The CyberWire Daily Briefing 8.3.17

Summary

By The CyberWire Staff

It appears Venezuela is giving the rest of the world an unambiguous picture of what voting fraud looks like. That country's government appears to have engaged in election finagling on a scale that would make a Chicago ward heeler blush—some one million votes are said to have been "invented."

WikiLeaks has dumped more alleged CIA documents from its Vault7. These purport to describe the "Dumbo" project, said to be a program that compromised webcams and microphones. Dumbo appears designed more to facilitate and conceal physical access than to serve as a set of collection tools.

How WikiLeaks and others get their material remains a matter of investigation (and concern, to intelligence services). A study the US Government Accountability Office (GAO) released this week concludes that separating NSA and US Cyber Command may make it less likely that cyber tools leak.

The HBO hack seems to be getting bigger—"seven times" as big as the Sony hack, observers say, apparently taking quantity of lost data as their yardstick. HBO says its email system wasn't compromised as some had feared. It's retained Mandiant to help mop up.

Group IB, working with Interpol, has identified a number of the skids who make up the "United Islamic Cyber Force" (UICF), a crew of ISIS-aligned nuisance-level online vandals.

From Germany comes warning against a new form of spearphishing: no links, no attachments, just an email apparently from a colleague suggesting you look into a subject. Googling that subject takes you to an infected site.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Algeria, European Union, Germany, India, Indonesia, Israel, Kosovo, Morocco, Nigeria, Pakistan, Russia, Ukraine, United Kingdom, United States and Venezuela

Get Smart on the Politics of Cyberspace

The future of an open, secure, and resilient internet is anything but certain. CFR’s Digital and Cyberspace Policy program cuts through the rhetoric to help you understand the politics of cyberspace. Through their “Net Politics” blog, reports, briefings, and interactive tools, the program’s leading cyber experts analyze the emerging global rules of cyberspace. Subscribe to their bimonthly newsletter to get their insights in your inbox.

On the Podcast

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security: Markus Rauschecker discusses the ways in which large companies like FaceBook and Google could be vulnerable to privacy and antitrust concerns. Our guest, Jim Pflaging from the Chertoff Group, discusses the role of a corporate board's director when it comes to cybersecurity. He also gives a preview of the Chertoff Group's upcoming Security in the Boardroom event.

Sponsored Events

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Vault 7: CIA’ Dumbo Project Hijacking Webcams and Microphones (HackRead) The Vault7 saga is far from over, and every passing week we are being introduced to a new set of tricks and tools that were allegedly used by the CIA for i

Venezuela voting machines ‘were tampered with’ (Times (London)) President Maduro has denied organising election fraud on a “historic” scale after it was revealed that officials invented one million votes in Sunday’s constituent assembly election. The...

Venezuela: Is Nicolas Maduro's 'sham' election a tipping point? (The Week UK) Election of 'temporary parliament' sparks fury at home and abroad

Interpol, Group-IB Unmask Pro-ISIS Hackers (Security Week) Interpol has teamed up with Russian security firm Group-IB in an effort to identify the members of a pro-ISIS hacker group that has taken credit for many website defacements and distributed denial-of-service (DDoS) attacks.

"Spear-Phishing": "Der beste Schutz sind aufmerksame, vorsichtige Mitarbeiter" (ZEIT ONLINE) Drei Bundesministerien werden immer häufiger das Ziel von perfiden Attacken aus dem Netz. Die Angreifer wissen erstaunlich viel über ihre Opfer.

Android users: beware ‘Invisible Man’ malware disguised as Flash (Naked Security) Once installed it tries to steal banking and credit card details

Two Popular IP Cameras Riddled With Vulnerabilities (Threatpost) Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request…

Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets (TrendLabs Security Intelligence Blog) Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. Just in May, we pointed out how it had gone through six separate versions with various differences in its routines. Several months later and it seems to have evolved again, this time adding cryptocurrency theft to its routines. This is on top of its normal ransomware routines, giving the attackers two ways to profit off of one infection.

Another popular Chrome extension hijacked through phishing (Help Net Security) Chris Pederick is the latest victim of attackers who hijack popular Chrome add-ons in order to push (potentially malicious) ads onto users.

Fake hot-babe spears businessmen on LinkedIn (Naked Security) The targets were all mid-level employees with elevated access, all young and all male.

Social engineering: The basics (CSO Online) Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Here are answers to some frequently asked questions about social engineering, including the common tactics social engineers use and tips for ensuring your staff is on guard.

Game of Thrones script for “Spoils of War” leaks after HBO hack (Ars Technica) No spoilers: Leak contains GoT info, unaired episodes of other shows, and internal docs.

Shades of Sony: Scope of HBO Hack Widens (Infosecurity Magazine) The hackers have apparently gained access to much more than a few pieces of content, including corporate email.

The HBO Hack Was Reportedly up to Seven Times Larger Than the Sony Hack (Vanity Fair) Only a few TV episodes and a script have been leaked so far—but video footage, internal documents, and e-mails might be next.

Corporate profits to take more hits from Ukraine cyber attack (Reuters) The cyber attack that crippled Ukraine businesses and spread worldwide to shut down shipping ports, factories and corporate offices has taken a costly toll on the results of major U.S. and European companies in the latest quarter, with more to come.

Pharmaceutical Giant Still Feeling NotPetya’s Sting (Threatpost) Pharmaceutical kingpin Merck reported that operational disruptions continue more than a month after the NotPetya wiper malware attacks.

BASF Says Disruption Unlikely to Be Caused by Cyber Attack (Reuters via US News & World Report) German chemicals company BASF said it currently had no indication that a network disruption affecting logistics at its Ludwigshafen headquarters was caused by a cyber attack.

Your Uber account might be up for sale (WUSA) Your Uber account may be open to anyone, anywhere, at any time. Hackers across the globe are buying and selling them every day for as little as $2.99.

Your houseguests could hack your Amazon Echo to spy on your conversations (Quartz) "Alexa, is someone listening?"

Security Patches, Mitigations, and Software Updates

IBM Patches Reflected XSS in Worklight, MobileFirst (Threatpost) IBM fixed a cross-site scripting vulnerability in its Worklight and MobileFirst products that could have let an attacker steal sensitive information.

Flash Player is Dead, Long Live Flash Player! (KrebsOnSecurity) Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020.

Cyber Trends

Will The Real Security Community Please Stand Up (Threatpost) Black Hat may be the benchmark signaling the end of security nihilism and snark, and a re-prioritization of energy toward the greater good.

Guidance Software Survey Shows Increased Focus on Endpoint Security Concerns (BusinessWire) Guidance Software and ESG Survey shows the need for additional EDR capabilities and a trend toward higher EDR budgets for many security teams.

Malicious content delivered over SSL/TLS has more than doubled in six months (Help Net Security) Threats using SSL encryption are on the rise. The Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year.

Most Mobile App Users Hesitant to Give Info When Signing Up (PRNewswire) Mobile app users are concerned about the security of their information when...

How enterprise IT security conversations have changed (Help Net Security) It used to be that security was an afterthought. But things are different now, as organizations see first-hand the impact of inadequate security measures.

Intrusion detection is speeding up: Is it enough to tackle global cyber threats? (Help Net Security) As criminals develop new methods to break cyber defences, focus is shifting towards detecting and responding to an incident as quickly as possible.

Ransomware attacks have spread to Africa and organizations need to be more proactive (Ventures Africa) Many organizations around Europe and US have been attacked by a genre of attack software from cryptovirology know as Ransomware.

9 in 10 Filipinos most concerned about identity theft (MIS Asia) Filipinos worry about unauthorised access to or misuse of their personal information.

Half of UK adults never change their router password (Computing) Security? We've heard of it.

Marketplace

Recent Cyber Attacks Drive Growth in Cyber Security Markets (markets.businessinsider.com) The cyber security market is one of the fastest growing industries in the past few years.

What's driving India Inc's cross-pollination with Israel's cutting-edge technologies? (The Economic Times) For I-bankers, two things stand out in the potential of such tie-ups —the makeup of Israels entrepreneurs and implications for Digital India in cybersecurity.

Brocade sells off virtual packet core business to Mavenir (CRN Australia) Continues shedding assets ahead of Broadcom buyout.

TPG to Invest in Cyber Security Firm GuardiCore (Reuters via the New York Times) Private equity firm TPG said on Tuesday it would lead a $15 million funding round for Tel Aviv-based cyber security firm GuardiCore through its growth investment arm.

Cyber security firm FireEye's revenue tops estimates, shares rise (Reuters) Internet security company FireEye Inc (FEYE.O) reported better-than-expected quarterly revenue as the company benefited from its shift to a subscription and service-based model, sending its shares up 6.5 percent in after-market trading on Tuesday.

FireEye's CEO And Head Of Sales Discuss The Mandiant Hack, Channel Improvements And An Endpoint Security Push (CRN) FireEye CEO Kevin Mandia and EVP of Worldwide Sales Bill Robbins discuss the company's channel progress, upcoming endpoint security launch, and the company's investigation into the hack of a Mandiant analyst earlier this week.

BAE warns of 'softening' in cyber security operations as profits rise to £945m (Belfast Telegraph) Defence giant BAE Systems has seen interim earnings rise 11%, but cautioned over a restructuring at its struggling cyber security operations.

Symantec shares rise after earnings beat, sale of website security business (MarketWatch) Symantec Corp. SYMC, -0.90% shares rose in the extended session Wednesday after the cybersecurity company reported earnings that topped Wall Street estimates and said it had sold its website security business.

Symantec to Sell Web Certificates Business to Thoma Bravo: Sources (New York Times) Cyber security company Symantec Corp has agreed to sell its business that helps verify the identity of websites to buyout firm Thoma Bravo LLC, people familiar with the matter said on Wednesday, a move that extricates it from a feud with Alphabet Inc's Google.

Symantec CEO Expects To Rake In More Revenue From WannaCry, NotPetya Ransomware Attacks (CRN) Ransomware means more revenue for Symantec. CEO Clark said Symantec "definitely saw an uptick in pipeline" from the attacks and predicted a further boost in the coming quarters as more companies look to upgrade their security.

How Musical Chairs in the Executive Suite Cost This Company $127 Million (Bloomberg) Symantec Corp. is learning the hard way that rapid turnover in the executive ranks can be expensive.

We truly believe security is not about technology but people: Forcepoint CIO Meerah Rajavel (ETCIO.com) CIOs and CISOs need to take into account the human factor when it comes to security and not just the technology, according to Forcepoint CIO Meerah Ra..

Quanterion wins DoD cyber contract (C4ISRNET) Quanterion will support basic operations at the Cyber Security and Information Systems Information Analysis Center.

ThetaRay Expands Global Presence With Launch of London Office (Business Insider) Big Data Analytics Expert and SAP AlumniRichard Biss to Serve as Director, UK

Baltimore Cyber Range and Cyberbit Open New Cybersecurity Training and Simulation Center (Guru Focus) Facility will address cybersecurity skills gap in the region, leveraging simulation training to equip cybersecurity professionals with the skills required to combat today's threats

Ixia Names Anthony Webb as Vice President of Sales for EMEA Region (BusinessWire) Ixia today announced that it has appointed Anthony Webb as Vice President of Sales for the company's European, Middle East, and Africa (EMEA) region...

Carbon Black Hires Former Dropbox Exec As Its First Chief Revenue Officer (CRN) Former Dropbox and Microsoft executive Thomas Hansen said the only way Carbon Black can scale to meet its goals is to work closely with the channel.

Products, Services, and Solutions

BeyondTrust Delivers the First Privileged Access Management Platform Available on Google Cloud (BeyondTrust) Broad cloud support is a BeyondTrust priority, having the only complete PAM platform available on Google Cloud, Amazon Web Services and Microsoft Azure Marketplace.

Versasec Unveils Latest Version of vSEC:CMS S-Series (Versasec) With Version 4.9, smart card management leader extends its remote security device management, improves user interface and increases its lead in supporting the most smart cards in the market

SafeNet Assured Technologies Launches New Tactical Cross Domain Solution (PRWeb) MDeX System for Tactical Environments enables mission-critical information to be shared while ensuring the exchange of correct and authorized data with authorized recipients.

Startup Company to Provide Malware Analysis Tool (SIGNAL Magazine) REnigma, a program designed to analyze malicious software, has spun off from the Johns Hopkins University Applied Physics Laboratory to create startup Deterministic Security LLC.

Keysight Technologies, Ixia Solutions Group Announce Integrated Cellular + WiFi Protocol Verification Solution—Simultaneous Testing Significantly Reduces Time-to-Market (Sys-Con Media) Keysight Technologies, Inc. (NYSE: KEYS) today announced a solution that supports simultaneous cellular and WiFi testing.

Hawk Defense Announces Launch of HAWK.io (IT Business Net) Hawk Network Defense, the software manufacturer of eyeContm, a Big Data Security Analytics (BDSA) Platform, today announced the launch of HAWK.io.

ViewQwest launches suite of managed security services for SMEs (Enterprise Innovation) ViewQwest has a suite of managed services focused on four key areas - cloud access security broker (CASB), managed detection and remediation (MDR), distributed denial of service (DDoS) protection, and managed network security.

Polarity & LookingGlass ScoutPrime Integration (LookingGlass Cyber Solutions Inc.) In collaboration with LookingGlass, Polarity developed a real-time integration to the LookingGlass ScoutPrime threat intelligence platform. ScoutPrime makes security analysts more efficient in addressing their threat landscape by customizing how threat intelligence is viewed, scored, prioritized, and acted upon. , August 1, 2017

Technologies, Techniques, and Standards

Five Essential Steps to GDPR Survival (Infosecurity Magazine) Five key steps organizations can follow in order to get ready for GDPR.

Separation of Duties and IT Security (CSO Online) Muddied responsibilities create unwanted risk and conflicts of interest. New regulations such as GDPR now require that you pay more attention to roles and duties on your security team.

South Aust to undergo mock cyber attack (NewsComAu) South Australia will be subjected to a mock cyber attack to test the preparedness of companies bidding for defence industry contracts.

Oracle, SafeLogic and OpenSSL Partner on Next Generation FIPS Module (Oracle) Oracle dedicates seed funding towards developing FIPS module for OpenSSL 1.1 and calls on corporate sponsors in the FOSS ecosystem to join the effort

Don’t Throw the Baby Out With the Bath Water (Cylance) Lack of interest in managing the IT asset disposal process is putting companies both large and small at risk. We discuss how a company can ensure their retired devices are cleanly wiped or fully destroyed so that sensitive corporate data is not inadvertently exposed.

Fight 'Credential Stuffing' with a New Approach to Authorization - Dark Reading (Dark Reading) Token-based authorization that lets users prove their identity through Facebook, Google, or Microsoft credentials can dramatically reduce your attack surface and give enterprises a single point of control.

SD-WANs: Why the sudden interest? (Computing) A recent Computing webinar revealed that interest in software-defined WANs is spiking, as organisations look for ways to enable secure, mobile working, whilst getting maximum value from existing assets.

Can Machine Learning Help Organizations Improve Data Security? (Dark Reading) BitDefender's Malware Researcher Cristina Vatamanu talks about the opportunities and limitations of using machine-learning technology to identify security threats.

Should You be Worried about Cloud Security? (Dark Reading) Skybox's CMO Michelle Johnson Cobb talks about the current threats targeting the cloud -- and how the difference between security of the cloud and security in the cloud.

Optimizing Online Defenses Through Crowdsourcing (Dark Reading) With limited time and money, many organizations are hamstrung when it comes to cyber defense. AlienVault's CTO Roget Thornton discusses how the company's crowdsourced, open-source community product, the Open Threat Exchange (OTX), can help.

President's Commentary: Ground Forces March to Cyber Battlefield (SIGNAL Magazine) Possessing the ultimate weapon, the infantryman, the U.S. Army now is marching foursquare into cyberspace and electronic warfare operations. It is doing so not as a latecomer to the digital fight, but as one of the thought-leading pioneers in a rapidly expanding, cohesive domain.

Defense Department Expands Classified Mobility Program (SIGNAL Magazine) The pilot acknowledges the need to enable leaders to work with classified data in a mobile environment just as they would in an office.

Design and Innovation

Should the Internet be Secure by Default? Facebook CSO Says No (eSecurity Planet) Facebook CSO Alex Stamos explains why security shouldn't be baked into the fabric of the internet and why researchers remain attracted to zero-day vulnerabilities.

62% of cybersecurity experts believe AI will be weaponized in next year (TechRepublic) A recent survey of infosec professionals, conducted by Cylance, found that many believe artificial intelligence will soon be used to conduct cyberattacks.

AI vs AI: New algorithm automatically bypasses your best cybersecurity defenses (TechRepublic) Researchers have created an AI that tweaks malware code, and it easily bypassed an anti-malware AI undetected. Is machine learning ready to face down cybersecurity threats?

Staying in Front of Cybersecurity Innovation (Dark Reading) Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.

The Musk/Zuckerberg Dustup Represents a Growing Schism in AI (Motherboard) Two distinct visions for the future of AI are emerging.

How Garry Kasparov Learned to Stop Worrying and Love AI (Motherboard) The first chess master to get pwned by an artificial intelligence isn’t worried about AI pwning humanity.

New Web tool tracks Russian “influence ops” on Twitter (Ars Technica) Hamilton 68 tracks Russian state news and Twitter trolls, shows propaganda trends.

Facebook fights fake news with links to other angles (TechCrunch) Facebook will become the suggester of perspective to avoid being the "arbiter of truth". It's rolling out "Related Articles" that appear below news links to..

Another black activist, Ijeoma Oluo, is suspended by Facebook for posting about racism (TechCrunch) Activist and writer Ijeoma Oluo is the latest to suffer for Facebook's inability — or perhaps unwillingness — to improve its reporting and moderation..

Research and Development

DHS S&T Announces Commercialization of REnigma Malware Reverse-Engineering Tool (NewsWise) The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today announced a groundbreaking malware analysis tool that is part of its Transition to Practice (TTP) program has transitioned as a new startup technology company.

ICF to Support Army Cyber Defense R&D Efforts Under Potential $93M Contract (GovCon Wire) ICF (Nasdaq: ICFI) has secured a potential $93 million contract to help the Army Research Laboratory

Army Establishes Cyber Solutions Development Capability (DVIDS) A new chapter was started for the Army presence in cyberspace when the 780th Military Intelligence (MI) Brigade officially organized a Cyber Solutions Development (CSD) detachment under the 781st MI Battalion at Club Meade on July 25.

Army wants smarter computer AI for electronic warfare (Defense Systems) The Army seeks AI solutions for rapid identification of emerging electronic warfare threats.

Academia

Online learning startup Codecademy launches paid Pro courses (TechCrunch) Codecademy has spent the last several years building a large community of learners with free lessons aimed at teaching its users the basics of how to code...

Legislation, Policy and Regulation

Trump signs 'seriously flawed' Russia sanctions bill (Military Times) President Donald Trump on Wednesday signed what he called a “seriously flawed” bill imposing new sanctions on Russia, pressured by his Republican Party not to move on his own toward a warmer relationship with Moscow in light of Russian actions.

US arming Ukraine? A look at how Moscow might respond (Defense News) There exists the risk that Ukraine takes U.S. weapons deliveries as approval for a renewed offensive on separatist positions — a move that could prompt Moscow to surge into the region to stabilize separatist positions.

Tech community confronts cyber policy at Black Hat (Washington Examiner) Biggest policy 'ask:' The possibility of revisiting the liability exception long enjoyed by software makers.

Dire warning on data collection (NewsComAu) A former leading US security chief, who oversaw the investigation into NSA leaker Edward Snowden, has delivered a shocking warning over the “unchecked” collection of personal information by the private sector.

UK Data Protection Bill, Incorporating GDPR, Expected in September (Infosecurity Magazine) A bill enshrining the EU's GDPR regulation into UK law could be introduced in Parliament in just a few weeks.

Whitehall addiction to secrecy getting worse, warns watchdog (Times (London)) Whitehall has been accused of censoring the past after civil servants refused to release a record number of sensitive documents for public access. Government departments applied to withhold 986...

GAO: Keeping NSA and CYBERCOM Together Makes Hacking Tool Leaks More Likely (Nextgov) The release of high-value NSA hacking tools in recent month sparked widespread concern about how securely those tools are stored.

DOD’s Monitoring of Progress in Implementing Cyber Strategies Can Be Strengthened (US Government Accountability Office) Officials from Department of Defense (DOD) components identified advantages and disadvantages of the “dual-hat” leadership of the National Security Agency (NSA)/Central Security Service (CSS) and Cyber Command (CYBERCOM)...

ITIF Commends Introduction of International Communications Privacy Act, Calls for Changes to Balance Interests of Consumers, Companies, and Law Enforcement (ITIF) ITIF is an independent, nonpartisan research and educational institute focusing on the intersection of technological innovation and public policy. Recognized as one of the world’s leading science and technology think tanks, ITIF’s mission is to formulate and promote policy solutions that accelerate innovation and boost productivity to spur growth, opportunity, and progress.

Lawmaker proposes cyber squad to educate campaign pros (FCW) Rep. Terri Sewell wants the federal government to take a hand in improving the cyber hygiene of political campaigns.

This is the Pentagon’s new acquisition structure (Defense News) The Pentagon’s new acquisition plan creates almost a dozen new offices.

Marines applying rapid acquisition in cyberspace (Federal Times) This is part seven of a series exploring the differences between military cyber forces, capabilities, mission sets and needs.

Litigation, Investigation, and Enforcement

Man used DDoS attacks on media to extort them to remove stories, FBI says (Ars Technica) “If you do not remove it immediately, more severe attacks will hit your website.”

Ukrainian Firm Facing Legal Action for Damages Caused by NotPetya Ransomware (BleepingComputer) The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.

The DEA Met With Controversial iPhone Hackers NSO Group (Motherboard) NSO Group's products have been linked to hacking attempts on journalists, activists, and dissidents.

Federal prosecutor struggles to describe stingray use in attempted murder case (Ars Technica) Questions remain as to how Oakland cops, FBI used stingrays after a 2013 shooting.

In Abusing NSA Intelligence, Did Obama White House Commit A Crime? (Investor's Business Daily) 'Unmasking' Scandal: Day by day, the scandal of the Obama administration's abuse of domestic intelligence gathered by the National Security Agency grows. Forget the phony Russia-Trump collusion charges — the Obama White House looks increasingly to have committed a crime by using U.S. intelligence fo

Wasserman Schultz Has Some Bad News Coming Her Way if She Refuses to Answer IT Scandal Question (Washington Free Beacon) "Yes, we could ask for her..."

Judicial Watch: Huma Abedin Emails Reveal Transmission of Classified Information and Clinton Foundation Donors Receiving Special Treatment from Clinton State Department (Judicial Watch) Judicial Watch today released 1,606 pages of documents from the U.S. Department of State revealing repeated use of unsecured communications for classified information and numerous examples of Clinton Foundation donors receiving special favors from former Secretary of...

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Chicago is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Latin America Forum (LAF).

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to gain insight and interact with experts in smaller settings. This year’s conference presents an exciting and unique opportunity to directly engage with senior leaders from the Intelligence Community, Department of Defense, and industry about the IT complexities and challenges impacting the mission user.

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries who want to harm your environment.

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update on the latest development, trends and status in information security.

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses, connect with regional IT leaders, and learn about emerging technology. Among the topics addressed will be cybersecurity- hacking, malware, exploits, skimmers, new standards and policies in key industries.

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the evolving threat environment.

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity Awareness Day and Expo will feature timely, topical, and thought-provoking presentations, bringing together cybersecurity workforce, training, and educational leaders from academia, business, and government for one day of focused discussions. In light of current events involving unauthorized disclosures, sensitive and/or classified information leaks, and breaches of personally identifiable information in cyberspace, it is imperative that sound practices are incorporated. The agenda will include speakers from Industry and Government.

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, and risk management. This will be accomplished through a number of in-depth sessions and panel discussions, along with cybersecurity exhibits provided by industry and government partners.

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses taught by SANS' world-class instructors, with dynamic content on the hottest information security issues. Join us for immersion training that will provide you with the cutting-edge skills to defend your organization against security breaches and prevent future attacks.

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s inspiring short-form demos, stay on for another day and a half of practical advice from your peers and industry gurus alike. Determine just how you will incorporate the latest fintech innovations into your product road map.

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll find it all at the 2017 Community Meetings.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia. Keynotes from The Honorable Daniel Coats, Director of National Intelligence, Representative William Hurd, R-Texas, General Joseph Votel, Commander, United States Central Command, Robert Joyce, Special Assistant to the President and Cybersecurity Coordinator, The White House, Grant Schneider, Acting CISO, Office of Management and Budget, (invited), plus CISOs from DHS, DoD, HHS and the CIO for USCYBERSOM. Full agenda <a href="http://www.billingtoncybersecurity.com/8th-annual-billington-cybersecurity-summit/agenda/" target="_blank">here</a>.

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: New York is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.