Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Check out the first episode and subscribe today. And special thanks to KnowBe4, our sponsors for season 1.
More Signal. Less Noise.
Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
New Cryptomix ransomware strain in the wild. Another misconfigures AWS bucket. Commerce, DHS botnet report is out.
Announcements
Hacking Humans—a new CyberWire podcast launches today.
Summary
MalwareHunterTeam reports that a new variant of Cryptomix ransomware is circulating in the wild. There's no free decryptor available for it, yet, so unfortunately some victims will be tempted to pay the ransom. The best defense against this and other ransomware strains is secure, tested, and used backup.
Researchers at NewSky Security have found a vulnerability that affects most routers used by SingTel, Singapore's main Internet service provider.
Another misconfigured AWS S3 bucket has been found by Kromtech. This one, belonging to Honda India, is said to have exposed some 50,000 customers' data.
In patching news, Google's release of Chrome 67 to the stable channel includes fixes for thirty-four vulnerabilities.
Vietnamese authorities are giving that country's users the same advice about VPNFilter the FBI gave in the US: reboot your routers.
Kaspersky's challenge to the US Government's ban on its software has failed, with both suits dismissed yesterday by the District Court for the District of Columbia. Kaspersky plans to appeal.
The Departments of Commerce and Homeland Security rendered a report required by the May 2017 executive order on cybersecurity yesterday. The report's title, “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats,” fairly expresses its contents. The recommendations include aspirations for the Government to lead by example, and to seek public-private partnerships that will build resistance to botnets into devices under development.
Concerns about possible security threats Chinese device manufacturers present remain very much alive in the United States, Canada, and Australia.
Notes.
Today's issue includes events affecting Australia, Austria, Canada, China, Estonia, European Union, India, Ireland, Israel, Democratic Peoples Republic of Korea, Russia, Singapore, Taiwan, United Kingdom, United States and Vietnam
Under GDPR non-compliant companies face trade-offs on borrowed time, says Control Risks.
Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.
On the Podcast
In today's podcast we talk with Robert M. Lee from Dragos, who reviews some recently published ICS security reports. Our guest is Adam Vincent from ThreatConnect on the increasing importance of threat intelligence for many organizations.
Sponsored Events
Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
TU-Automotive Cybersecurity Conference (Detroit, Michigan, United States, June 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
North Korea hasn't stopped cyberattacks amid peace talks (Cyberscoop) As Kim Jong-un speaks publicly about nuclear disarmament, North Korea's hacker army continues to target different businesses across Europe, Asia and even the U.S.
China Hacking Taiwanese Military Hospital Websites to Obtain Military Intelligence (Epoch Times) Taiwan has been braving relentless cyberattacks by Chinese hackers in the past four years, according to the latest statistics provided by the island nation’s military. Taiwanese websites, especially those run by the military, have been attacked hundreds of millions of times by the Chinese regime’s cyber army and unknown sources, reported Taiwanese newspaper The Liberty …
Yuri Zorya: Hacked military docs reveal how the Russian 18th motorized brigade invaded Crimea (KyivPost) The investigative volunteer community InformNapalm has analyzed Russian military files hacked by hackers from the Ukrainian Cyber Alliance (UCA), the so-called “hacktivists” responsible for hacking the email accounts of Putin’s gray cardinal Vladislav Surkov, known as #SurkovLeaks. Using the data, InformNapalm has tracked down members of Russian military brigades who took part in the occupation …
Expert warns how rogue nations could use new GDPR laws as a 'weapon' in Ireland (The Irish Sun) ROGUE nations could use the EU’s new data laws as a “weapon” against companies here. The warning from Lastline intelligence threat director Andy Norton follows new GDPR laws. General Data Protectio…
New Backup Cryptomix Ransomware Variant Actively Infecting Users (BleepingComputer) A new variant of the Cryptomix Ransomware has been discovered that appends the .BACKUP extension to encrypted files, changes the contact email, and provides a different ransom note message.
Forget VPNfilter – here’s BACKLASH, a networking hack from way, way back (Naked Security) With a name like BACKLASH, you might think this hack comes from the era of mechanical devices, with gears and pulleys. You’d be right!
Emerging 5G Technology Could Compromise SIM Card-Dependent IoT Devices on Massive Scale (TrendLabs Security Intelligence Blog) Already, current cellular network technologies such as 3G and 4G allow fast wireless communication. But the next evolution, 5G, is set to afford even faster connections along with greater reliability.
Singapore Security Alert As IoT Vulnerability Impacts SingTel Routers (Information Security Buzz) It has been reported that NewSky Security has uncovered a security vulnerability across all routers from Singapore’s leading internet service provider, SingTel. The uncovered vulnerability could potentially give access to all devices connected to the affected routers. Natan Bandler, CEO & Co-Founder at Cy-oT commented below. Natan Bandler, CEO & Co-Founder at Cy-oT: “This is yet …
Honda India Left Details of 50,000 Customers Exposed on an AWS S3 Server (BleepingComputer) Honda Car India has left the personal details of over 50,000 users exposed on two public Amazon S3 buckets, according to a report published today Kromtech Security.
Government issues warning on router-hacking virus (Vietnam News)
The Ministry of Information and Telecommunications’ Authority of Information Security on Tuesday warned that routers and storages in Việt Nam have been exposed to the VPNFilter virus.
Is your fitness tracker tracking you? Kaspersky security warning over smart watch and wearables' 'behavioural profiling' (Computing) Wearables' accelerometer and gyroscope signals can be used to identify individual users, claims Kaspersky
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System (Dark Reading) In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Was a Marine Corps website hacked? (Marine Corps Times) The FBI said it neither confirms nor denies the existence of an investigation.
Roseburg Schools pay ransom to recover information following cyber attack (KPIC) Roseburg Public Schools have chosen to pay a ransom to recover data from a computer attack. The cyber attack happened earlier this month, freezing access to the district's email system, website and business and accounting software. Distric
Security Patches, Mitigations, and Software Updates
Chrome 67 Patches 34 Vulnerabilities (SecurityWeek) Google this week released Chrome 67 to the stable channel to provide various improvements, including patches for 34 vulnerabilities.
Apple’s iOS 11.4 security update arrives in an iCloud of silence (Naked Security) We updated to iOS 11.4, because that’s our habit – but Apple still isn’t saying what was fixed yet. How we wish Apple wouldn’t do that!
This month's Windows and Office security patches: Bugs and solutions (Computerworld) The good news? Those embarrassing SSD bugs in Windows 10 version 1803 seem to be fixed. The bad news? Just about everything else.
Cyber Trends
Bitglass 2018 Report: Cloud Security Adoption Trails Cloud Usage, Leaving Two Thirds of Organizations Vulnerable (GlobeNewswire News Room) Security Gap Foreshadows Breach Risks as Cloud Adoption Tops 80 Percent
Estonian cyber-security ranks best in Europe, fifth in the world (SC Media UK) The second iteration of the Global Cyber-security Index announced at Information Society Forum 2017 praises the country for its response to the 2007 attack on its infrastructure from Russia.
Nearly 15 per cent of security pros would rather take their salaries in cryptocurrency (London loves Business) Lastline has today released results from a study of over 200 infosecurity professionals and found that one in seven (14.5 percent) would rather take their salaries in cryptocurrency than traditional, government-backed currency.
Marketplace
Cyber risk still a struggle for insurers (Insurance ERM) Progress in managing cyber risk exposures is continuing, but are insurers doing enough to convince regulators that they understand what they're doing? <strong>Paul Walsh</strong> reports
Cybersecurity skills shortage: vendors step up to address workforce shortfall (Verdict) A cybersecurity skills shortage is leaving companies struggling to hire qualified workers. Can efforts by cybersecurity vendors plug the gap?
Darktrace becomes Cambridge’s 16th $Bn business and No.17 is looming (Business Weekly) Cyber defence technology specialist Darktrace has become the Cambridge UK cluster’s 16th billion dollar company and its fastest to achieve unicorn status.
Ziften enters Germany and Netherlands to disrupt cybersecurity markets (Security Brief) Ziften has expanded into European cybersecurity markets after announcing 2 major partnerships to carry its Microsoft Azure-powered endpoint solution.
Palo Alto's stock rallies toward record high after analyst boosts price target ahead of earnings (MarketWatch) Shares of Palo Alto Networks Inc. PANW, +0.86% rallied 1.1% in morning trade Wednesday, putting them on track for a record close, after a Stifel Nicolaus analyst raised the price target on the network security company less than a week before the company reports fiscal third-quarter results.
Duo Security expands operations following last year's $70M Series D raise (Silicon Prairie News) In less than eight years, Duo Security has become one of the fastest growing venture-backed cybersecurity companies in the world. Since 2010, the Ann Arbor, Michigan-based company has defended organizations against data breaches by making security easy and effective and has expanded to include offices in Detroit; Austin, Texas; San Mateo, California; and London, England....
The dark side of Israeli technology: Six takes on the sale of cyberattack firm NSO (haaretz.com) Unlike companies whose technology protects customers against cyber attack, by any measure, NSO is a weapons firm
Siemens to open cybersecurity centre in Fredericton, create up to 60 jobs (CBC) Siemens will open a cybersecurity centre in Fredericton, creating up to 60 jobs with up to $3.6 million in assistance from the provincial government, Premier Brian Gallant announced on Wednesday.
MinerEye Appoints Cylance Chief Security and Trust Officer Malcom Harkins to Its Advisory Board (PR Newswire) MinerEye, a provider of AI-powered data governance solutions...
Products, Services, and Solutions
Bromium Brings Virtualization-Based Security to the Masses With Targeted Use Cases to Address Key Organizational Pains (GlobeNewswire News Room) Bromium®, Inc., the pioneer and leader in virtualization-based endpoint security that stops advanced malware attacks via application isolation, has announced the release of Bromium Secure Platform 4.1.
NSS Labs Initiates 2019 Advanced Endpoint Protection Group Test and Invites Industry Engagement to Help Evolve its Forthcoming Test and Methodology (GlobeNewswire News Room) NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that it is developing the next iteration of its Advanced Endpoint Detection (AEP) Group Test with results expected to be released in early 2019. As part of today’s announcement, the company is also issuing a call for industry engagement from both enterprises and AEP vendors to help shape and evolve its upcoming AEP Group Test and accompanying methodology.
Imperva Unveils Attack Analytics to Speed Identification of the Most Critical Attacks (BusinessWire) Imperva Attack Analytics automatically group, consolidate and analyze thousands of WAF security alerts to identify the most critical security events
Exabeam Announces Strategic Integration with Carbon Black (GlobeNewswire News Room) Data Sharing Between Platforms Will Help Security Analysts Improve Advanced Threat Detection and Reduce Incident Response Time
U.S. Department of Defense Secures the DTS With Help From Hackers on HackerOne (BusinessWire) HackerOne, the leading hacker-powered security platform, today announced the results of Hack the DTS (Defense Travel System), the fifth U.S. Departmen
Bugcrowd Elevates Standards of Security in Crowdsourced Security Market (GlobeNewswire News Room) SOC 2 Type 1 and ISO 27001 Certifications demonstrate that Bugcrowd’s Crowdcontrol(TM) Platform upholds the highest standards of security
1Password 7: A new design and added security features (Help Net Security) AgileBits has released 1Password 7 for Mac and Windows. The password manager is among the most long-lived and popular offerings of its kind out there.
6 of the best security software solutions for 2018 (Mashable) Tighten up your computer's security with these software suites.
Technologies, Techniques, and Standards
Companies Struggle to Stay On Top of Security Patches (Wall Street Journal) As companies incorporate countless internet-connected devices in their networks, the patching problem is only going to get worse.
Here are the results of the latest Hack the Pentagon (Fifth Domain) HackerOne released the latest results of the Hack the Pentagon initiative.
Special Operations Command Takes Aim At Enemies Hiding Files Inside Seized Electronics (Defense One) Terror groups are using new techniques to reduce the intel value of seized laptops and cellphones.
Considerations For Evaluating Vendor Risk Management Solutions (SecurityWeek) The Vendor Risk Management (VRM) space has quickly become a hot topic this year. It seems like everywhere you turn, new companies offering VRM solutions are popping up.
6 Security Investments You May Be Wasting (Dark Reading) Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference
Tips for Hardening Networks Against IoT-based DDoS Attacks (SecurityWeek) Stopping DDoS attacks is not a matter of improving security of IoT devices. Enterprises need to take responsibility and be better at identifying and preventing DDoS attacks as they happen in real time.
The Human Factor In Cybersecurity: Turning A Threat Into A Resource (Forbes) In the last decade, there has been a change in the quantity and type of cyberattacks that we face as a society, especially with regard to zero-day attacks.
How digital spring cleaning can protect your personal information (WMBF News) Cleaning the house may be on your to-do list this spring, but when it comes to de-cluttering you may be overlooking a significant space: your online platforms.
Design and Innovation
'Smart' Vendors Make Splash (Forbes) At last fall’s NetEvents press/analyst/vendor confab, I called out three vendors as ‘sexy.’ This year, the three vendors that stand out are ‘smart.’
Research and Development
DHS S&T Announces Four SBIR Awards to Secure Mobile Device Firmware (Newswise) Four small technology firms were awarded Small Business Innovation Research contracts by the DHS Science and Technology Directorate (S&T) to create solutions that will automate analysis of mobile technology firmware at scale and identify vulnerabilities and prepositioned cyber-threats.
SafeBreach Awarded First Patents in Breach and Attack Simulation Market (GlobeNewswire News Room) Company Extends Leadership and Advances the State-of-the-Art with Three Initial Awards
Academia
Women to be trained on safe net use (ETTelecom.com) The pilot programme will enable trainees to differentiate between credible and questionable information, Facebook said.
Elite Designation for Cyber Ops Program From NSA (UANews) A program at the University of Arizona that began only 18 months ago has been recognized as one of the best in the country for 2018-2019.
Legislation, Policy and Regulation
Not to Aecon, nor to Huawei: The security of Canada can never be for sale (The Globe and Mail) Ottawa must get serious about protecting the security of Canadians in the face of explicit Chinese plans to use their country’s companies to advance Beijing’s interests
Australian MP is next to call for a ban on Chinese 5G equipment (Telecom Tech News) Australian Labor MP Michael Danby has become the latest politician to call for a ban on buying 5G network equipment from Chinese firms claiming they are ‘controlled’ by the government.
Sen. Mark Warner criticizes Trump's ZTE deal as a mistake (CNET) The leading Democrat on the Senate intelligence committee says ZTE and other Chinese tech companies are closely aligned with the Chinese Communist Party.
Former President Ilves stresses need for united body to fight cyber warfare (ERR) Former Estonian president Toomas Hendrik Ilves has highlighted the need to organize a union aimed at combatting the threat of cyber warfare and in particular in defending liberal democracies worldwide.
Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats (US Department of Commerce) This report responds to the May 11, 2017, Executive Order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” That order called for “resilience against botnets and other automated, distributed threats,” directing the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”
In war against botnets, manufacturers need to step up, report says (Cyberscoop) The problem of botnets — the legions of computers used to carry out distributed denial-of-service attacks — is exacerbated by the fact that developers do not have the cost incentives to build more security into their products, according to a new report from the departments of Commerce and Homeland Security.
5 ways government will fight against botnets (Fifth Domain) A new report from The Departments of Commerce and Homeland security listed many areas where the U.S. can improve its botnet defense, and five where government can get the ball rolling.
DOE Announces New Efforts in Energy Sector Cybersecurity (POWER Magazine) The Department of Energy released its Multiyear Plan for Energy Sector Cybersecurity, asserting DOE's place as the sector specific agency on cybersecurity.
National Assembly debates internet security law (VietNamNet) National Assembly (NA) deputies have raised concerns that the draft law on internet security will prevent Vietnamese citizens and companies from accessing information on the web.
GDPR has established Europe as leaders in data protection (Raconteur) With the introduction of GDPR, Europe has set a precedent for data protection best practice which has been witnessed all over the world. Businesses in non-EU countries wanting to trade with Europe must now comply with these regulations.
Privacy Laws: compliant? Who? Me? (Mondaq) Business collecting any information relating to a natural person are required to comply with Australian privacy laws.
U.S. Commerce Chief Warns of Disruption From EU Privacy Rules (SecurityWeek) The costs of the new GDPR law could be significant, to the point where it may "threaten public welfare on both sides of the Atlantic," according to U.S. Commerce Secretary Wilbur Ross.
The tech giants are fighting privacy regulation: what price will we pay for a free digital society? (Computing) The Developers Alliance's criticisms are self-serving and omit any mention of opportunities, argues privacy campaigner Geoff Revill
Senators Urge Bolton to Reconsider Cyber-Tsar Role (Infosecurity Magazine) Democrats want Trump administration rethink
Obama's US Digital Service Survives Trump–Quietly (WIRED) Team created in 2014 to make the government more tech-friendly soldiers on, helping agencies work more efficiently and save money.
DHS cyber shop continues to push rebrand (FCW) The National Protection and Programs Directorate wants to change its name to match its focus on cross-cutting infrastructure threats.
Cyber Mission Force at Full Power–What Now? (Meritalk) The U.S. Cyber Command is ready for its close-up. The command announced May 17 that all 133 of its Cyber Mission Teams are fully operational, capping a roughly one-month stretch that saw the arrival of a new commander, the opening of a new operations center, and the official designation of Cybercom as a full unified combatant command.
California Senate votes to restore net neutrality rules (Help Net Security) The California State Senate voted yesterday in favor of a bill aimed at restoring the net neutrality protections put in place by the Federal Communications Commission in 2015, and preventing ISPs from engaging in practices that are inconsistent with a free and fair Internet. These protections were repealed by the FCC
Litigation, Investigation, and Enforcement
Kaspersky attempt to overturn government ban dismissed by US courts (Computing) Doesn't have leg to stand on, suggests Judge, as she tosses out two Kaspersky lawsuits
Icann Files Suit in Germany in Bid to Clarify GDPR (Infosecurity Magazine) Oversight body’s Whois policy threatens to run foul of new law
Telegram CEO: Apple has “prevented” app updates globally since April (Ars Technica) As a result, Telegram reportedly missed the GDPR deadline in the EU.
Cybersecurity: Why It Matters In M&A Transactions - Security - Austria (Mondaq) The scope of cybersecurity due diligence needs to be assessed on a case-by-case basis.
CIA contractor secretly hoards his classified work (CSO Online) Former CIA contractor Reynaldo Regis pled guilty to keeping secret notebooks of his work within the CIA from 2006-2016 and storing the notebooks in his home.
Expert defense witness for accused leaker Reality Winner is government's former 'Classification Czar' (The Augusta Chronicle) The defense team for a former Fort Gordon contractor suspected of leaking a classified document filed its first notice of an expert witness –
Inmates pirated movies from computers they build with spare parts (HackRead) According to reports, inmates managed to assemble dozens of computers using different parts and pirated software and ran a full-fledged movie network from the prison.
Nuisance call bosses, get your wallets ready! (Naked Security) Currently, only businesses themselves are liable for the fines, so the directors declare bankruptcy and then play whack-a-mole. They may now be held personally liable to the tune of up to £500,000.…
Industry Events
upcoming Events
RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations you face. Like no other time before, data security is crucial to you and your corporate executives. With an avalanche of massive data breaches that compromised millions of users’ data and cost senior-level executives their jobs and the endless other types of attacks that leveraged both new and traditional techniques, 2017 seemed yet another banner year for the infosec industry. We expect this year will be just as active as our attendees will face the challenge of both the criminal element and nation states stepping up their aggressive activities. On top of these, insider threats, supply chain vulnerabilities, regulatory demands and increasing dependence on IoT, AI, cloud apps, mobile devices and still other technologies will continue to convolute your tactical and strategic cybersecurity aims.
Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.
Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.
Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).
Securing Federal Identity (Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.
New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.
The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.
NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).
National Cyber Summit (Huntsville, Alabama, USA, June 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville, Alabama, one of the nation's largest technological hubs, the Summit attracts both government and commercial participants. Long known as the home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE, Huntsville also has many other industries represented. Companies are diverse and include healthcare, automotive and energy industries, academia, genetic research and high technology.
Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.
TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.
SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.
Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.
Social Engineering—Rhode Island (Newport, Rhode Island, USA, June 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!
Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.
NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, June 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.
Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.
GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.
The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.
Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.
Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.