The CyberWire Daily Briefing 5.17.17

Summary

By The CyberWire Staff

WannaCry remains both dangerous and sloppily executed, but its ransom take has risen to at least $70,000.

Recorded Future announced this morning their conclusion that APT3 (a.k.a. Gothic Panda, generally held responsible for Operations Clandestine Fox, Clandestine Wolf, and Double Tap) is acting on behalf of China's government. Tipsters (identity unknown, going by “intrusiontruth”) attributed APT3 to Guangzhou Boyu Information Technology Company (a.k.a. Boyusec) on May 9. Recorded Future is confident Boyusec is doing contract espionage, both traditional and economic, for China's Ministry of State Security.

The ShadowBrokers, whose EternalBlue leak enabled the WannaCry pandemic, continue their implausible charade of monetizing exploits allegedly stolen from NSA, while simultaneously saying they're really in it for the glory of facing off against a worthy opponent (viz. the Equation Group). They said yesterday they'd taken May off to watch WannaCry and "Your Fired" (sic), but that in June they'll launch a monthly leak subscription service. They claim to have operatives inside all the big corporations, and to have in their possession "'75% of U.S. cyber arsenal'." Their diction has grown more overtly comedic but coarser, and ever more remote from any known natural language. They're also clearly watching too much Colbert, and not to their profit.

Japan joins the list of countries considering its cyberwar options, including retaliation.

WikiLeaks has dumped another set of Vault7 documents. These purport to originate with the CIA; some describe methods of impeding PowerPoint. (Their wording suggests PowerPoint users have it coming: are there Tufte disciples at Langley?)

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, European Union, France, Israel, Japan, Democratic Peoples Republic of Korea, Russia, Thailand, United Kingdom, United States, and and Vietnam.

A note to our readers: Follow our continuing coverage of the WannaCry pandemic here. It's sloppy but dangerous, it's spawning other fraud, and it poses a distinctive threat to industrial control systems. (We mean the ransomware, not our coverage. Our coverage is all good.)

On the Podcast

In today's podcast, we hear from our partners at Virginia Tech's Hume Center, as Charles Clancy contrasts WikiLeaks and its Vault 7 reveals with the Shadow Brokers' code dumps. Interested in preventing phishing? Our guest Oren Falkowitz from Area 1 Security offers some tips.

Sponsored Events

The Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, CenturyLink, root9B, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

The WannaCry Ransomware Pandemic: What about ICS? And Sequelae Include the Usual Fraud. (The CyberWire) Inevitably, successful attacks have aftershocks in the form of fraudulent remediation. In this case, the WannaCrypt quake's reverberations include a wave of fraudulent mobile apps promising protection from the ransomware. Easy Solutions warns against the dangers of the adware being served up.

Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3 (Recorded Future) This is the first time researchers have been able to attribute a threat actor group with a high degree of confidence to the Ministry of State Security.

Shadow Brokers teases more Windows exploits and cyberespionage data (CSO Online) A group of hackers that previously leaked alleged NSA exploits claims to have even more attack tools, as well as intelligence gathered by the agency on foreign banks and ballistic missile programs.

ShadowBrokers Planning Monthly Exploit, Data Dump Service (Threatpost) The latest rant from the ShadowBrokers ends with news of a subscription service starting in June that will leak exploits and stolen data to paying customers.

Stop Blaming the NSA for the Ransomware Attack (Defense One) An inside look at how the intelligence community deals with the exploitable software bugs it finds.

Why Governments Won’t Let Go of Secret Software Bugs (WIRED) The harder part will be determining when certain vulnerabilities, like WannaCry, are too big to keep secret.

New Cryptomining Threat Could Overshadow #WannaCry (Infosecurity Magazine) New Cryptomining Threat Could Overshadow #WannaCry. Adylkuzz uses same NSA exploits as infamous ransomware campaign

Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry (Ars Technica) Campaign that flew under the radar used hacked computers to mine Monero currency.

After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit (TrendLabs Security Intelligence Blog) WannaCry ransomware’s outbreak during the weekend was mitigated by having its kill switch domain registered. It was only a matter of time, however, for other cybercriminals to follow suit. Case in point: the emergence of UIWIX ransomware (detected by Trend Micro as RANSOM_UIWIX.A) and two notable Trojans our sensors detected.

WannaCry Variants Pick Up Where Original Left Off (Threatpost) Exploits spreading WannaCry ransomware have surfaced after the discovery of a killswitch put a quick halt to the initial global outbreak.

WannaCry 2.0? New ransomware variant without kill switch emerges (International Business Times UK) The new harder-to-kill strain is already infecting computer systems in four countries, renewing fears of another wave of cyberattacks across the world.

#WannaCry Roars Back After Killing the Kill Switch (Infosecurity Magazine) It took about a day for bad actors to hit back after a kill switch stopped WannaCry in its tracks.

WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool (Dark Reading) Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.

WannaCry Remedies Are The Second Wave of Attacks (Easy Solutions) What we know about WannaCry, why alleged remedies are just another fraud vector and how the sophisticated the manipulation of the human factor has become.

WannaCry in retreat but ‘cyberattack game has changed’ (South China Morning Post) Malware puts weapons of mass cyber destruction in hands of everyday thugs, Chinese specialist says

The WannaCry ransomware might have a link to North Korea (CSO Online) As security researchers investigate last Friday’s massive attack from the WannaCry ransomware, they’ve noticed clues that may link it with a North Korean hacking group that has been blamed for attacking banks across the world.

In Computer Attacks, Clues Point to Frequent Culprit: North Korea (New York Times) Indicators are far from conclusive, but intelligence officials and private security experts say that North Korean-linked hackers are likely suspects in global ransomware attacks.

WannaCry: Who's behind it? Who's to blame? (Help Net Security) The attack has, by accident or on purpose, attracted the attention of the public, security researchers, law enforcement and intelligence agencies.

A Technical Analysis of WannaCry Ransomware (LogRhythm Lab) Ransomware that has been publicly named "WannaCry," “WCry” or "WanaCrypt0r" (based on strings in the binary and encrypted files) has spread to at least 74 countries as of Friday 12 May 2017. This blog addresses the technical analysis of the ransomware, mitigation, LogRhythm signatures, Network Monitor query rules, and indicators of compromise.

WannaCry Ransomware Analysis: Lateral Movement Propagation (Alcavio) Analysis of the lateral movement technique used by the WannCry ransomware.

WannaCry? Do your own data analysis. (SANS Internet Storm Center) With endless amounts of data, technical detail, and insights on WannaCrypt/WannaCry, and even more FUD, speculation, and even downright trolling, herein is a proposal for you to do your own data-driven security analysis

WCry ransomware worm’s Bitcoin take tops $70k as its spread continues (Ars Technica) Three wallets linked to the code take in over 250 payments so far.

Paying the WannaCry ransom will probably get you nothing. Here's why. (CSO Online) Last Friday’s massive WannaCry ransomware attack means victims around the world are facing a tough question: Should they pay the ransom? Those who do shouldn't expect a quick response -- or any response at all. Even after payment, the ransomware doesn’t automatically release your computer and decrypt your files.

The Ransomware Hackers Made Some Real Amateur Mistakes (WIRED) Researchers say the worst ransomware epidemic ever is also poorly run, shoddily coded, and barely profitable.

Top 5 Tips to Avoid the next Ransomware Attack (Panda Security Mediacenter) Panda Security has created a short list of what should you do to prevent yourself from becoming a victim of ransomware. Check it out!

How to protect against WannaCry Ransomware? (Anubis Networks) See how to protect your company against WannaCry Ransomware

Experts: WannaCry Ransomware Is Just the Beginning (SIGNAL Magazine) The crippling ransomware attack that paralyzed hospitals, universities and businesses globally was just a cyber vulnerability appetizer, experts warn.

Ransomworm: The birth of a monster (Help Net Security) The most likely way the ransomworm would infect your computer is using a method that circumvents traditional security technologies.

WannaCry: Seeing the Bigger Picture (LinkedIn) About two months ago an article of mine was published in DarkReading called “Commodity Ransomware is Here.” The takeaway? Launching a ransomware attack has practically become as easy as ordering a pizza online. WannaCry provides a case in point for commodity ransomware. There are many lessons to be learned from the attack, ranging from vulnerability disclosure, patching, retiring archaic systems, to continuity planning. We hyperventilate over each big, new attack (Target, Sony, OPM, Anthem, DNC, Dyn) but we lose site of the bigger picture.

WannaCry ransomware worm attacks the world (SecurityInfoWatch.com) Ransomware infection has locked up more than 200K computers in over 150 countries since last week

Ransomware hits small number of U.S. critical infrastructure operators: official (Reuters) A small number of U.S. critical infrastructure operators have been affected by the global ransomware worm, but there has been no significant disruption in their work, a Department of Homeland Security official told Reuters on Monday.

Ransomware and control system cyber security (Control Global) DoS is typically accomplished by flooding the targeted machine to overload systems and prevent some or all legitimate requests from being fulfilled. However, it does not matter if the service/system is shutdown by the attacker or by the end-user in response to the attacker– the system is still shut down.

ICS Environments: Insecure by Design (Security Week) Industrial control system design flaws have a profound impact on security posture of operational networks

Chrome Browser Hack Opens Door to Credential Theft (Threatpost) Researchers at DefenseCode claim a vulnerability in Google’s Chrome browser allows hackers to steal credentials and launch SMB relay attacks.

Disney Hackers Threaten to Release Upcoming Movie: Report (Infosecurity Magazine) Disney Hackers Threaten to Release Upcoming Movie: Report. Rumors suggest latest Pirates of the Caribbean blockbuster may have been stolen

New Pirates of the Caribbean movie leaked online after hackers fail to extort money (Graham Cluley) The responsible party is known for these types of attacks…

1.9 million Bell Canada customer account details stolen, leaked (Help Net Security) The Bell Canada data theft incident includes a leak of 1.9 million email addresses and some 1,700 names and active phone numbers.

Cybercrooks fight over DDoS attack resources (CSO Online) As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released this morning. That translates into a smaller average attack size.

New Threat Research Shows Vietnam a Rising Force in Cyberespionage (Dark Reading) FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.

The Fundamental Flaw in TCP/IP: Connecting Everything (Dark Reading) Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.

Sobering Thoughts When a Connected Medical Device Is Connected to You (Security Week) I recently had reason to spend an overnight visit in the hospital. When friends and family left me late in the evening I was confronted with a subject that I had considered professionally but never had to face personally: the connected medical device.

Some Starbucks are suffering from a payment outage and giving out free coffee (TechCrunch) This morning the TechCrunch staff woke up at our Disrupt NY hotel to find out that the Starbucks in the lobby couldn't accept any payments -- meaning they..

VA warns veterans that scammers are trying to take advantage of Choice Program users (Military Times) Scammers are targeting veterans who misdial the area code for the Veterans Choice program hotline.

Security Patches, Mitigations, and Software Updates

Apple issues security updates for macOS, iDevices (Help Net Security) It's time to patch your Mac and iDevices again: Apple has released security updates for MacOS, iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari.

Ivanti Releases Free 90-Day Patch License Following WannaCrypt Attack (PRNewswire) Best-in-industry patch management solutions released free of charge to counteract pressing global ransomware threat

Cyber Trends

After a data breach is disclosed, stock prices fall an average of 5% (Help Net Security) Data security breaches can negatively impact an entire organization, and have a significant negative impact on company finances and shareholder value.

Industry Check: Where Real Companies Stand With Threat Intelligence (Infographic) (Recorded Future) We’ve put together results from a recent survey, gathering insight from more than 200 threat intelligence professionals across an array of industries.

Majority of CEOs Knowingly Raise Risk Level With Their Shadow IT (Dark Reading) Despite the increased risk shadow IT poses to security, a majority of CEOs surveyed say they are willing to take the risk, according to a survey released today.

Study: Rooted Androids, Jailbroken iPhones Found in Enterprises (Dark Reading) A study released today gives greater insight into some of the worst fears for security pros trying to manage employees' BYOD mobile phones.

New Bay Dynamics Report Reveals Cyber Security Professionals in Vital Industries Don’t Trust What Their Tools are Telling Them – Bay Dynamics (Bay Dynamics) 64% of threat alerts are not addressed daily, 52% need manual reprioritization & 79% of cyber pros say patching approval process significantly manual

How Many People Does It Take to Defend a Network? (Dark Reading) The question is hard to answer because there aren't enough cybersecurity pros to go around.

Ready, set, race to the IoT hub (Help Net Security) A single secure hub is a far better proposition than many, many unsecured devices, each of which could be an open invitation to attackers.

Marketplace

Outsourcing security: Would you turn over the keys to a third party? (CSO Online) Years ago it would have been unthinkable to give up control to securing your most valuable assets. But for some companies the risk of handing the security keys to a third party is less than the idea of facing the daily barrage of attacks.

CrowdStrike Closes $100 Million Series D Financing Round (BusinessWire) The go-to company to stop breaches exceeds $1 billion in valuation; validates AI cloud-based endpoint protection as the new standard for endpoint security

The Cybersecurity Firm That Investigated the DNC Hack Just Reached $1 Billion Valuation (Fortune) It just landed $100 million in funding.

VMware acquires mobile application performance provider Apteligent (CRN Australia) Extends cloud, end-user computing capabilities.

Cyberbit to Provide Cybersecurity Product Suite for Israel's First Secure-by-design Government Facility (PRNewswire) Cyberbit , the wholly owned subsidiary of Elbit Systems (NASDAQ: ESLT)...

Products, Services, and Solutions

Bricata Releases New Advanced Threat Hunting and Detection Capabilities (Bricata) cylance, cybersecurity, packet capture, threat hunting

Guidance Software Announces Tableau TX1 Forensic Imager (BusinessWire) Guidance Software, the gold standard in forensic security, today announced the release and availability of a new generation of Tableau Forensic Imager

Signal Sciences Debuts Web Protection Platform (eSecurity Planet) WPP is an evolution of the company's technology which is now set to grow even further thanks to a new $15M Series B round of funding.

Veeam overhauls Availability Console and beefs up AWS, Azure support (CRN Australia) Australian MSPs weigh in on security.

Army is in the market for a cyber range (C4ISRNET) The Army released a solicitation for proposals on a new cyber range.

SurfWatch Labs Extends Its Strategic and Operational Cyber Threat Intelligence to Address Heightened Risk from Expanding Digital Footprints (PRWeb) Digital Risk Monitoring capabilities include continuous visibility and intel on risks to your technology and physical infrastructure, brand(s) and third party vendors

Technologies, Techniques, and Standards

Wear Camouflage While Hunting Threats (Security Week) The practice of threat hunting is rapidly becoming a critical function for security operations teams. In fact, the practice has evolved from being used by only the most sophisticated security teams and is now becoming standard practice in most SOCs. Going out to find threats and attackers is a great complement to existing detection based security.

DocuSign Phishing Email Detected (Crossroads Today) The Email Laundry's cyber threat intelligence backed email filters have detected a new phishing email impersonating DocuSign making its rounds. Users who have used DocuSign in the past have received an email from the company with a link that installs malware when the user clicks on it.

Design and Innovation

Deep Science AI monitors security feeds for masks and guns to quicken response times (TechCrunch) You're working late at the 7-Eleven when a guy comes through the door with a mask and a gun. You raise your hands, follow his instructions, empty the cash..

DefinedCrowd is teaching machines to better understand the complexities of language (TechCrunch) What DefinedCrowd offers isn’t particularly easily to distill into a quick elevator pitch. Taking the stage today as part of the Disrupt New York..

Research and Development

European Commission launches €5m DECODE blockchain project (Computing) Monopolisation of personal data by small number of giant firms is no longer sustainable, says Nesta director

Legislation, Policy and Regulation

Difficulty of GDPR Advice and Buy-in Detailed (Infosecurity Magazine) The main difference in the change from Data Protection Act to the GDPR regime is that you cannot write the fines off as an operational expense.

More than Half of UK Business Owners Unaware of GDPR (Infosecurity Magazine) Firms large and small fail to identify fines associated with new legislation

Tokyo to lay out cyberattack countermeasures (Nikkei Asian Review) Options include digital retaliation when critical infrastructure is damaged

China Is Creating a DNA Database Straight Out of Science Fiction (Defense One) The Ministry of Public Security has collected the genetic information of more than 40 million people — and counting.

The Wide-Ranging Impact of New York's Cybersecurity Regulations (Dark Reading) New York's toughest regulations yet are now in effect. Here's what that means for your company.

Litigation, Investigation, and Enforcement

Ukraine Banned Its Biggest Social Network Over Fears of Russian Influence (Motherboard) The ban extends to over 400 companies total.

Facebook hit with maximum fine for breaking French privacy law (CSO Online) The French data protection watchdog has imposed its harshest penalty on Facebook for six breaches of French privacy law.

Thailand backs down on threat to ban Facebook (TechCrunch) The government of Thailand has backed down on a threat to ban Facebook if it did not block content deemed to be illegal in the country. The ruling military..

Trump confirms he shared intel with Russia’s foreign minister (Ars Technica) National Security Advisor: Trump didn't expose sources or methods.

White House insists Trump's disclosures 'wholly appropriate' (Defense News) The White House on Tuesday defended President Donald Trump's disclosure of classified information to senior Russian officials as "wholly appropriate," as Trump tried to beat back criticism from fellow Republicans and calm international allies increasingly wary about sharing their secrets with the new president.

McMaster calls Trump's conversation with Russian officials 'wholly appropriate' (POLITICO) But McMaster did defend the president against allegations that his conversation with Lavrov and Kislyak, whatever its focus, was out of line.

Israel Said to Be Source of Secret Intelligence Trump Gave to Russians (New York Times) The revelation adds a potential diplomatic complication to an episode that has renewed questions about how the White House handles sensitive intelligence.

McMaster: Trump didn't know where intel came from (TheHill) National security adviser H.R. McMaster on Tuesday said President Trump did not jeopardize intelligence assets by revealing highly sensitive information to Russian officials, adding that Trump did not know where the intel came from.

Besieged White House denies, defends as new bombshells hit (Military Times) President Donald Trump personally appealed to FBI Director James Comey to abandon the bureau's investigation into National Security Adviser Michael Flynn, according to notes disclosed late Tuesday that Comey wrote after the meeting. The White House issued a furious denial near the end of a tumultuous day spent beating back potentially disastrous news reports from dawn to dusk.

Comey Memo Says Trump Asked Him to End Flynn Investigation (New York Times) “I hope you can let this go,” the president told the F.B.I. director in an Oval Office meeting in February, according to a memo James B. Comey wrote.

CIA director will brief House Intel Committee Tuesday (TheHill) CIA Director Mike Pompeo is expected to brief House Intelligence Committee members on Tuesday night, in the wake of reports that President Trump disclosed highly classified information to top Russian officials.

What Happens When Intelligence Agencies Lose Faith in the President? (The Atlantic) If bureaucrats restrict the information they share with political leaders, the damage could prove deep and lasting.

The Risks of Sharing Intelligence (The Atlantic) According to recent news reports, President Trump divulged highly classified material to Russian officials, potentially endangering the U.S. relationship with the source of that information.

Former GP surgery administrator fined £790 for unlawfully accessing patient records (Computing) NHS admin Sally Anne Day given paltry fine for causing distress to two patients

Hospitals rapped for sharing 1.6m patient records with Google (Naked Security) Passing the patient records to the Google-owned company to help it build a health app as ‘inappropriate’, warns watchdog

Family of slain DNC staffer Seth Rich blasts investigator's police obstruction claims (KMPH) A private investigator Tuesday said there is evidence to suggest slain Democratic National Committee staffer Seth Rich made contact with Wikileaks prior to his death -- sparking a onslaught of tweets from conspiracy theorists and Twitter bots who link his

FTC launches crackdown on tech support scammers (Naked Security) Scammers get away with stealing an average of $290 – don’t be their next victim. Here’s our advice on how to spot them and avoid them

Chelsea Manning, who served more prison time than any US leaker, is freed (Ars Technica) "Whatever is ahead of me is far more important than the past."

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard sensitive data such as medical records and keep IT systems safe from cyber-attacks by states, criminal gangs and cyber terrorists.

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at the 2017 Asia-Pacific Community Meeting.

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis.

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware/virii/rootkits), cryptography and obfuscation (from theoretical cryptosystems to applied cryptography exploitation, cryptocurrencies, steganography and covert communication systems), and society and ethics.

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

cybergamut Technical Tuesday: Future of System Exploitation (Elkridge, MD, USA, May 23, 2017) This talk describes recent trends in vulnerability research and system exploitation, provides case studies of systems that were compromised that were not believed to be vulnerable (or in novel ways), discusses implications and makes some predictions regarding future trends in the area. It will be presented by: Jason Syversen of Siege Technologies. He's a computer security technologist and entrepreneur with 20 years of experience in technical and leadership roles with cybersecurity, research, and development organizations.

SC Cyber 2017 Summit (Columbia, South Carolina, USA, May 23, 2017) SC Cyber, in partnership with the U.S. Chamber of Commerce and the South Carolina Chamber of Commerce, will host a cybersecurity summit that brings together top experts nationally from government, law enforcement, and the private sector to help small and mid-size business owners develop, evaluate, and strengthen cybersecurity programs. More than 300 attendees are expected, representing industry, government, military, and academia.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will convene leaders from industry, academia and government to identify and discuss priorities for a Canadian cybersecurity education and workforce development strategy.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

WannaCry ransomware developments. APT3 identified as a Chinese government contractor. Latest from the Shadow Brokers. Does WikiLeaks Vault7 have it in for bad PowerPoint? Japan considers its cyberwar options.