The CyberWire Daily Briefing 5.19.17

Summary

By The CyberWire Staff

The WannaCry pandemic closes out its first week, and the consensus is that the ransomware has been a considerable nuisance, but not a catastrophe. Most observers continue to think it was a poorly executed North Korean effort to get badly needed cash, but this preliminary attribution awaits confirmation. Shortly after the ShadowBrokers dumped EternalBlue last month, a number of security companies warned that unpatched and old Windows systems were seriously vulnerable to exploitation, yet a disappointingly small number of enterprises took steps to protect themselves. Some security industry introspection at week's end mulls the possibility that too much crying of "wolf" has numbed users against such warnings.

The EternalBlue exploits used by the unknown actors behind WannaCry do remain a potentially serious risk. Rumors circulate of a related DNS campaign apparently aimed at establishing persistence in its targets: its command-and-control is said to have gone dark when WannaCry went public. Sedco reports early, evasive EternalBlue exploitation that spawns malicious threads inside legitimate applications. Other malware strains related to EternalBlue have successfully mined cryptocurrency (Adylkuzz) and less successfully attempted malicious encryption (Uiwix).

NSA is in bad odor in many places for having evidently held and then lost the EternalBlue exploits. Overhaul of the US Vulnerability Equities Process seems likely.

Avast warns of new vulnerabilities in home IoT.

Twitter has sustained widespread outages due to unknown causes over the past twenty-four hours.

Google says it will patch an Android vulnerability that opens users to ransomware, but not everywhere, and not just yet.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Ecuador, European Union, Iran, Israel, Democratic Peoples Republic of Korea, Russia, Sweden, United Kingdom, and United States.

On the Podcast

In today's podcast we hear from our partners at Palo Alto Networks, as Rick Howard tells us about some of the research they're doing on Shamoon. Our guest, Joyce Brocaglia of Alta Associates and the Executive Women’s Forum, discusses the results from the Global Women in Cyber Security survey.

Sponsored Events

The Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, CenturyLink, root9B, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

The WannaCry Ransomware Pandemic: Week One and the Weeks to Come. (The CyberWire) WannaCry is closing out its first week in the wild. To summarize, China and Russia have been hardest hit, with the largest number of infections striking unpatched Windows 7 machines. Those behind the attack may have failed to make big money, certainly not nearly as big as the scope of the pandemic might suggest, but they have succeeded in large-scale business disruption, and in drawing odium toward the US National Security Agency. We wrap up this round of our coverage with a look at what WannaCry accomplished and failed to accomplish, what you can do to protect yourself, and what we might look for in the future.

WannaCry Ransomware Infection Map (Check Point Software) [A map of infections, by country.]

Oddities in WannaCry Ransomware Puzzle Cybersecurity Researchers (Reuters via US News & World Report) The WannaCry malware that spread to more than 100 countries in a few hours is throwing up several surprises for cybersecurity researchers, including how it gained its initial foothold, how it spread so fast and why the hackers are not making much money from it.

Security experts find clues to ransomware worm's lingering risks (Reuters) Two-thirds of those caught up in the past week's global ransomware attack were running Microsoft's Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.

WannaCry ransomware code appears linked to suspected North Korean APT (SC Magazine US) Analysis of the WanaCrypt0r 2.0 ransomware that bedeviled enterprise across the globe this past weekend has reportedly turned up potential links to the alleged North Korean hacking institution known as the Lazarus Group.

North Korea's hacker army: A look at Hermit Kingdom's 'elite' cyber ops (Fox News) Last week’s global cyber attack has shed light on the shadowy and highly sophisticated team of cyber spies in North Korea believed to be among the best hackers in the world.

WannaCry: Ransomware Catastrophe or Failure? (Dark Reading) Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.

WannaCry Ransomware Hits U.S. Critical Infrastructure (eSecurity Planet) The victims include small utilities and manufacturing sites, according to Dragos CEO Robert M. Lee.

When Dumpster Fires Make You WannaCry (TreatConnect) Stepping back and taking stock of WannaCry lessons learned

Wanna Cry? Unpatched software is the culprit once again (CyberInt) Recent WannaCry attack is a wake-up call for organizations of all sizes. What can organizations do to avoid becoming a victim of the next ransomware attack?

WannaCry Ransomware: What We Know So Far (RSA Conference) Late in the day on Friday, May 12, a massive ransomware attack hit 200K organizations in 150 countries. The ransomware that has been named “WannaCry,” took advantage of Windows systems that had not yet been updated with Microsoft’s March security patch. Per the ransomware playbook, this attack locked people out of their computers, encrypted files and demanded those impacted pay up to $300 in bitcoin -- a price that doubles after three days. What's worse is the malware also behaves like a worm, potentially infecting computers and servers on the same network.

How to Mitigate Damages from WannaCry Ransomware Attack (Netral News) The new WannaCry ransomware attack has infiltrated 57,000 computers in 150 countries.

A Windows XP bug makes it possible to recover files encrypted by WannaCry (Help Net Security) In an unusual turn of events, a Windows bug allows WannaCry victims that run Windows XP to decrypt the files encrypted by the ransomware.

HHS Ramps Up Cyber Threat Information Sharing (GovInfo Security) A series of email alerts from the Department of Health and Human Services about the WannaCry ransomware campaign - and a number of related daily conference calls

They predicted the 'WannaCry' ransomware cyberattack, so how come few listened? (Los Angeles Times) But did companies think the cybersecurity community was just crying wolf?

The WannaCry Legacy: How the Attack Will Shape Cybersecurity (PRNewswire) The WannaCry ransomware that has affected more than...

Expert Brooks on #Cybersecurity: Is WannaCry Ransomware Just the Warm-Up Act (High Performance Counsel) Cybersecurity. When ambulances are delayed, we take notice. The devastating WannaCry ransomware attack had massive impact in social and financial terms worldwide. But was it just a warn-up act for far worse? Is the legal sector in the cross-hairs?

Multiple Groups Have Been Exploiting ETERNALBLUE Weeks Before WannaCry (Sedco) Secdo has uncovered a new evasive attack that leaves no trace and has been infecting organizations using NSA exploits since the mid-April.

Secdo Discovers Hackers Exploited NSA's ETERNALBLUE Weeks Before WannaCry Outbreak to Steal Login Credentials (MarketWired) Organizations potentially exposed to future thread-level attacks that install backdoors, exfiltrate data and steal credentials

New Cyber Attack Exploits Microsoft Bug, Generates Digital Currency (Investopedia) Another cyber attack relying on a Microsoft bug is spreading around the globe at the same time the hacking group Shadow Brokers is warning of more pain to come.

Massive Adylkuzz cyberattack underway (NewsComAu) Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide.

Adylkuzz hack, called larger than WannaCry, slows computers across the globe (CBS News) Hundreds of thousands of computers around the world have been impacted by another malware attack that uses tools developed by the NSA

CryptoMining malware Adylkuzz using the same vulnerability as WannaCry (HackRead) It seems that WannaCry had a predecessor that apparently carried out attacks which involved mining the cryptocurrency Monero using the same vulnerability f

New Threats Fuel Fears of Another Global Cyberattack (Fox Business) A new fast-spreading computer attack and a hacking group's threat to release a fresh trove of stolen cyberweapons are fueling fears among businesses and security experts of another global technology assault.

Uiwix Ransomware Using EternalBlue SMB Exploit To Infect Victims (BleepingComputer) A ransomware called Uiwix has been discovered to be using the EternalBlue exploit to infect vulnerable victims. While Uiwix is still being researched, this article will provide details on what is currently known.

Ransomware fear-flinger Uiwix fails to light (Register) Stand down, folks. Back to Defcon none

China issues warning for new ransomware virus (The Star Online) China has urged Windows users to protect themselves against a new ransomware virus similar to the WannaCry bug that wreaked havoc worldwide last week.

Security firm traces ransomware origins, targets - The Nation (The Nation) A private firm’s security appraisal has found that 77 per cent of all ransomware detected targeted four industries – business and professional services, government, healthcare and retail.

Twitter is down for some users (TechCrunch) Twitter seems to be having some technical difficulties this morning, with the network going down for some folks. Down Detector's live outage map shows..

You were not alone; Twitter went down everywhere (HackRead) If you were wondering what's going on with the social media giant Twitter, then don't worry you were not alone. Reports indicated that Twitter was down in

Avast Warns of Cyber-Attacks on Routers and IoT Devices (NDTV Gadgets360.com) Avast, the company behind the leading antivirus software, warned Thursday against attacks on home appliances connected to the Internet, calling hackers targeting home routers a major threat to consumers.

Three home security systems found to be vulnerable – if hackers were hiding in bushes (Register) Pointblank weaknesses have since been patched

APT3 Threat Group a Contractor for Chinese Intelligence Agency (Dark Reading) Record Future says its research shows clear link between cyber threat group and China's Ministry of State Security.

Chinese Government Contractor Identified as Cyber-Espionage Group APT3 (BleepingComputer) An anonymous group known as Intrusion Truth has published evidence that links an intelligence contractor working with the Chinese government to cyber-attacks that have been carried out by a cyber-espionage group known in the infosec community as APT3.

HandBrake malware attack led to theft of Panic apps' source code (Help Net Security) Software company Panic Inc. has announced that some of the source code for their offerings has been stolen, and they are being blackmailed by the attackers.

Who's responsible for fixing SS7 security issues? (Help Net Security) SS7 security issues have come to a head: attackers were able to exploit them to empty users' bank accounts. The time to act is now, but what can be done?

What is the SS7 protocol and what are its security implications? (SearchSecurity) The SS7 protocol is under scrutiny because of its security vulnerabilities and potential privacy issues. Here's a look at the protocol and its problems.

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division (KrebsOnSecurity) Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus.

DDOS attacks in Q1 2017 (Exploit This) Although the first quarter of 2017 was rather quiet compared to the previous reporting period, there were a few interesting developments. Despite the growing popularity of IoT botnets, Windows-base…

DDoS Attacks Are in Decline in Number and Size, Akamai Report Finds (eWEEK) According to Akamai's latest State of the Internet/Security Report, both the total number of DDoS attacks and the number of large DDoS attacks declined at the beginning of 2017.

Smartphones are a lucrative business for hackers (GulfNews) Devices are becoming the target and entry point for a wide range of risks Lookout says

Inside Russia’s Social Media War on America (Time) On March 2, a disturbing report hit the desks of U.S. counterintelligence officials in Washington. For months, American spy hunters had scrambled to uncover details…

Facebook is losing the fight against the spread of fake news (Naked Security) How can you work out what’s true and what’s not in the torrent of stories on Facebook when the platform itself can’t reliably flag up a fake story?

Have you inadvertently joined a Trump-supporting robot army? (Naked Security) If your data was exposed in one of two recent breaches, there’s a good chance your details have been used by an army of bots to support the proposals to end net neutrality

Security Patches, Mitigations, and Software Updates

Security experts hit out at Google over refusal to patch Android security flaw exploited by ransomware (Computing) Despite WannaCry, Google won't patch security flaw present in Android since October 2015

Verizon rolling out a security update to HTC 10 (Blasting News) The carrier pushed out a security software update for its variant of the HTC 10 smartphone.

Cyber Trends

Companies keeping Bitcoin on hand in case of ransomware attacks (Graham Cluley) Companies are stockpiling Bitcoin just in case they suffer a ransomware attack and need to quickly regain access to their data.

Cyberattacks changing but on the rise: ThreatMetrix report (Bankless Times) The sheer volume of cyberattacks is more than enough proof of the need for vigilance when protecting your online financial data, a new report from ThreatMetrix suggests. The occurrence of fraud is …

Solarwinds MSP: Overconfidence in Security Damaging for Businesses (Channel Partners) The recent WannaCry ransomware attack is aptly named based on SolarWind MSP cybersecurity survey findings.

Healthcare organizations still complacent about cybersecurity (Help Net Security) Cybersecurity within the healthcare sector has been traditionally poor, at best. Most organizations limit themselves to box ticking exercises.

Research Finds IT Professionals Lack Company Loyalty (Infosecurity Magazine) 71% of IT practitioners claimed that brand protection was not their responsibility

Business Nightmare Scenarios Detailed a Week Since WannaCry (Infosecurity Magazine) Independent computer security researcher Graham Cluley described the three main areas of concern for businesses in 2017

RSA: Quarter of UK Consumers Boycott Breached Firms (Infosecurity Magazine) RSA: Quarter of UK Consumers Boycott Breached Firms. Latest poll suggests consumer trust is at all-time low

Marketplace

Cyberattacks prompt massive security spending surge (Phys.org) The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.

Cyber security companies boosted by hack concerns (Investors Chronicle) Being the software security provider to the recently hacked NHS has not hurt Sophos (SOPH). Shares in the UK's biggest listed cyber security company rose 8 per cent on Monday, as investors speculated - with good reason - that the group's services are likely to be in greater demand after the high-profile cyber ransom attack.

WannaCry Puts These 3 Cybersecurity Stocks in the Spotlight (The Motley Fool) WannaCry reveals how vulnerable organizations are to cyberattacks. These three companies can protect from future disasters.

What You Need to Know Before Investing in Cybersecurity and 3D Printing Companies (The Motley Fool) Get the latest investor takeaways for cybersecurity, 3D printing, housing, and ... Oreos?

'Directors without cyber insurance may be personally sued' (Ynetnews) 'Israel is completely in a league of its own,' says a world expert on cyber communications, who arrived this week in Israel for an insurance conference; the president of the insurance and finance group Harel, Gideon Hamburger, spoke about the damages that could be caused to officials due to cyber attacks.

Carbon Black CEO on acquisition rumors: 'Why would you do that?' (Boston Business Journal) After $190 million in funding and several years of rapid growth, cybersecurity company Carbon Black looks poised for an IPO. But companies have been snapped up at a similar stage of growth before, and IBM Security is an active acquirer in the area.

Mobile Security Firm Wandera Raises $27 Million (Fortune) New mobile threats.

Cisco Systems, Inc. (CSCO) Stock Wipes Out on Awful Guidance (InvestorPlace) Cisco has been rising as its turnaround shows spots of brilliance, but CSCO stock hit a major speed bump Wednesday amid lousy Q4 guidance.

Symantec: Quarter Was A Lot Better Than The Headlines, WannaCry Is Another Tailwind (Seeking Alpha) Symantec reported the results of its fiscal Q4 last week. The results disappointed some investors, particularly as the shares had recently achieved an all-time

Juniper Networks: Is It Time To Buy? (Seeking Alpha) The stock price of Juniper Networks has gained 35% over the last year. The company seems to find a perfect strategy which allows exploiting core capabilities in

Governor Larry Hogan Announces Excel Maryland Initiative to Grow Life Sciences and Cyber Startups (Office of Governor Hogan) Touts Administration’s success making Maryland “Open For Business” at inaugural Governor’s Business Summit

US business delegation returns to view the Midlands’ world class cyber sector (Worcestershire LEP) Following the success of the regional cyber trade mission to Maryland last year, a US business delegation of cyber security companies will return to the Midlands between 5-9 June 2017....

Booz Allen Chosen to Help Modernize the Navy’s Tactical Networks (American Security Today) A reliable connection to communications networks can be challenging on land, and even more so at sea. The U.S. Navy’s Tactical Networks Program Office (PMW 160) is responsible for ensuring the Navy has access to secure and reliable communications networks on any platform, anywhere. To support the modernization of these Tactical Networks, the Navy’s Program …

Anomali to create 120 new jobs at Belfast R&D lab (Finextra Research) Invest Northern Ireland today announced major investments which will bolster Northern Ireland’s cyber security sector. US based cyber security firm Anomali will create 120 new jobs with the opening of its European Research and Development Labs in Belfast and the Centre for Secure Information Technologies (CSIT) will generate investment of £38.5m in research & development, which will encourage the growth of the cyber security sector here.

Verint Awarded Multimillion Dollar Government Cyber Security Project (BusinessWire) Verint Awarded Multimillion Dollar Government Cyber Security Project; Company's Solution to Help Protect Latin American Government from Advanced Cyber

Terbium Labs Appoints New CTO and Hires Sales Leader to Support Accelerated Growth and Adoption of Dark Web Data Intelligence Platform (Sys-Con Media) Brett Davis joins Terbium Labs as Vice President of Sales responsible for driving enterprise sales of Matchlight; Chief Data Scientist Clare Gollnick promoted to CTO

Greystones Names New Chief Technology Officer (PRNewswire) Greystones Consulting Group, The D.C. based professional consulting,...

Products, Services, and Solutions

New infosec products of the week: May 19, 2017 (Help Net Security) New information security products of the week include interesting releases from CA Technologies, Delta, F-Secure, NetMotion, and SailPoint.

Clavister Selects Webroot BrightCloud® (Webroot) Webroot Provides Clavister Customers a Real-Time Solution to Detect and Block Malicious Incoming

Virginia hospitals develop new guidelines to protect against cyber threats (WTKR.com) Virginia hospitals have developed new guidelines to protect patients' information after the recent global ransomware attack that hit at least 150 countries and infected 200,000 machines.

ESET Ireland’s Top 8 Tips For Preventing ‘WannaCry’ Ransomware Attack (Information Security Buzz) On Friday, 12th of May, the world was rocked by the biggest ransomware attack in history. It started with Spain’s telecom sector, then news started coming in about British Health Service being targeted and attacks on FedEx, several Russian banks and ministries as well as many other targets in about a hundred countries across the world. The culprit? A …

Using deep learning to thwart malware - even WannaCry (diginomica) How startup Deep Instinct uses deep learning AI technology to detect undocumented malware and might have thwarted last week's WannaCry ransomware outbreak

It’s Time to Think Differently about Threat Operations (ThreatQuotient) Can you really “manage” threats? Is that even a worthwhile goal? And how do you define a threat?

60-second countdown: Stopping a cyber breach within 1 minute (SiliconANGLE) Once cyber attackers breach an enterprise, they will likely be able to compromise it in as little as 60 seconds, according the 2016 Verizon Data Breach Report.

Dome9 Launches Channel Program to Meet Enterprise Demand for Verifiable Public Cloud Security (MarketWired) Key deal inked with Westcon-Comstor to extend Dome9's global enterprise market expansion

Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution (CRN) Fishtech, founded by FishNet Security founder Gary Fish, announced it is working on building a Cloud Security Operations Center, to provide purpose-built cloud security services to customers.

Technologies, Techniques, and Standards

ISA99: Developing the ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security (ISA99 Committee) The ISA99 committee provides this site as a means of facilitating collaboration both within the committee ands with interested stakeholders. Anyone can use the links provided on these pages to review recent committee news and monitor committee activities.

New NIST guidelines banish periodic password changes (Graham Cluley) New draft guidelines have been issued by NIST are recommending that users should not be forced to periodically change their passwords.

Wallet Ransomware Master Keys Released on BleepingComputer. Avast Releases Free Decryptor (BleepingComputer) This morning a newly registered member posted the master decryption keys for the Wallet Ransomware in the BleepingComputer.com forums. Once these keys were determined to be valid, Avast updated their decryptor to support the .Wallet extension. Victims can now use this decryptor to decrypt their files for free.

Implementing GDPR in local government - where to prioritise (Computing) Pitney Bowes' Andy Berry gives a run-down for local authorities on what they need to do to become GDPR-compliant - before May next year

5 Things To Consider While Building Your Continuous Security Monitoring Strategy (BitSight) Having a continuous security monitoring strategy is difficult—but the five components listed in this article will give you a leg up in its creation.

Electronic warfare emerging in Army arsenal (C4ISRNET) The Army continues to evaluate and integrate electronic warfare capabilities into its tool set.

What Is A VPN - The Ultimate Beginners Guide for 2017 (vpnsrus.com) What is a VPN? We explain all you need to know about VPNs, including the pros, cons and legal implications of using them in a wide range of cases.

5 Security Lessons WannaCry Taught Us the Hard Way (Dark Reading) There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

Deconstructing the 2016 Yahoo Security Breach (Dark Reading) One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.

Legislation, Policy and Regulation

WannaCry: How Did the US's Non-Proliferation Failure Become a “Global” Cyber Security Threat? (The Wire) Though the devastating ransomware attack was a failure on the NSA's part, current UN cyber norms are far too weak to hold the US responsible.

Congress will consider a new Cybersecurity Bill that could shift power away from NSA (Newsweek) Proposed bill would require the NSA to inform other government agencies about security holes it finds in software.

US spies could have to disclose their hacking tools to the public under a new proposal (CNBC) It comes after the hackers behind the WannaCry cyberattack used an NSA exploit to deploy their virus.

Johnson Sponsors Bill To Enhance Cybersecurity (Wisconsin Public Radio) U.S. Sen. Ron Johnson, R-WI, co-introduced a bill with Sen. Brian Schatz, D-HI, to enhance cybersecurity in the wake of a global cyber-attack that hit 150 countries last weekend. The bill would create an intelligence review board that decides how the government goes about sharing information about software vulnerabilities.

The Equities Decision: Deciding When to Exploit or Defend (Chertoff Group Point-of-View) The whole WannaCry episode has understandably resurrected the question of NSA's role in identifying and then exploiting or patching cyber vulnerabilities.

Should spies use secret software vulnerabilities? (The Conversation) What's the best way for spy agencies to protect the public: secretly exploit software flaws to gather intelligence, or warn the world and avert malicious cyberattacks?

IronNet’s Keith Alexander: Govt-Industry Collaboration Needed to ‘De-Risk’ Security Tools (ExecutiveBiz) Retired U.S. Army Gen. Keith Alexander, president and CEO of IronNet Cybersecurity, has said the government and private sector must work together to fight cyber threats and de-risk security tools that intelligence agencies use against enemies following a ransomware attack that has affected systems worldwide, TechCrunch reported Wednesday. The former National Security Agency director talked about the global “WannaCry” attack...

Israel Defence Forces Will Not Create a Cyber Command, But Will Strengthen Military Cyber Defences (SpaceWatch Middle East) The Israel Defence Forces (IDF) has decided not to create a unified cyber command that would have placed its signals intelligence collection, offensive cyber operations, and cyber defence units under one central military organisation that would have been the equivalent of Israel’s land, sea, and air forces.

Trump’s Cyber Executive Order is More Study than Action (Roll Call) PresidentTrump’s executive order on cybersecurity this month tracks the recommendations of commission that urged fixes in government IT systems.

Lawmakers push Defense nominees to 'be a continued irritant' for cyber policy (FederalNewsRadio.com) Lawmakers are pushing key Defense Department nominees to begin considering how to put a comprehensive cyber policy in place.

E.U., U.S. officials meet to discuss possible carry-on laptop ban that has raised fears of air traffic disruption (Washington Post) The discussion of the possible ban came after Trump disclosed sensitive related information to Russia.

()

A Trump FCC advisor’s proposal for bringing free Internet to poor people (Ars Technica) Trump advisor says net neutrality hindered free data services for the poor.

Internet Providers Insist They Love Net Neutrality. Seriously? (WIRED) As the FCC starts the process of dismantling its own net neutrality protections, telecoms say not to worry. But their commitment is full of holes.

Litigation, Investigation, and Enforcement

Iran releases list of 9 sanctioned US firms, individuals (Mehr News Agency) Foreign Ministry has updated the list of sanctioned US firms and individuals following the recent move by Washington in imposing new sanctions on Iran for its missile program.

If Nothing Else, Robert Mueller Could Bring Clarity to Trump’s Russia Ties (WIRED) The special counsel role has a whole lot of room to work, which will hopefully clear up all the innuendo.

US, Israeli spies upset that Trump shared intel with Russia (Military Times) The United States and Israel are publicly brushing aside President Donald Trump's reported sharing of a highly classified tip from Israel with Russia, but spy professionals on both sides are frustrated and fearful about the repercussions to a critical intelligence partnership.

F.B.I. Once Warned G.O.P. Congressman That Russian Spies Were Recruiting Him (New York Times) The 2012 warning to Dana Rohrabacher, an ally of President Trump, shows that the F.B.I. has for years viewed Russian spies as having a hand in Washington.

Julian Assange: Sweden drops rape investigation (BBC News) The arrest warrant for the Wikileaks founder, holed up in Ecuador's embassy in London, is revoked.

This Guy Phished Over 50 Women Just to Violate Their Privacy (Motherboard) Sometimes, the threat may not be all that technologically sophisticated, but hackers can still grab a wealth of personal information from a victim.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

O’Reilly Artificial Intelligence Conference (New York, New York, USA, June 27 - 29, 2017) From bots and agents to voice and IoT interfaces, learn how to implement AI in real-world projects, and explore what the future holds for applied artificial intelligence engineering.

upcoming Events

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans now to attend SANS Northern Virginia - Reston 2017.

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

cybergamut Technical Tuesday: Future of System Exploitation (Elkridge, MD, USA, May 23, 2017) This talk describes recent trends in vulnerability research and system exploitation, provides case studies of systems that were compromised that were not believed to be vulnerable (or in novel ways), discusses implications and makes some predictions regarding future trends in the area. It will be presented by: Jason Syversen of Siege Technologies. He's a computer security technologist and entrepreneur with 20 years of experience in technical and leadership roles with cybersecurity, research, and development organizations.

SC Cyber 2017 Summit (Columbia, South Carolina, USA, May 23, 2017) SC Cyber, in partnership with the U.S. Chamber of Commerce and the South Carolina Chamber of Commerce, will host a cybersecurity summit that brings together top experts nationally from government, law enforcement, and the private sector to help small and mid-size business owners develop, evaluate, and strengthen cybersecurity programs. More than 300 attendees are expected, representing industry, government, military, and academia.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will convene leaders from industry, academia and government to identify and discuss priorities for a Canadian cybersecurity education and workforce development strategy.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's increasing sophistication has driven new trends in device mobility, social media, and expanded connectivity. Cyber security once considered an issue for IT staff has evolved into a concern for the entire organization. This year's conference examines the broad range of today's cyber challenges and the ways in which organizations can improve security, and create resiliency against cyber threats.

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks. Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

WannaCry's week: big nuisance, but not a catastrophe. Rumors of other EternalBlue problems in the wild. Home IoT vulnerabilities. Twitter's up-and-down. Google's plans for an Android patch are poorly received.