The CyberWire Daily Briefing 5.30.18

Summary

By The CyberWire Staff

The US-North Korean summit is back on, but relations between the countries in cyberspace remain frosty. The FBI and the Department of Homeland Security have, through US-CERT, attributed two more families of malware to the DPRK's Hidden Cobra threat group. The Brambul worm and the Joanap Trojan are both said to be the work of Pyongyang.

Bleeping Computer reports that threat intelligence shop Grey Noise has observed someone, presumably a threat actor, scanning for EOS blockchain nodes that have accidentally exposed private keys through inadvertent misconfiguration. The scans began yesterday, shortly after Qihoo 360 reported a remote execution flaw in the EOS blockchain platform. (EOS is currently the subject of an initial coin offering.)

The Canadian banks hit with a hacker-induced data breach over the weekend are indeed the targets of extortionists. The attackers are demanding a million-dollar ransom. If they're not paid, they threaten to release the information online.

Whether or not it's reprieved from US Commerce Department sanctions, analysts think ZTE will find recovery difficult. ZTE and Huawei remain under widespread suspicion of posing security risks.

Karim Baratov, convicted of hitting Yahoo! on behalf of Russia's FSB, has been sentenced to five years. The US Justice Department points out that the verdict should indicate to people that hacking-for-hire is a serious crime.

A US Government look at the cybersecurity of Federal agencies offers a depressing vista: three out of four agencies are said to be at significant risk of cyber attack, and poorly prepared to manage their risk.

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Canada, China, European Union, France, Democratic Peoples Republic of Korea, Pakistan, Russia, United Kingdom, United States

Under GDPR non-compliant companies face trade-offs on borrowed time, says Control Risks.

Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.

On the Podcast

In today's podcast, we speak with our partners at Accenture, as Justin Harvey shares thoughts on GDPR. Our guest, Ruvi Kitov from Tufin, tells us why automation should even be more widely used than it presently is.

Sponsored Events

Startup CEO: Managing a Legal Team for Fun & Profit (Fulton, Maryland, United States, May 31, 2018) DataTribe's Al Clark will share his expertise in providing legal counsel to local tech startups. He'll answer questions on how to gain the most out of and what to look for in legal counsel that will lead to a relationship of lowering risk and saving money. Food and beverages are provided.

Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

TU-Automotive Cybersecurity Conference (Detroit, Michigan, United States, June 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

U.S. Attributes Two More Malware Families to North Korea (SecurityWeek) Alert issued by the DHS and FBI attributes the Joanap backdoor trojan and the Brambul worm to the North Korean government

US Government Warns of North Korean APT Malware (Infosecurity Magazine) Joanap and Brambul are being used by Hidden Cobra group, says US-CERT

US says North Korea behind malware attacks (Tampa Bay Times) The Trump administration says computer malware tied to the North Korean government has been targeting U.S. infrastructure and private companies

Misconfigured EOS Blockchain Nodes Under Attack (BleepingComputer) A mysterious attacker is scanning the Internet for EOS blockchain nodes that are accidentally exposing private keys through an API misconfiguration.

New Trojan Uses SQL Server for C&C (SecurityWeek) A recently discovered banking Trojan leverages Microsoft SQL Server for communication with the command and control (C&C).

Are your Android apps sending unencrypted data? (Naked Security) This simple setup will help you discover if you’ve got leaky apps.

Attack Bypasses AMD's Virtual Machine Encryption (SecurityWeek) Researchers have devised an attack method called SEVered, which they say is capable of bypassing AMD’s Secure Encrypted Virtualization (SEV) and can be used to extract all memory contents of a virtual machine.

First Line of Defense in U.S. Elections Has Critical Weaknesses (Bloomberg.com) A software sensor with a knack for detecting intrusions like those from Russian hackers is being embraced by U.S. states determined to protect their election systems, though cybersecurity experts warn of the tool’s limits.

Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net (Dark Reading) One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.

Are Smart Assistants At Risk Of "Audio Hacking"? (Information Security Buzz) Computer scientists say that the profusion of voice-activated devices, such as Amazon Alexa, means that we may soon be at risk of “audio hacking”. David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “People need to find a compromise where they feel comfortable between achieving security and enjoying …

Alexa Mishap Hints at Potential Enterprise Security Risk (Dark Reading) When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.

Attacking hard disk drives using ultrasonic sounds (Help Net Security) Another group of researchers has demonstrated that hard disk drives (HDDs) can be interfered with through sound waves, but they've also shown that ultrasonic signals (i.e., sounds inaudible to the human ear) can be used to damage their integrity and availability.

Acoustic attack could cause physical damage to hard drives (WeLiveSecurity) Researchers from the University of Michigan and Zhejiang University have demonstrated that by using an acoustic attack it's possible to cause physical damage to hard drives that could make PCs crash.

SoftBank Pepper robot "astonishingly insecure", potential "cyber weapon" (Internet of Business) One of the world’s most popular humanoid robots, Pepper, from Japanese tech conglomerate SoftBank, can easily be hacked and turned into a “cyber and physical weapon”, according to Swedish researchers. Örebro University’s Alberto Giaretta, along with Michele De Donno and Nicola Dragoni of the Technical University of Sweden, have published their findings in a research …

Hackers demand $1m ransom after stealing data from 2 Canadian banks (HackRead) Hackers have stolen financial data of thousands of customers - Reportedly 50,000 from BMO and 40,000 customers from CIBC have been affected.

Will the Real Joker’s Stash Come Forward? (KrebsOnSecurity) For as long as scam artists have been around so too have opportunistic thieves who specialize in ripping off other scam artists.

Phishing alert for soccer fans (The Mercury) Pointers to take heed of if you are planning on purchasing soccer tickets online.

The War Few Are Talking About (SecurityWeek) We must recognize industrial cyberattacks as tactics in a new form of “economic warfare” being waged between nation-states to gain economic and political advantage without having to pay the price of open combat.

Are Huawei and ZTE a Real Cybersecurity Threat? (Wall Street Journal) The companies insist the U.S. government’s concerns are unfounded. Cybersecurity experts aren’t so sure.

Facebook didn’t see Cambridge Analytica breach coming because it was focused ‘on the old threat’ (TechCrunch) In light of the massive data scandal involving Cambridge Analytica around the 2016 U.S. presidential election, a lot of people wondered how something like that could’ve happened. Well, Facebook didn’t see it coming, Facebook COO Sheryl Sandberg said at the Code conference this evening. …

The Cybersecurity 202: White House cybersecurity report shows federal agencies still struggling to get secure (SFGate) The White House and the Department of Homeland Security have finished a governmentwide review examining the security of federal agencies, and the results aren't pretty.

According to OMB, 3 out of 4 agencies is risking cyber attack (FCW) Two familiar problems -- old tech and the lack of a qualified cyber workforce -- were blamed for leaving many agencies vulnerable to modern-day hacking groups.

Security Patches, Mitigations, and Software Updates

Your Firefox account can now be secured with 2FA (Naked Security) Mozilla is rolling out support for two-factor (or two-step) authentication for anyone who has a Firefox account.

Cyber Trends

New Threats, Old Threats: Everywhere a Threat (Dark Reading) First-quarter data shows cryptojacking on the rise -- but don't count out some classic threats just yet.

An Antivirus Pioneer Looks at the Coming Cyberthreats (Wall Street Journal) Andreas Lüning warns that criminals no longer have to be hackers.

The Cost Of A Data Breach Hits $1.23M (PYMNTS.com) New research from Kaspersky Lab shows that the average cost of experiencing a data breach globally is on the rise. The annual Kaspersky Lab Corporate IT Security Risks survey is a worldwide survey of IT business decision makers, which this year had a total of 6,614 respondents from 29 countries. The company found that breaches […]

Is your human resources department more vulnerable to cyber crime? (TechHQ) According to The Verizon 2018 data breach investigation report released last month, cybercriminals are increasingly targeting HR departments within organizations.

Survey: 27 Percent of IT professionals receive more than 1 million security alerts daily (Blog | Imperva) A staggering 27 percent of IT professionals reported receiving more than one million threats daily, while 55 percent noted more than 10,000.

Smart cities: New threats and opportunities (Help Net Security) As smart cities integrate connected technologies to operate more efficiently and improve the quality of city services, new vulnerabilities arise that require diligent governance of municipal technology.

Marketplace

ZTE will suffer lasting damage even if Trump lifts ban (CNNMoney) ZTE will struggle to recover from the crisis triggered by a US government ban on buying American parts, experts say.

Verint to hold talks ahead of potential merger with NSO Group (The Camping Canuck) The New York-based analytics company Verint Systems has been alleged to be in talks with the Israeli mobile video surveillance industry player NSO Group regarding a possible merger. Reportedly, the deal is likely to be valued around USD 1 billion. Sources cite that the transaction, if successfully completed, is set to create one of the world’s largest cyber companies. If sources who spoke of the condition of anonymity are to be believed, NSO will remain an independent company but as a new division within Verint. They further claimed that the deal is likely to be signed soon in the coming

VASCO Transforms Business Enablement with Launch of New Anti-Fraud Platform, Renames Company OneSpan (GlobeNewswire News Room) Trusted Identity platform will leverage a flexible API and artificial intelligence with machine learning to improve the customer experience and reduce fraud for onboarding, online and mobile transactions, and the e-signature lifecycle

VASCO Strengthens Position in E-Signature and Identity Verification Markets with Acquisition of Leading Customer Onboarding Provider Dealflo (GlobeNewswire News Room) Improves competitive position of e-signature offering with end-to-end financial transaction management and consumer financial agreement automation

From frog to prince: How private equity may fish Barracuda from the industry's boiling pot (Register) Not just clouds of steam backup-security biz has to worry about

Vulcan Cyber Announces $4M Seed Round to Help Enterprises Eliminate Vulnerability Remediation Gap and Achieve Continuous Protection (BusinessWire) Industry’s first continuous vulnerability remediation platform delivers exposure insight and orchestrates remediation action and validation, reducing dwell time from months to hours

Vulcan Cyber Company Launch (YouTube) Vulcan Cyber is the industry’s first Continuous Vulnerability Remediation Solution. Vulcan integrates, automates and orchestrates existing tools and processes, eliminating the most critical risks caused by vulnerabilities while at the same time avoiding any unexpected impact to business operations.

Blackpoint Cyber Secures $6 Million in Funding Led by Adelphi Capital and Telcom Ventures (PR Newswire) Blackpoint, a cyber security company offering unique patented...

Cyber war, battle commands and more: 3 defense firms grab a combined $880 million in military work (Orlando Business Journal) More big work is happening in Central Florida for cybersecurity simulators, facility construction and more.

Varonis Celebrates Winners of Inaugural Channel Partner Awards (GlobeNewswire News Room) Awards recognize channel partners for their commitment to helping customers protect data from insider threats and cyberattacks

MeasuredRisk Appoints Former Team Cymru Co-Founder Stephen Gill as Chief Strategy Officer to Join the World's Leading AI Powered Risk Inference Pioneer (PR Newswire) MeasuredRisk, Inc., the innovator in AI powered Risk Inference, has...

Ekran System, an Ambitious Information Security Market Contender, Hires a Veteran Executive to Lead Expansion (PR Newswire) Ekran System, Inc., an innovative insider threat management software...

Duo Security Names Veteran Marketing Leader, Neville Letzerich, Chief Marketing Officer (GlobeNewswire News Room) Rapidly growing cybersecurity company deepens leadership bench amid record domestic and international expansion -

Products, Services, and Solutions

Sumo Logic Teams up with Mapbox and Neustar to Provide Best in Class, Location Based Visualization Capabilities to Help Customers Deliver Great End-User Experiences (Sumo Logic) Sumo Logic announces a technology partnership with Neustar, a leading IP intelligence provider, and Mapbox, the leading location data platform for developers, that makes it easier for customers to gain business, security and operational insights to improve performance and overall experience for their end-users.

Network Critical launches SmartNA-PortPlus, a Packet Broker for ultimate scalability (Help Net Security) Network Critical announced SmartNA-PortPlus. This latest Packet Broker is a high density, high performance solution with up to 192 Ports covering 1/10/25/40/100G speeds.

Gemalto collaborates with Qualcomm Technologies (Security Document News) Gemalto has announced a new collaboration that will see its mobile connectivity solutions integrated with the Qualcomm Snapdragon mobile PC platform.

Open Source Tool From FireEye Helps Detect Malicious Logins (SecurityWeek) FireEye releases GeoLogonalyzer, an open source tool that helps organizations detect malicious logins based on geolocation and other data

How to determine who changed a file in a shared folder (Netwrix) See who changed what, when and where in your shared folders

UPDATE -- DOSarrest Announces new Cyber Attack Readiness Certificate program (GlobeNewswire News Room) DOSarrest Internet Security announced today that they have begun offering a comprehensive Cyber Attack Readiness Certificate program. This certification is to give website operators the peace of mind that their website can survive a real world cyber attack.

Fortinet adds new entry-level tier and consumption-based licensing to MSSP program (CRN Australia) Lowers barrier of entry into the program.

NTT Security launches phishing service to test security posture of board members (ResponseSource Press Release Wire) NTT Security, the specialised security company and centre of excellence in security for NTT Group, is expanding its suite of phishing attack simulation services with the use of special social engineer...

Ecclesiastical Insurance issues white paper to assist organizations mitigate cyber risk (GlobeNewswire News Room) Specialist insurer Ecclesiastical Insurance Office plc has released a new white paper entitled Cyber Risk Management specifically to assist organizations defend against digital risk.

Technologies, Techniques, and Standards

Cyber Threat Intel Means Little if You Don’t have the Tools to Act (Bricata) When new cyber threat intel is published, security professionals need the ability to compare new threats against existing, or previously recorded, data. This is because threats may have slipped into the infrastructure long before being... #cyberthreatintel #securityintegration #threathunting

Make certificate visibility and security a part of your overall security program (Help Net Security) Certificate visibility and security should not just be bolted on. It should be part of the solution, and Qualys gives you that platform.

Why Don’t Companies Just Encrypt All Their Data? It Isn’t So Simple (Wall Street Journal) Organizations that enhance security with encryption find that it can come with a lot of trade-offs.

Blog: Who is thinking about 5G security? (Mobile World Live) 5G is the darling of the mobile industry right now. Operators and vendors alike talk non-stop ...

Here’s how the Navy is developing information warfare ‘Top Guns’ (C4ISRNET) The Navy is advancing its development of information warfare personnel.

Here’s how to ensure readiness of cyber forces (Fifth Domain) Now that Cyber Command has completed the build of its cyber teams, the focus will now shift to readiness.

As ransomware hobbled Atlanta, banks drilled for next iteration of attacks (Cyberscoop) The exercise, which assembled 18 financial institutions and the industry’s threat-sharing center, simulated a “WannaCry-like” ransomware attack.

What Are the Legalities and Implications of 'Hacking Back'? (Security Intelligence) The concept of "hacking back" opens up a wide range of cyber defense tools to IT and security managers. Lawmakers are interested in new rules that allow for more flexibility with these activities.

Ten Best Practices for Outsmarting Ransomware (SC Media US) Almost a year after WannaCry made global news headlines, a number of high-profile organizations have continued to be targeted by this ransomware, some quit

What kind of data should companies be looking for on the dark web? (IDG Connect) What value can dark web monitoring bring to security teams, and what data should they be looking for?

Face, Iris and Pulse Sensors on the Fast Track For The Next Steps Biometrics Security (ABI Research) Consumer Fingerprint Shipments Surpass 1 Billion Shipments but End-Users Ready to Adopt Multimodality

Design and Innovation

The Creepy Rise of Real Companies Spawning Fictional Design (WIRED) Speculative design tasks creators with building a better world through public thought experiments. But with companies like Google adapting the practice, it can feel like a taunting display of power.

Research and Development

The time to think about post-quantum cryptography is now (SearchCIO) ISACA's Rob Clyde explains why post-quantum cryptography matters right now.

Academia

The Search for Women Who Want Cybersecurity Careers (Wall Street Journal) Nonprofits and tech companies are trying to get younger girls interested in fighting cybercrime.

Legislation, Policy and Regulation

Is the FBI Trying to Bolster Its War on Cryptography? (Reason) Was their miscount of unlockable phones truly a mistake or part of an agenda?

California tests digital license plates. Is tracking cars next? (Naked Security) Beyond potential police surveillance, the plates could be as susceptible to hacking as other wireless and IoT technologies.

Litigation, Investigation, and Enforcement

DoD Is Auditing the Process that Won Tanium Government Contracts (Bloomberg.com) The Pentagon’s watchdog will review whether government agencies followed proper contracting procedures in hiring the cybersecurity startup.

Big Organisations Have Already Been Hit With Fines (Information Security Buzz) Dr Guy Bunker, SVP of Products at Clearswift commented below as part of security experts comments series on the recent news that Google, Facebook, Whatsapp and Instagram have already been hit by GDPR regulations. Dr Guy Bunker, SVP of Products at Clearswift: “Firstly, this is what was predicted. Organisations and individuals need to be aware …

Whistleblowing Hotlines: A Gray Area Under EU’s New Privacy Law (Wall Street Journal) The EU’s sweeping new data-privacy law is in force at last. Exactly how it will work for companies with whistleblower hotlines, though, is an open question.

Europol Creates Dark Web Investigations Team (SecurityWeek) The European Union’s law enforcement agency has created a dedicated team that will be investigating activity across the dark web.

Wayback Machine ‘unarchives’ spying website (Naked Security) Who is archiving the web, and what happens when people ask for information to be ‘un-archived’? We may have just found out.

Spear-Phisher Gets Five Years for Helping FSB Yahoo Hackers (Infosecurity Magazine) Karim Baratov’s exploits linked to Russian hacking of 500m accounts

Yahoo hacker whose work compromised 500M accounts sentenced to 5 years (Ars Technica) US Attorney: "The sentence imposed reflects the seriousness of hacking for hire."

Tor exit node admin acquitted of aiding terrorism (Naked Security) As the administrator of a Tor exit node, it could have been anyone who used his IP address.

Despacito YouTube video hack – teenagers charged (Naked Security) Web defacement is supposed to be an old-fashioned type of hack, but it probably didn’t look that way to YouTube viewers on 10 April.

Facebook battles tiny startup over privacy accusations (Naked Security) Is there no end to Facebook’s petty humiliations? It is now the turn of an obscure startup called Six4Three to cause the company trouble.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).

Securing Federal Identity (Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).

National Cyber Summit (Huntsville, Alabama, USA, June 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville, Alabama, one of the nation's largest technological hubs, the Summit attracts both government and commercial participants. Long known as the home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE, Huntsville also has many other industries represented. Companies are diverse and include healthcare, automotive and energy industries, academia, genetic research and high technology.

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.

Social Engineering—Rhode Island (Newport, Rhode Island, USA, June 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!

Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.

NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, June 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.

Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.

The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.

Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.

Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.