The CyberWire Daily Briefing 5.22.17

Summary

By The CyberWire Staff

WikiLeaks continued to disgorge the contents of its Vault7 with another document dump late Friday. This latest tranche continues WikiLeaks' recent concentration on alleged CIA tools, in this case an implant, "Athena," said to be capable of infecting Windows systems from XP to Windows 10 (WikiLeaks' Assange may be out from under the shadow of Swedish criminal law, but the Americans continue to be interested in him.)

The New York Times reports on a Chinese roll-up of CIA sources in China between 2010 and 2012. Investigators are said to be divided on how information about the agents apparently leaked: was the information obtained from a mole or by hacking?

"XData," a new strain of ransomware, hit Ukraine hard over the weekend, with signs of preliminary infections spreading to Estonian and German targets.

WannaCry infestations slowed late last week, but there are signs of an attempted revival as botnets assail the domain that sinkholed the ransomware. Looking back at the incident, Russian banks, Britain's National Health Service, and many, many Chinese users of unauthorized and unpatched Windows software seem to have been the most prominent victims. Preliminary circumstantial attribution continues to focus on North Korea. (Pyongyang dismisses the accusations as "ridiculous.")

Cyphort and other security researchers report that EternalBlue, the exploits that enabled WannaCry, are being used to distribute a remote-access Trojan. The RAT appears to be establishing persistence in networks whence it could stage future operations. Unlike WannaCry, it's not ransomware and it's not a worm; it looks like espionage.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Bahrain, China, Estonia, European Union, Germany, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Kuwait, Malaysia, Nigeria, Oman, Qatar, Russia, Rwanda, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, and United States.

A note to our readers: The CyberWire will be covering the second annual Cyber Investing Summit in New York City tomorrow. Watch for our live coverage on Twitter (@TheCyberWire) and for full accounts of the Summit over the course of the week.

On the Podcast

Today's podcast features insight from our partners at the Johns Hopkins University, as Joe Carrigan talks us through the basics of virtual private networks.

Sponsored Events

The Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, CenturyLink, root9B, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $350)

SANS Technology Institute (online event, June 13, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Tuesday, June 13th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

CyberTech Fairfax (Fairfax, Virginia, USA, June 13, 2017) Cybertech Fairfax: meet tech execs, start-ups, investors & legal, media & mktg pros changing the global cyber landscape. Cybertech Fairfax is a thought-provoking conference on global cyber threats, solutions, innovations and technologies.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Vault 7: CIA Co-Developed Athena Malware with US Cyber-Security Company (BleepingComputer) According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant...

Did China Hack The CIA In Massive Intelligence Breach From 2010 To 2012? (International Business Times) China killed and imprisoned dozens of CIA informants from 2010 to 2012, making U.S. officials speculate whether there was a mole within the CIA or if China hacked into the agency's communication system.

Killing C.I.A. Informants, China Crippled U.S. Spying Operations (New York Times) At least 18 C.I.A. sources were killed or imprisoned in China between 2010 and 2012, one of the worst intelligence breaches in decades. Investigators still disagree about how it happened.

Shadow Brokers Planning to Cause Extra Damage with More Zero Day Bugs (AppsforPCdaily) Shadow Brokers resurface, offer to sell fresh 'wine of month' club exploits

XData Ransomware on a Rampage in Ukraine (BleepingComputer) A new ransomware strain named XData has wreaked havoc in Ukraine in the last 24 hours, locking computers for hundreds of users.

Another Ransomware Nightmare Could Be Brewing in Ukraine (WIRED) A new type of ransomware called XData is spreading at an alarming rate.

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (BleepingComputer) Researchers have detected a new worm that is spreading via SMB

WanaCry: Multiple Malware Families Using the EternalBlue Exploit (Forcepoint) A week on from the WannaCry outbreak, a huge number of articles have been written on the topic.

New Threats Emerge Using Same Exploit As WannaCry Ransomware (eSecurity Planet) Cybercriminals are leveraging the EternalBlue vulnerabilities to launch a range of other attacks.

#WannaCry Exploit Now Being Used to Spread Spy Trojan (Infosecurity Magazine) Threat actors are using the same EternalBlue exploit used by WannaCry to deliver a RAT to spy or take control of PCs.

Botnets Are Trying to Reignite the Ransomware Outbreak (WIRED) The "sinkhole" domain that's held the ransomware in check is coming under repeated denial-of-service attacks.

#WannaCry Didn’t Start with Phishing Attacks, Says Malwarebytes (Infosecurity Magazine) #WannaCry Didn’t Start with Phishing Attacks, Says Malwarebytes. Security vendor claims port scanning was first stage in campaign

UPDATE 1-Wannacry cyber attack compromised some Russian banks: c.bank (Business Insider) (Adds detail, context)MOSCOW, May 19 (Reuters)...

How Nigeria escaped ‘WannaCry’ cyber-attack (Daily Trust) Though slowing down now, Information Technology experts have warned of possible fierce comeback of the Ransomware attack, which has inflicted damages on more than 150 countries and over 300, 000 computer systems across the world.

North Korea says linking cyber attacks to Pyongyang is 'ridiculous' (Reuters) North Korea's deputy United Nations envoy said on Friday "it is ridiculous"

North Korea denies role in WannaCry malware (TheHill) "Ridiculous," said North Korea's deputy ambassador to the U.N.

Experts question North Korea role in WannaCry cyberattack (Chitwan Online FM) A couple of things about the WannaCry cyber attack are certain. It was the biggest in history and it’s a scary preview of things to come — we’re all going to have to get used to hearing…

North Korea hackers have been linked to NHS cyber attack (The Independent) North Korea's secret cyber hackers were probably responsible for the "ransomware" attacks that crippled governments, hospitals and businesses in 150 countries, defectors from the rogue state and internet experts have said.

Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West (Reuters) North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts.

Over 98% of All WannaCry Victims Were Using Windows 7 (BleepingComputer) Numbers released by Kaspersky Lab on Friday reveal that over 98% of all documented WannaCry infections were running versions of the Windows 7 operating system.

Who Let the Bug Out? Is the NSA Responsible for “WannaCry?” (diginomica) Do American spy agencies have a responsibility to tell software manufacturers about dangerous potential exploits they may find in their products?

Spotlight: WannaCry outbreak a cybersecurity wake-up call (Xinhua) Cybersecurity experts said the recent WannaCry ransomware outbreak is a wake-up call for the world, calling for improved cybersecurity awareness.

NRW-Parkhäuser mit "Wanna Cry" infiziert (RuhrNachrichten) In Essen, Düsseldorf, Grevenbroich und Hagen sind Kassenautomaten in den Parkhäusern eines niederländischen Betreibers mit der Erpresser-Software "Wanna Cry" infiziert worden. Das meldete das IT-Sicherheitsunternehmen G Data am Donnerstag. Der Vorfall lässt ahnen, wie groß die Auswirkungen von Cyber-Attacken für Betriebe sein können.

NHS cyber-attack causing disruption one week after breach (the Guardian) Hospitals slowly returning to normal after ransomware attack led to cancelled operations and diverted ambulances

Simple solutions to NHS cyber attack are not reflective of reality - Deloitte (Digital Health) Simple solutions to the huge cyber-attack that caused chaos in the NHS last week do not reflect the complex reality on the ground, says a Deloitte director.

Can manufacturers find safety in the cloud? (Institution of Mechanical Engineers) As companies, universities and government institutions reel from the WannaCry ransomware attack, some are turning to the cloud. But is it any safer?

Ransomware (NOVA l PBS) The cyberattack called WannaCry has cost the global economy billions of dollars.

Ransomware Rocks Endpoint Security Concerns (Dark Reading) Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.

WannaCry: could something similar happen to Android? (Naked Security) If WannaCry blazed through Windows machines like wildfire, how safe are Android devices from ransomware?

Why WannaCry might make Microsoft cry in China (IDG Connect) Friday 12 March, 2017 will long be remembered by cybersecurity professionals around the world. On this day, the now infamous WannaCry ransomware epidemic began to worm its way around PCs and servers across the planet.

China issues warning for new ransomware virus (The Eddys' Blog) China has urged Windows users to protect themselves against a new ransomware virus similar to the WannaCry bug that wreaked havoc worldwide last week.

Heartbleed vs. WannaCry: A tale of two cyber attacks (FederalNewsRadio.com) The Office of Management and Budget and the Department of Homeland Security led a much more coordinated and informed defense against the WannaCry cyber attack that began May 12.

#WannaCry BT Phishing Scam Spotted (Infosecurity Magazine) #WannaCry BT Phishing Scam Spotted. ActionFraud urges users not to click through

Can F-35 jets be hacked? Cyber threats endangering human lives not far away warns expert (International Business Times UK) Find out if one of the most sophisticated jets in the world can be taken over remotely.

Iranian Hacker Group OilRig Thought to Be Using Russian Hackers-for-Hire in U.S. Cyber Attack (SpaceWatch Middle East) TrapX, a U.S.-based cyber security and research company, are claiming that the OilRig hacker group t

Are there Insecure Webforms on your Assets? Data Suggests Yes (RiskIQ) Are your customers putting sensitive data into insecure webforms? Data suggests many people are, and it puts them at risk.

NAND flash attack can corrupt SSD data (Computing) SSDs vulnerable to Rowhammer-style attacks that can corrupt data and shorten the life-span of flash storage

Terror Exploit Kit Evolves Into Larger Threat (Threatpost) The Terror exploit kit has matured into a greater threat and carefully crafts attacks based on a user’s browser environment.

Twitter says Vine users’ emails and phone numbers were exposed for a day, but weren’t misused (TechCrunch) Twitter is alerting Vine users of a bug that exposed their email addresses and, in some cases, phone numbers to third parties. It's also advising..

Brazilian Fraudsters Create Device to Punch Out EMV Chips (Flashpoint) Brazilian fraudsters developed a new tool for targeting EMV chip cards that demonstrates that sophistication doesn’t always trump creativity.

Typosquatting: Awareness and Hunting (SANS Internet Storm Center) Typosquatting has been used for years to lure victims…

Dark Web Market Shuts Down Claiming Hack, but Users Fear an Exit Scam (BleepingComputer) Outlaw was a veteran of the Dark Web marketplaces, founded way back in 2013. The site was never the most popular destination for online criminals but had a steady following.

Questions Raised After Reporter Fools Bank Biometrics (Infosecurity Magazine) Questions Raised After Reporter Fools Bank Biometrics. HSBC’s Voice ID system allowed imposter eight log-in attempts

Security Patches, Mitigations, and Software Updates

Patches Pending for Medical Devices Hit By WannaCry (Threatpost) Companies such as Siemens and Bayer are planning to release patches for medical devices hit by the ransomware WannaCry over the past several days.

Why Microsoft Failed To Update Windows Systems - Information Security Buzz (Information Security Buzz) In the wake of the WannaCry attack, Cesare Garlati, Chief Security Strategist at prpl Foundation, gives a reason on why Microsoft failed to release the fix for older Windows systems.

How Microsoft Made Money With WannaCry Ransomware Patch (News18) The software giant only sent the free security update -- or patch -- to users of the most recent version of the Windows 10 operating system, the report said.

Why do we need 'accidental heroes' to deal with global cyber-attacks? | Evgeny Morozov (Guardian) Big tech firms say they are the only providers of large cybersecurity services – even as their products are compromised. The conflict of interest is huge

The security tech titans owe their customers (Financial Times) We accept these monopolies so long as the products keep improving

WordPress 4.7.5 Fixes Six Security Vulnerabilities (eSecurity Planet) Widely deployed open-source content management system patched for a half-dozen different issues as new bug bounty program is set to debut.

T-Mobile ZTE Max Pro and Verizon ZenPad 8 receive update today (The Android Soul) News about Android update and devices

Android Security Gets a Boost with Google Play Protect (Infosecurity Magazine) Using machine learning, Google said that it now scans more than 50 billion apps every day.

Zomato will contact 6.6 million 'hacked' users to update their security details (TimesNow) Following reports of 17 million Zomato accounts being compromised, the online food ordering app, in a statement, said that it will be reaching out to 6.6 million users, whose encrypted passwords could be theoretically decrypted.

Yahoo! retires! bleeding! ImageMagick! to! kill! 0-day! vulnerability! (Register) Purple Palace pays researcher US$778 bounty per byte

Cyber Trends

One third of executives have blockchain on their mind (Help Net Security) In a study among C-Suite executives, one third of almost 3,000 executives surveyed are using or considering blockchain in their business.

A day in the life of a threat researcher (CSO) After leaving Exabeam at the end of the workday, Ryan Benson’s mind doesn’t shut off when it comes to thinking about designing new defenses against Black Hats. See what his day looks like.

Security Pros Reveal How They Cope With Rising Tide of Cyber-Attacks (eWEEK) A new report from Bay Dynamics reveals some inconvenient truths about how cyber-security professionals spend their time.

Cybercrime surge in Malaysia (Business News | The Star Online) Cybercrime is growing in Malaysia, as statistics from CyberSecurity Malaysia show.

IT security yet to become a priority with Indian firms (Times of India) Chennai: While several corporates are still reeling under the attack of the WannaCry ransomware, cyber security experts say most companies do not have basic security protocols in place.

Marketplace

WannaCry: Cybersecurity Firms Are Profiting From Ransomware Attack (Fortune) The highly publicized cyber attack is good for business.

Cyberattacks prompt massive security spending surge (Tech News | The Star Online) The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at US$120bil (RM518.76bil) this year, more than 30 times its size just over a decade ago.

Jumping on the bandwagon, yay or nay for cyber security brands? (The Drum) In the wake of the massive WannaCry ransomware attack, one would think that cyber security salespeople were rubbing their hands in glee with the potential of customers banging their doors down.

Palo Alto Comeback Coming? Jefferies, Citi At Odds (Investor's Business Daily) Jefferies upgraded Palo Alto Networks (PANW) to buy Friday on views that the security software provider's sales will re-accelerate "at some point over the next couple quarters" while Citigroup is more cautious, saying fiscal 2018 estimates may be too high.

Symantec Offers A Security Play For Investors (Seeking Alpha) Symantec is a good security play with growth and value prospects against the competition. Company is driving demand for security as a service. Stands to gain th

Symantec: Incoherent Business Pursuits (Seeking Alpha) Symantec has seen its fair share in the computing-security history when antivirus for desktops dominated the market, but with cybersecurity front and center now

Cisco Systems: A Better Bargain Than Ever? (Seeking Alpha) Cisco Systems (NASDAQ:CSCO) recently reported financial results for the third quarter of fiscal 2017. The company’s bottom-line performance was robust. GAAP ear

Oracle Cloud Security Services Pass the 1-Million-Customers Mark (SDxCentral) Oracle cloud security services now has more than 1 million customers, just six months after launching the new portfolio.

Raytheon to set up new company in Saudi Arabia (Trade Arabia) Raytheon Company, a technology and innovation leader specialising in defence and cybersecurity solutions, has joined forces with the newly-created Saudi Arabia Military Industries...

A10 Networks Names New Chief Financial Officer (BusinessWire) A10 Networks Names Tom Constantino as Executive Vice President, Chief Financial Officer.

Neustar Appoints Sai Huda to Oversee Risk Solutions () Neustar, Inc. (NYSE:NSR), a trusted, neutral provider of real-time information services, today announced it has appointed Sai Huda as General Manager of Risk Solutions

Darktrace wins National Technology Award (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.

Products, Services, and Solutions

iTWire - After WannaCry outbreak, ESET offers free cyber security training (ITWire) In the wake of the WannaCry ransomware outbreak, security firm ESET is offering free cyber security awareness training to anyone interested in learning more about its importance and how to lower the risk of being attacked.

Cybersecurity firm Trusona develops no-password login feature for Salesforce (Phoenix Business Journal) Scottsdale-based Trusona is continuing its no-passwords login options by offering a new Salesforce.com login with a unique QR code.

Unapplied Knowledge: Using Endpoint Intelligence to Make Your Organization More Secure (Security Intelligence) Security professionals can now add the previously unapplied knowledge from IBM BigFix to the existing set of data available through QRadar.

Bitdefender blocks WannaCry ransomware attack (Normangee Star) Cyber experts on Tuesday said the Indian banking system could be the next victim of the WannaCry “ransomware” cyber attack, ANI reported.

22 million WannaCry ransomware attack attempts blocked by Symantec (Click Lancashire) The ransomware cyberattack known as "WannaCry" infected hundreds of thousands of computers globally on Friday, but the malware was first detected in March and publicly reported stolen from the United States National Security Agency a month later.

Welcome to the Next Phase of the Facebook Backlash (WIRED) Privacy watchdogs think a damning leaked document about Facebook targeting insecure teens could help usher in new era in privacy protections.

Facebook content moderation guidelines leaked (Ars Technica) Misogyny, bullying are generally ok, threats against Trump are not.

Facebook’s content moderation rules dubbed “alarming” by child safety charity (TechCrunch) The Guardian has published details of Facebook's content moderation guidelines covering controversial issues such as violence, hate speech and self-harm..

Technologies, Techniques, and Standards

There's now a WannaCry decryptor tool for most Windows versions (Help Net Security) As the criminals behind WannaCry are trying to make it work again, security researchers have created tools for decrypting files encrypted by it.

Available Tools Making Dent in WannaCry Encryption (Threatpost) Tools are beginning to emerge that can be used to begin the process of recovering files encrypted by WannaCry on some Windows systems.

After 'WannaCry,' a renewed focus on patching (Washington Examiner) It may not be the long-dreaded "cyber Pearl Harbor," but the WannaCry attack on healthcare, telecom and other entities is sharpening cybersecurity...

WannaCry invasion preventable with patch, security updates: Kaspersky (ECNS) The installation of the official Microsoft patch and security software updates can be an effective way to protect computers from attacks of the WannaCry ransomware

How to Secure a Business Network, Servers and Endpoints (Heimdal Security Blog) This short article offers practical advice and tips on how to protect a company's business network, including servers and endpoints.

WannaCry ransomware attack should push hospitals to gauge certain tech (SearchHealthIT) Experts discuss what healthcare organizations need to be doing in order to protect themselves from events like the WannaCry ransomware attack.

Jaya Baloo on WannaCry and Defending Against Advanced Attacks (Threatpost) Jaya Baloo, CISO of KPN, the Netherlands’ leading telecommunications provider, talks to Mike Mimoso about the WannaCry ransomware outbreak and how large network providers and enterprises must conte…

U.S. CIO Margie Graves: Thanks to 2015 Cyber Security Sprint, Feds Avoid Wannacry Virus (GovCon Wire) Acting U.S. CIO Margie Graves said that thanks to the 2015 federal cybersecurity sprint, federal age

Protecting your cloud from ransomware (Help Net Security) By paying attention to the different pieces of the cloud stack and addressing their security needs, your environment will be far more resistant.

The right of erasure is the top GDPR compliance concern (Computing) Tracking down and deleting personal data on request is not going to be easy for most companies, Computing research finds

A CISO’s Guide to Communicating with the Board (SecurityScorecard Insights & News) Communicating with the Board of Directors can be one of the most difficult tasks that a Chief Information Security Officer is responsible for.

9 Tips For Being a Successful CISO (Reciprocity) Being a successful CISO means more than implementing software. It crosses the technological, business, and social skills landscapes.

CISO Should Prioritize Business Function More Than Security (CXO Today) Digital transformation is currently the latest buzz word in the enterprise segment.

In Search of an Rx for Enterprise Security Fatigue (Dark Reading) Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

Design and Innovation

Walk this way: how you roll could become how you log in (Naked Security) Combining biometrics and wearable technologies opens up new possibilities for future multi-factor authentication systems

Google wants to share your photos with your nearest and not-dearest (Naked Security) Say cheese! You’ll need to be extra-vigilant that Google’s machine-learning doesn’t share your photos with the wrong people

The people who fight hacking and cybercrime are turning to designers for help (Quartz) When you're dealing with 200,000 security alerts a day, you need good design to have a hope of figuring out what's going on.

“For Security Purposes” Statements Are Bull**** (Hashed Out by The SSL Store™) We see it all the time, a company comes out with a statement that says "for security purposes..." justifying bad practices. They're BS. Here's why...

Developing First Utility's chatbot: 'the smallest mistake can make customers very upset' (Computing) Dr Natalia Konstantinova describes the benefits and challenges of creating a tireless customer services operative

Legislation, Policy and Regulation

Korea, US to Begin Joint Investment in and Research on Cyber Security in Late May (BusinessKorea) Threats of More intelligent worldwide cyber attacks of these days are strengthening cyber security alliance between Korea and the United States.

China may change cybersecurity rules amid pushback: report (TheHill) Global groups asked for delay in law earlier this week, citing trade concerns.

‘My conservatism has not changed. This is an agenda for the mainstream’ (Times (London)) The chants of “Tory scum” are just about audible through the tinted windows of the campaign bus as it pulls out of Halifax. Soon enough, however, there is only whispering tarmac, the opening moors...

GCC urged to coordinate cyber security following Wannacry attack (The National) Experts said a cyber attack like the one using WannaCry ransomware could wreak havoc on critical infrastructure in the UAE.

Worldwide cyber-attack calls for more action (The New Times Rwanda) On May 12, more than ever before, the world encountered the worst cyber-attack that hit 150 countries.

Investment Advisers Beware: Ransomware is Coming for You, SEC Says (Bloomberg BNA) The WannaCry ransomware attack has received a lot of attention after it struck over 300,000 companies across 150 countries.

Cyberattack that hit 200,000 users was 'huge screw-up' by government, Wikipedia's Jimmy Wales says (CNBC) The flaw that allowed hackers to deploy the WannaCry cyberattack was discovered by the National Security Agency and was leaked online.

Should the government stockpile zero day software vulnerabilities? (Cyberscoop) Storm clouds are rising over federal policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA

WannaCry fallout: is hoarding exploits, delaying fixes ever justified? (SC Magazine UK) With the lethality of WannaCry being blamed on the NSA's EternalBlue exploit, we asked the cyber-security industry about the wisdom of allowing intelligence agencies to stockpile zero days.

House passes IT modernization bill that could lead to cyber acquisition standards (Inside Cybersecurity) The House has passed a federal IT modernization bill creating a “technology modernization fund” for upgrading IT systems and a “tech modernization board” that could play a role in setting cybersecurity standards for government acquisitions.

Convincing Senate appropriators may be the last major hurdle for IT modernization bill (FederalNewsRadio.com) Senate appropriators continue to be concerned about the Modernizing Government Technology Act, particularly letting each agency have a working capital fund.

Rep. Rice introduces bill to examine use of virtual currencies for terrorist activities (Financial Regulation News) U.S. Rep. Kathleen Rice (D-NY) introduced legislation that directs the Department of Homeland Security (DHS) to conduct a threat assessment regarding the use of virtual currencies, such as Bitcoin, to carry out or support terrorist activities.

New Bill Asks Homeland Security to Investigate Whether Terrorists Use Bitcoin (Motherboard) Despite little evidence.

These are the arguments against net neutrality — and why they’re wrong (TechCrunch) The next few months will be full of bitter dissent regarding the FCC's net neutrality rules, how they should be enforced, and indeed whether they should exist..

Litigation, Investigation, and Enforcement

China CIA spy killing claims ‘won’t harm Sino-US ties’ (South China Morning Post) Informants can face death penalty but ‘unimaginable without trial’

Sweden Drops Assange’s Rape Case—But He’s Not Walking Free (WIRED) The Swedish decision only brings into focus Assange's core conflict with the US government.

Sony Files Wide-ranging Suite of Piracy Suits in Moscow (Infosecurity Magazine) Sony Interactive Entertainment is looking to permanently block several Russian ISPs, with a slew of piracy lawsuits filed in the Moscow City Court.

Uber threatened to fire engineer at center of Waymo trade secret lawsuit (TechCrunch) Uber has issued a sternly worded letter to Anthony Levandowski, the engineer at the center of a lawsuit alleging theft of trade secrets from Google parent..

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities, hands-on training, and in-depth exploration of current topics.

cybergamut Technical Tuesday: Future of System Exploitation (Elkridge, MD, USA, May 23, 2017) This talk describes recent trends in vulnerability research and system exploitation, provides case studies of systems that were compromised that were not believed to be vulnerable (or in novel ways), discusses implications and makes some predictions regarding future trends in the area. It will be presented by: Jason Syversen of Siege Technologies. He's a computer security technologist and entrepreneur with 20 years of experience in technical and leadership roles with cybersecurity, research, and development organizations.

SC Cyber 2017 Summit (Columbia, South Carolina, USA, May 23, 2017) SC Cyber, in partnership with the U.S. Chamber of Commerce and the South Carolina Chamber of Commerce, will host a cybersecurity summit that brings together top experts nationally from government, law enforcement, and the private sector to help small and mid-size business owners develop, evaluate, and strengthen cybersecurity programs. More than 300 attendees are expected, representing industry, government, military, and academia.

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector. The 2016 Inaugural Cyber Investing Summit welcomed 180+ of the leading cyber professionals, technology analysts, venture capitalists, fund managers, investment advisors, government experts, and more. New this year: separate panels offered throughout the day highlighting publicly traded firms as well as privately owned entities, opportunities to meet one-on-one with corporate executives, and new panel topics (including Investment Strategies & Opportunities, M&A Landscape, Funding for Startups, Government Spending Review, Cyber Sale Lifecycle, and more). Network with investment professionals, asset managers, industry experts, financial analysts, media and more.

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

CyberSmart 2017 (Fredericton, New Brunswick, Canada, May 24 - 25, 2017) As cybersecurity grows as a significant global challenge, the growing gap between Canada’s cyber workforce demand and supply offers our country both a challenge and an opportunity. CyberSmart 2017 will convene leaders from industry, academia and government to identify and discuss priorities for a Canadian cybersecurity education and workforce development strategy.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include: Challenges of Increasingly Autonomous Systems, The Collaborative Spectrum Grand Challenge, Spectrum Usage as a Critical Enabler for the US, Modernization of the Global C4ISR Enterprise, Breakthroughs in Military Simulation, Government Solutions to the Optics of ISR, Emerging Solutions and Challenges in SCADA/IOT, Cloud Migration and Interoperability, Modeling & Simulation to Streamline Procurement, and Secure Mobility Challenges.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community outreach efforts, for advancement of information security practice and awareness in our society. We also strive to provide enjoyable opportunities for professional networking and growth.

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider threats, and protecting critical infrastructure. CSW will focus on creating a positive, unique, and highly productive unification point to further Arizona’s developing leadership in cybersecurity. Subject Matter Experts (SMEs) will be on hand to share information on the latest cybersecurity trends, best practices, and key innovations.

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment.

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive 50% off of a Full Summit Pass when you register with code CYBERWIRE50 (standard price of $350, now only $175 with code). Register at CyberSummitUSA.com. The Cyber Security Summit: Seattle is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts. for details visit CyberSummitUSA.com.

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10, is Royal Sonesta Hotel Houston, located in the heart of the Galleria area of Uptown Houston.

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the European Commission. All are invited to attend! The theme of the Summit is “Measuring and Managing Software Risk, Security and Technical Debt.” Discussion will focus on the latest strategic thinking from innovative American and European CIOs and IT policy makers.

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit attracts commercial and defense companies as well as healthcare, automotive and energy industries.

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information security solutions and products to 13,500 visitors.

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators and entrepreneurs, from leading venture capitalists and financiers, and from government agencies who look to our industry base for technologies and solutions.

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies and identify next-generation technologies to improve their resiliency. Topics include Artificial Intelligence, IoT, Advanced Analytics, APT Profiles, Blockchain, Cloud and more!

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders.

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's increasing sophistication has driven new trends in device mobility, social media, and expanded connectivity. Cyber security once considered an issue for IT staff has evolved into a concern for the entire organization. This year's conference examines the broad range of today's cyber challenges and the ways in which organizations can improve security, and create resiliency against cyber threats.

RSAC Unplugged (London, England, UK, June 8, 2017) Informal, up close and personal, intimate…that’s RSAC Unplugged. Ignore the background noise and focus on what’s important in information security right now as part of a one-day program focused on excellent content. Raw and uncut, it’s the best of RSA Conference in a single day.

Insider Threat Program Development / Management Training For NITP-NISPOM CC 2 (Huntsville, Alabama, USA, June 8 - 9, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program (ITP) Development / Insider Threat Risk Management (National Insider Threat Policy (NITP), NISPOM Conforming Change 2) on June 8-9, 2017, in Huntsville, AL. For a limited time the training is being offered at a $795. This training will provide the ITP Manager-Senior Official and Facility Security Officer with the knowledge and resources to achieve compliance with NITP and NISPOM CC2 / DSS ISL-2016-02 - ITP requirements. Any organization (State Government Agencies, Businesses, Etc.) that is not required to implement an ITP, but is concerned with Insider Threat Risk Mitigation will also benefit greatly from this training. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Development / Insider Threat Risk Management Training.

BSides Pittsburgh 2017 (Pittsburgh, Pennsylvania, USA, June 9, 2017) BSides Pittsburgh is part of a global series of community-driven conferences presenting a wide range of information security topics from technical topics, such as dissecting network protocols, to policy issues such as managing information leakage via social networks. Pittsburgh has a flourishing information security community; this is a great chance to meet each other, share ideas and work together.

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

WikiLeaks Vault7's latest dump includes "Athena." Chinese counterintelligence rollup prompts worry of possible CIA leaks from 2010 to 2012. XData ransomware hits Ukraine. WannaCry fades (but a revival is possible). Other campaigns exploit EternalBlue.