The CyberWire Daily Briefing 5.29.18

Summary

By The CyberWire Staff

Two Canadian banks were hit by hackers over the weekend. The Bank of Montreal and the Simplii Financial direct banking brand of the Canadian Imperial Bank of Commerce are believed to have been affected. Some 90 thousand customers' data were apparently accessed by the attackers; the information exposed included both personal and financial information. In both cases the hackers contacted the banks Sunday and told them they'd stolen the data. The motive appears to be extortion; the hackers have threatened to release the data online.

The Cobalt gang is back at work despite its leader's arrest in Spain two months ago. Researchers at Group-IB have found spearphishing emails from the thieves pretending to be alerts from Kaspersky Lab. Employees of Russian and Eastern European banks are being targeted.

A wave of attacks hit cryptocurrencies Verge, Monacoin and Bitcoin Gold last week, inflicting more than $20 million in damages. The incidents are said to have been 51% attacks.

ESET warns of a new, harder-to-detect banking Trojan, "BackSwap." It works entirely within the Windows graphical user interface, and avoids the more usual browser process injection.

The FBI has issued a formal warning against VPNFilter, the Russia-linked campaign that's affecting routers. The Bureau advises everyone to reboot their routers.

Coca-Cola disclosed that it's sustained a data breach. A former employee took a hard drive containing about 8000 employees' records.

Facebook continues to struggle with content moderation. Papua New Guinea may block the platform for a month to get a handle on fake news.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting China, Colombia, European Union, Germany, NATO/OTAN, Papua New Guinea, Poland, Russia, Ukraine, United Kingdom, and United States.

Under GDPR non-compliant companies face trade-offs on borrowed time, says Control Risks.

Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.

On the Podcast

In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin describes some ghoulish police attempts to use a deceased person’s fingerprints to unlock a phone. Our guest is Mike Benjamin from CenturyLink; he takes us through their recent threat report covering the Internet-of-things and distributed denial-of-service attacks.

Sponsored Events

Startup CEO: Managing a Legal Team for Fun & Profit (Fulton, Maryland, United States, May 31, 2018) DataTribe's Al Clark will share his expertise in providing legal counsel to local tech startups. He'll answer questions on how to gain the most out of and what to look for in legal counsel that will lead to a relationship of lowering risk and saving money. Food and beverages are provided.

Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, Jun 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

TU-Automotive Cybersecurity Conference (Detroit, Michigan, United States, Jun 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Canadian Banks Say ‘Fraudsters’ Stole Information From at Least 40,000 Customers (Motherboard) Attackers electronically accessed personal and account information from clients at Simplii Financial and the Bank of Montreal.

Bank of Montreal says it was subject of cyber attack on Sunday (Reuters) Bank of Montreal said on Monday it was contacted by fraudsters on Sunday who claimed they were in possession of the personal and financial information of a limited number of the bank’s customers.

Hackers may have stolen data of 90,000 Canadian bank customers (ComputerWorld) Customers of Bank of Montreal, Canadian Imperial Bank of Commerce believed to be affected

Cobalt Hacking Group Still Active Despite Leader's Arrest (BleepingComputer) Despite their leader's arrest in Spain two months ago, the Cobalt hacker group that's specialized in stealing money from banks and financial institutions has remained active, even launching a new campaign.

Hacker Steals $1.35 Million From Cryptocurrency Trading App Taylor (BleepingComputer) The creators of the Taylor cryptocurrency trading app claim that an unidentified hacker has stolen around $1.35 million worth of Ether from the company's wallets.

Cryptocurrency Miners Are Sabotaging Blockchains for Their Personal Gain (Motherboard) A wave of 51 percent attacks affecting Bitcoin Gold, Verge, and Monacoin resulted in nearly $20 million worth of cryptocurrency being stolen from exchanges this week.

BackSwap Trojan exploits standard browser features to empty bank accounts (Help Net Security) The BackSwap Trojan eschews the usual "process injection for monitoring browsing activity" trick. Instead, it handles everything by working with Windows GUI elements and simulating user input.

Z-Shave Attack Could Impact Over 100 Million IoT Devices (BleepingComputer) The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.

Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits (TrendLabs Security Intelligence Blog) Using our IoT Smart Checker, a tool that scans networks for potential security risks, we looked into home and other small network environments and the vulnerabilities that connected devices usually encounter. Our findings homed in on known vulnerabilities, IoT botnets with top vulnerability detections, and devices that are affected.

Singapore ISP Leaves 1,000 Routers Open to Attack (Threatpost) Telcom firm leaves port open on customer routers after maintenance update exposing hundreds of customers to possible attack.

FBI issues formal warning on massive malware network linked to Russia (TheHill) The FBI on Friday issued a formal warning that a sophisticated Russia-linked hacking campaign is compromising hundreds of thousands of home network devices worldwide and it is advising owners to reboot these devices in an attempt to disrupt the malicious software.

VPNFilter botnet: a SophosLabs analysis, part 2 (Sophos News) The second part of our technical investigation of the malicious components involved in the attack that infected over 500,000 routers and network storage devices.

BackSwap Banking Trojan Uses Never-Before-Seen Techniques (BleepingComputer) Security researchers have discovered a new banking trojan named BackSwap that uses never-before-seen techniques to facilitate the theft of online funds.

PGP Founder: Don’t Disable Encryption Service (Infosecurity Magazine) Experts claim EFF advice and reporting of new flaws could do more harm than good

Essays: What "Efail" Tells Us About Email Vulnerabilities and Disclosure (Schneier on Security) Last week, researchers disclosed vulnerabilities in a large number of encrypted email clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities...

Persistent Bots: Five Ways They Stay Enmeshed in Your Network (eWEEK) Attackers have created the first persistent internet-of-things botnet, Hide 'N Seek, using a well-known tactic from server- and desktop-based systems. Here are five ways the attackers stay on your system following a compromise.

MalHide: an interesting Malware sample (Security Boulevard) Today I'd like to share an interesting (at least to me) analysis on a given sample.

Ghostery’s goofy GDPR gaffe – someone’s in trouble come Monday! (Naked Security) Ever CCed an email you were supposed to BCC? Sure you have! But we bet it wasn’t your company’s “look how good we are at GDPR” email…

There are cyber threats to veterans' medical records (TheHill) America’s veterans have served our country and protected our freedoms, sometimes at the expense of their own well-being and health.

Coca-Cola Suffers Breach at the Hands of Former Employee (BleepingComputer) The Coca-Cola company announced a data breach incident this week after a former employee was found in possession of worker data on a personal hard drive.

Cola-Cola breach: ex-employee stole hard drive with 8,000 workers' data (HackRead) Coca-Cola believes that the breach may have allowed unauthorized individuals to gain access to certain personally identifiable information (PII).

UVM hit by cyber attack (The Vermont Cynic) UVM was targeted by a cyber attack that could potentially lead to the malicious use of University NetIDs and passwords. Julia Russell, associate chief information officer of Enterprise Technology Services, alerted the University community in a May 23 email that the Information Security Office and ETS were taking steps to correct a computer system intrusion....

Watch thieves steal keyless Mercedes within 23 seconds (HackRead) The owner of the Mercedes said he could track his stolen vehicle by using Mercedes Find My Car tracker app but it shows the car is still in his driveway.

Security Patches, Mitigations, and Software Updates

Does your BMW need a security patch? (Naked Security) Researchers have found 14 security vulnerabilities affecting BMW i Series, X Series, 3 Series, 5 Series and 7 Series.

Avast releases fix for incompatibility issue with Windows 10 April 2018 update (Gizbot) Avast releases fix for incompatibility issue with Microsoft Windows 10 April 2018 update. A large number of complaints said that their PCs were not booting up properly after the installation of Windows 10 April.

Facebook 2FA no longer needs a phone number: here’s how to set it up (Naked Security) One more excuse for not using 2FA bites the dust.

Cyber Trends

Defending the Indefensible: A New Strategy for Stopping Information Operations - War on the Rocks (War on the Rocks) In the book Snow Crash by Neal Stephenson, malicious viral information is deliberately spread by a nefarious actor to infect computers and people's brains. The virus is transmitted in a variety of ways: via bodily fluid exchange, exposure by observing code with your eyes, as an injected drug, and via computer

Disinformation Wars (Foreign Policy) The United States and Europe are ill-prepared for the coming wave of "deep fakes" that artificial intelligence could unleash.

The bogus expert and social media chicanery of DC’s top cyber think tank (Engadget) The unmasking of a cybersecurity grifter

5 ways deception tech is disrupting cybersecurity (The Next Web) Enterprises and their Security Operations Centers (SOCs) are under siege. Security events are being triggered from all corners of the security stack – from the firewall, endpoints, and servers, from intrusion detection systems and other security solutions.

IBM banned USB drives. Is it the future of security or a knee-jerk reaction? (Digital Trends) Despite the wide use of cloud services like Dropbox, sometimes a handy old USB drive is the quickest way to get large amounts of data from one computer to another.

Quantifying cyber exposure: Attackers are racing ahead (Help Net Security) Quantifying cyber exposure is essential. Cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims, potentially siphoning sensitive data, launching ransomware attacks and causing extensive financial damage.

CIOs are forced to compromise between faster innovation and perfectly working software (Help Net Security) On average, organizations release new software updates three times per working hour, as they push to keep up with competitive pressures and soaring consumer expectation.

Self-driving technology is going to change a lot more than cars (Ars Technica) How self-driving technology could transform everything from retail to transit.

Op-ed: Game companies need to cut the crap—loot boxes are obviously gambling (Ars Technica) Much as game companies try to deny it, the truth is plain to see.

Marketplace

Opportunities in Cyber Security Stocks (The Bull) There are an increasing number of cyber-security companies listing on the ASX...

U.S. Software Firm Verint Is in Talks to Buy NSO for About $1 Billion (Wall Street Journal) U.S. software firm Verint has offered to acquire the Israeli company known for selling military-grade cyber surveillance technology to government security agencies.

Surveillance Company Verint Negotiating $1 Billion Merger with Israeli NSO Group (CTECH) NSO develops and sells cyber attack tools that can be used to gather intelligence from mobile phones

Trump reveals terms for ZTE US return (TechRadar) Major fine and job changes among terms put to Congress

Thales eyes bolt-on M&A but not chasing scale of U.S. rivals (Reuters) France's Thales has its eye on bolt-on acquisitions after securing chipmaker Gemalto but feels no immediate pressure to match the scale of 'nose-to-tail' aircraft parts suppliers like United Technologies, its chief executive said.

China Set to Approve Qualcomm-NXP Deal, a Sign of Easing Trade Tensions (WSJ) Chinese authorities are set to approve Qualcomm’s planned $44 billion acquisition of NXP Semiconductors in the next few days, in what would be a significant step toward easing U.S.-China trade relations.

Splunk: Running On Fumes (Seeking Alpha) Spunk reported another strong quarter as revenues smashed estimates. The intelligence platform saw sales growth dip below 30% after years of growth exceeding 40

Products, Services, and Solutions

This Chrome extension reveals if your password has been breached (HackRead) Okta has introduced new password manager PassProtect in its latest, free Google Chrome browser extension.

Start Your Bug Bounty Program at Open Bug Bounty (Open Bug Bounty) Open Bug Bounty allows any verified website owners to run a bug bounty for their websites at no cost. The purpose of this non-profit activity is to make relations between website owners and security researchers sustainable and mutually beneficial in a long-term prospective.

Technologies, Techniques, and Standards

Observations from May 2018 Air Force Cyber Strategy Conference and the importance of monitoring process sensors (Control Global) I participated in the 2018 Air Force Cyber Strategy Conference at Maxwell Air Force Base’s Air University giving a presentation on control system cyber security with a focus on the lack of security in process sensors, actuators, and drives. Following my presentation, I was on a panel with JD Work from Columbia University and retired Major General Brett Williams. As with other conferences, the focus was on IT network security not control systems.

What Lies Beneath – Avoiding the Unseen Dangers of OT Vulnerabilities (Infosecurity Magazine) Attacks on OT systems are rapidly escalating, yet many industrial organizations focus cybersecurity efforts on IT-centric, rather than production-centric, endpoints.

UK Government’s IoT Best Practices are a Wake-Up Call to Manufacturers, Will They Hit Snooze? (Infosecurity Magazine) If we don’t take action and follow government guidelines on IoT, then Parliament will be forced to enact legislation.

Here Are Some of the Worst Attempts At Complying with GDPR (Motherboard) Owen Williams, a freelance developer, has been collecting the more embarrassing, silly, and downright lame attempts companies are making to comply with Europe's General Data Protection Regulation.

Want to Keep Your Data Safe? Secure Your Organization’s Privileged User Accounts (Infosecurity Magazine) Companies are adopting privileged account technology to monitor behavior and secure their sensitive data.

Ars Asks: Are your company’s IT policies flexible, or nonsensical? (Ars Technica) Help us understand the middle ground between getting work done and keeping work safe.

What You Need to Know About Cyber Safety While Traveling (Consumer Reports) In this primer on cyber safety while traveling, Consumer Reports has some tips for protecting your digital privacy while away from home.

How WIRED Lost $100,000 in Bitcoin (WIRED) We mined roughly 13 bitcoins and then ripped up our private key. We were stupid—but not alone.

What CISOs can learn from Tyrion on Game of Thrones (Help Net Security) GoT shares incredible parallels with the world of cybersecurity (E.g., The Wall can be likened to perimeter protection, White Walkers are the hackers, the Iron Throne is like the company’s sensitive data, etc.).

F-35 one of most cyber tested US weapons (SBS News) The F-35 stealth fighter jet is probably one of the most cyber tested weapon systems in the US defence inventory, manufacturer Lockheed Martin says.

StratCom laughs: in search of an analytical framework (NATO Strategic Communications Center of Excellence) The study "StratCom laughs: in search of an analytical framework" is a multidisciplinary effort to design an analytical framework for analysing humour in scenarios where researchers and practitioners find themselves working through large data collections where humour has been used as a potent tool in the construction of messages designed for strategic communication.

Design and Innovation

Microsoft building tool to spot bias in artificial intelligence algorithms (The Economic Times) The Microsoft tool has the potential to help businesses make use of AI without inadvertently discriminating against certain groups of people, MIT Technology Review reported on Friday.

XiaoIce, Microsoft’s social chatbot in China, makes breakthrough in natural conversation (Panorama) It’s effective, but Li Zhou, engineer lead for XiaoIce, Microsoft’s wildly popular artificial intelligence-powered social chatbot in...

Facebook touts transparency with new political ad archive, but a security expert isn't convinced (CNBC) Facebook product director Rob Leathern said the company is building an API to accompany the political ad archive.

Here’s Facebook’s Internal Policy on Pepe the Frog (Motherboard) The far-right adopted Pepe the Frog as its own symbol of intolerance. Breaking with its policy of allowing fictional characters to push hateful messages, Facebook banned certain images of Pepe, according to internal documents.

Facebook’s counterintuitive way to combat nonconsensual [adult content] (Naked Security) “Upload your nudes to stop revenge [...]” might sound crazy but it actually makes sense.

What is Satoshi Nakamoto doing 10 years after Bitcoin was launched? (Digital Journal) One of the technological world’s biggest mystery to this day, is the true identity of Satoshi Nakamoto, the computer programmer (or programmers) who created and developed the digital currency known as Bitcoin. There is much speculation as to whether Satoshi is an actual person, or a collection of individuals using a pseudonym for a consortium of cypherpunk developers that designed wrote and tested the Bitcoin experiment.

Legislation, Policy and Regulation

UK Warns That Aggressive Cyberattack Could Trigger Kinetic Response (SecurityWeek) The political ramifications of launching any type of response against another country without definitive proof can lead to far greater disasters.

Colombia to be NATO's first Latin American global partner (Reuters) Colombia will next week formally join the North Atlantic Treaty Organization, making it the only Latin American nation in the alliance, President Juan Manuel Santos said late on Friday.

Papua New Guinea to ban Facebook for a month (Graham Cluley) The country of Papua New Guinea is reportedly planning a month-long national ban of Facebook. Why? To research the effect that the addictive social network has on the South Pacific island’s populace, and to root out “fake users.” But important questions remain unanswered.

Trudeau urged to probe Chinese telecom giant Huawei’s role in Canada (The Globe and Mail) Security, economic concerns raised over transferral of intellectual property to the company as it develops 5G technology

Trump admin. briefs Congress on tentative deal with China's ZTE (WKBT) The Commerce Department informed lawmakers on Friday of the outlines of a tentative deal that could save sanctioned telecommunications company ZTE, a key priority for Chinese President Xi Jinping, according to two people familiar with the matter.

Senate Defense Bill Aims to Scrub Cyber Adversaries from U.S. Military Tech (Nextgov.com) The bill would require companies to disclose if they’d shared source code with foreign governments.

Senators look to emphasize U.S. cyber prowess (Fifth Domain) The Senate's version of the NDAA looks to certify DoD's cyber authorities.

What Is GDPR and What Can America Learn From it? (Motherboard) After four years of debate, the General Data Protection Regulation is finally going into effect later this month. Personal privacy is of particular concern, but GDPR effect on consumers and Silicon Valley is still shaking out.

From Safe Harbour to Privacy Shield to GDPR: the journey of data protection laws (ETCIO.com) The journey of data protection laws has come a long way from just being statutory to now being compulsive with hefty penalties, ultimately safeguardin..

Why Is Your Location Data No Longer Private? (KrebsOnSecurity) The past month has seen one blockbuster revelation after another about how our mobile phone and broadband providers have been leaking highly sensitive customer information, including real-time location data and customer account details.

Chinese surveillance firm hits out at ‘baseless’ US Congress ban (South China Morning Post) Security camera manufacturer reacts after House of Representatives adds it to list of companies seen as threatening US national security

Litigation, Investigation, and Enforcement

GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First? (Dark Reading) The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.

It’s Day One of GDPR, and Facebook, Google Are Accused of Breaking New Rules (Barron's) Within hours of the General Data Protection Regulation going into effect today, a privacy group accused Facebook, Alphabet, WhatsApp, and Instagram of violating Europe's strict new data-protection law.

Europol Signs Cybersecurity Agreement With EU Agencies, WEF (SecurityWeek) Europol has signed two cybersecurity memorandums of understanding this week – one with three EU agencies and one with the World Economic Forum (WEF)

Activists Urge Amazon to Drop Facial Recognition for Police (SecurityWeek) Activist groups urged Amazon to stop providing facial recognition technology to law enforcement, warning that it could give authorities "dangerous surveillance powers."

Apple sees steep increase in U.S. national security requests (The Mighty 790 KFGO) By Stephen Nellis (Reuters) - Apple Inc on Friday issued its twice yearly transparency report on government data requests, showing another sharp increase in U.S. national security-related requests. Apple said it received as many as 16,249 national security requests affecting up to 8,249 accounts during the second half of 2017. The number of requ...

Three FBI officials to answer House panel's questions about Clinton emails (Fox News) House Republicans in June plan to interview three FBI officials linked to the agency’s controversial handling of the Hillary Clinton email probe, part of an ongoing joint investigation by the House Judiciary and Oversight and Government Reform committees.

Prolific Phisher ‘Courvoisier’ Gets 10 Years Behind Bars (Infosecurity Magazine) UK man stole details of tens of thousands of consumers

'One man crime wave' hacker Grant West jailed for 10 years (Computing) West sent phishing emails to Just Eat customers and hacked Barclays, BA and Ladbrokes

Man arrested for possession of 58 terabytes of child sexual abuse material (HackRead) 58 terabytes of data mean videos worth thousands of hours requiring hundreds of devices to be stored - A terabyte is more precisely defined as 1,024 gigabytes (GB).

Mt. Gox, Coincheck and the Biggest Hacks and Scams in Cryptocurrency History (Smartereum) On Monday, Verge suffered a second cyber attack in the space of two months bringing to for the bitter taste of cryptocurrency heists. The first hack happened in April and 250,000 XVG coins were stolen. This latest breach was more hurtful; about 35 million XVGs worth approximately $1.7 million was stolen. This narrative has increased …

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

National Cyber Summit (Huntsville, Alabama, USA, Jun 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville, Alabama, one of the nation's largest technological hubs, the Summit attracts both government and commercial participants. Long known as the home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE, Huntsville also has many other industries represented. Companies are diverse and include healthcare, automotive and energy industries, academia, genetic research and high technology.

Social Engineering—Rhode Island (Newport, Rhode Island, USA, Jun 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, Jun 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, Sep 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

COSAC & SABSA World Congress (Kildare, Ireland, Sep 30 - Oct 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content is strictly prohibited and there is no vendor exhibition to distract from opportunities, allowing delegates to focus on professional innovation.

Kingdom Cyber Security (Riyadh, Saudi Arabia, Nov 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

upcoming Events

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, Jun 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, Jun 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, Jun 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

Securing Federal Identity (Washington, DC, USA, Jun 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.

New York State Cybersecurity Conference (Albany, New York, USA, Jun 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, Jun 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

SecureWorld Chicago (Chicago, Illinois, USA, Jun 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, Jun 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).

Cyber//2018 (Columbia, Maryland, USA, Jun 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.

TU-Automotive Cybersecurity (Novi, MIchigan, USA, Jun 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.

SINET Innovation Summit 2018 (New York, New York, USA, Jun 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Transport Security and Safety Expo (Washington, DC, USA, Jun 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.

Transport Security & Safety Expo (Washington, DC, USA, Jun 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Dynamic Connections 2018 (Palm Springs, California, USA, Jun 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.

Norwich University Cyber Security Summit (Northfield, Vermont, USA, Jun 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, Jun 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, Jun 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, Jun 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, Jun 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, Jul 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.

Canadian banks' customer data raided. Cobalt gang. Cryptocurrency heists. BackSwap Trojan. VPNFilter warning. Coca-Cola's loss.