to hack one party and collude with the other.

Jared Kushner denies secret deals with Russia at senate hearing (Times (London)) Jared Kushner denied colluding with Russia during the US election, depicting himself yesterday as an overstretched and media-shy political neophyte who after Donald Trump’s shock win suddenly found...

Even If Kushner Can't Recall His Russia Talks, the FBI Would (WIRED) Anything the Russian ambassador says on the phone almost certainly gets caught on a FISA wiretap.

EXCLUSIVE: FBI Seized Smashed Hard Drives From Wasserman Schultz IT Aide’s Home (The Daily Caller) FBI agents seized smashed computer hard drives from the home of Florida Democratic Rep. Debbie Wasserman Schultz's information technology (IT) administrator, according to two sources with knowledge of

Former prosecutors join accused NSA leaker’s legal defense team (Atlanta Journal-Constitution) Former prosecutors join accused NSA leaker’s legal defense team

Regulators Question Wells Fargo Regarding Data Breach (Dark Reading) Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.

Wells Fargo Asks Judges to Force Return of Leaked Client Data (Infosecurity Magazine) Wells Fargo Asks Judges to Force Return of Leaked Client Data. Bank’s lawyer accidentally sent data on tens of thousands of clients to opposition lawyer

Facebook, Twitter, Google warned over EU consumer rights (TechCrunch) U.S. social media giants have been warned by Europe's consumer rights commissioner that she's running out of patience with their failure to comply with the..

The Google Machine Barrels Along Despite Record EU Fine (WIRED) Note To Regulators: It'll Take More than Fines to Slow Down the Search Giant

Spiderman pleads guilty to knocking 900,000 German broadband routers offline (WeLiveSecurity) It seems that Spiderman is in a spot of trouble, tangled in a web of his own making.

Hungarian hacker arrested for pressing F12 (TechCrunch) The Budapest Transport Authority (BKK, in Hungarian) recently launched an online payment system with the help of a T-Systems, Deutsche Telekom's consulting..

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities. Through the camp, students will learn how to protect their personal devices and information from outside threats, as well as how to harden entire networks running Windows 7 and Ubuntu operating systems. The AFA CyberCamp will culminate in an exciting final team competition that simulates real cybersecurity situations faced by industry professionals and mimics AFA’s CyberPatriot National Youth Cyber Defense Competition.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you.

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics will include an update to the Capabilities Portfolio, Baseline and Sunset Lists, the UCDSMO SharePoint sites, Labs and Lab Testing, updates on the CDS Overlays and the Cross Domain Risk Management process.

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days of technical Trainings (July 22-25) followed by the two-day main conference (July 26-27) featuring Briefings, Arsenal, Business Hall, and more.

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure to innovative technologies and leadership that will help secure your organization and your future.

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing with burner phone chat.

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use. Highly respected speakers from the public and private sectors will address emerging trends, technology and best practices. The event is open to the public and will feature information for individuals, families, educators, business professionals, law enforcement and government officials. The summit agenda will feature internationally recognized keynote speakers as well as experts from across the county to lead breakout sessions on featured industry topics.

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.