Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. And special thanks to KnowBe4, our sponsors for season 1.
More Signal. Less Noise.
Looking for an introduction to AI for security professionals?
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
Keeping tabs on the Lazarus Group as US-DPRK summit nears. Canada warns New Zealand of Chinese espionage. Content moderation.
Announcements
Hacking Humans—a new CyberWire podcast launched this week.
Summary
North Korea's Lazarus Group has continued to target financial institutions for cybertheft, but it appears to be on its good behavior, for now at least, with respect to US institutions. The restraint is generally thought part of the DPRK's charm offensive during the run-up to the June 12th Kim-Trump summit.
A subunit of the Lazarus Group, which researchers at AhnLab track as the Andariel Group, has been active against South Korean targets. It's been using an ActiveX zero-day in its campaign. Bleeping Computer's been told by an anonymous source close to the investigation that the zero-day is being used to exploit Samsung SDS Acube installations.
A report by the Canadian Security Intelligence Service concludes that Chinese espionage and influence in New Zealand has reached a critical point. The report was delivered at an academic conference and so doesn't necessarily reflect CSIS official views, and CSIS has hastened to express its solidarity with fellow Five Eyes services in New Zealand. The report reflects ongoing Five Eyes suspicion of Chinese companies and organizations. The US Congress is considering holding ZTE's and Huawei's feet to its own fires of scrutiny, and a court case in Australia describes ZTE as a company "built to spy and bribe."
Google's efforts at content moderation or at least flagging have produced some preposterously tendentious results. The search giant's reliance on Wikipedia for moderation may be damaging Wikipedia.
Germany's BND wins a surveillance case in a Leipzig court: it can continue to monitor traffic in a Frankfurt hub.
Notes.
Today's issue includes events affecting Australia, Canada, China, Germany, India, Democratic Peoples Republic of Korea, New Zealand, Russia, Rwanda, United States
Under GDPR non-compliant companies face trade-offs on borrowed time, says Control Risks.
Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.
On the Podcast
In today's podcast we speak with our partners at the Johns Hopkins University, as Joe Carrigan follows up on listener comments from last week’s iOS versus Android smackdown. Our guest, Todd Inskeep from Booz Allen Hamilton, offers highlights of research into NotPetya.
Sponsored Events
Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
TU-Automotive Cybersecurity Conference (Detroit, Michigan, United States, June 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
Security firm: North Korean cyber hacks have continued amid summit talks (TheHill) Suspected North Korean hackers have been conducting offensive cyber operations on financial institutions amid discussions between Washington and Pyongyang on a possible nuclear summit between President Trump and Kim Jong Un, a cybersecurity firm says.
North Korea-Linked Group Stops Targeting U.S. (SecurityWeek) A threat actor linked to North Korea’s Lazarus Group has stopped targeting organizations in the US, but remains active in Europe and East Asia
ActiveX Zero-Day Discovered in Recent North Korean Hacks (BleepingComputer) A North Korean cyber-espionage group has exploited an ActiveX zero-day to infect South Korean targets with malware or steal data from compromised systems, local media and security researchers have reported.
Chinese interference in New Zealand at 'critical' stage, says Canada spy report (Guardian) Jacinda Ardern says country is ‘vigilant’ and that Five Eyes membership is not being questioned
Bug In Git Opens Developer Systems Up to Attack (Threatpost) A serious vulnerability was patched by developers behind Git that closes the door on a flaw that could lead to arbitrary code execution on a developer's system.
Botnet Operators Team Up To Leverage IcedID, Trickbot Trojans (Threatpost) The botnet operators behind two infamous trojans have banded together to gouge victims in a costly scheme.
Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner (TrendLabs Security Intelligence Blog) Based on the latest activities we’ve observed from Rig, they’re now also exploiting CVE-2018-8174, a remote code execution vulnerability patched in May and reported to be actively exploited. Along with updates in code, we also observed Rig integrating a cryptocurrency-mining malware as its final payload.
HTTP Parameter Pollution Leads to reCAPTCHA Bypass (SecurityWeek) A security researcher discovered that it was possible to bypass Google’s reCAPTCHA via HTTP parameter pollution.
Open Redis Servers Infected with Malware (Infosecurity Magazine) More than two-thirds of the open Redis servers contained malicious keys.
CERT-In warns of new viruses that steal money, user data (Hindu Business Line) Virtual girlfreind and panda banker have crept into the Indian cyberspace
Banks hit as trojans displace ransomware as top malware: Proofpoint (iTWire) A new banking Trojan, dubbed “DanaBot”, targeting users in Australia via emails containing malicious URLs has been discovered, according to security f...
Is Your Google Groups Leaking Data? (KrebsOnSecurity) Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com.
Wide open Apache Airflow server at Universal Music Group contractor exposes FTP, SQL, AWS credentials (SC Media US) Researchers at the Kromtech Security Center, who discovered the unprotected server, said that because Airflow is wide open by default, organizations need to take steps to safeguard servers.
Chrome and Firefox leaks let sites steal visitors’ Facebook names, profile pics (Ars Technica) Cutting-edge hack exploited newly added graphics feature until it was patched.
PSA: 'mshelper' Cryptominer Malware Targets Macs (The Mac Observer) There's malware called 'mshelper' currently targeting Macs, according to security firm Intego. This malware is likely being spread by fake Flash installers, and is cryptomining malware that uses your CPU to mine Monero in the bad guy's name, which is also known as cryptojacking.
Hacker Defaces Ticketfly’s Website, Steals Customer Database (Motherboard) A hacker took control of Ticketfly's website and claims to have stolen the company's customer database.
Ransomware attacks on supply chains are on the rise (TechHQ) Last year saw the worrying increase in ransomware and other cybercrime. As these threats rise further, it seems that businesses are faced with the challenge of safeguarding their supply chains. New research from the NTT Security 2018 Global Threat intelligence Report by Dimension Data, found a significant increase in the number of ransomware attacks aimed at supply chains last year.
CSS Is So Overpowered It Can Deanonymize Facebook Users (BleepingComputer) Some of the recent additions to the Cascading Style Sheets (CSS) web standard are so powerful that a security researcher has abused them to deanonymize visitors to a demo site and reveal their Facebook usernames, avatars, and if they liked a particular web page of Facebook.
SS7 routing-protocol breach of US cellular carrier exposed customer data (Ars Technica) 40-year-old SS7 is being actively used to track user locations and communications.
Australian real estate agents a trending target for cybercrime (ZDNet) Typically Nigerian, these cybercriminals are highly organised. Their teams of mules can shift everything from iPhones to Lego, not just money. And they can smell blood in the water.
AWS outage killed some cloudy servers, recovery time is uncertain (Register) ‘Power event’ blamed, hit subset of kit in US-EAST-1
Security Patches, Mitigations, and Software Updates
We found 1 good reason to get the iOS 11.4 update – rogue message handling (Naked Security) We’re going entirely on deduction here, but our iPhone seems to be handling “messages of death” more safely after we updated to iOS 11.4.
Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years (BleepingComputer) Valve developers have recently patched a severe security flaw that affected all versions of the Steam gaming client released in the past ten years.The vulnerability would have allowed an attacker to execute malicious code on any of Steam's 15 million gaming clients.
Huawei Patches Four Server Bugs Rated High Severity (Threatpost) Huawei stamps out four high-severity bugs impacting 20 server models ranging from its XH, RH and CH lines.
Cyber Trends
Cybercrime Is Skyrocketing as the World Goes Digital (Dark Reading) If cybercrime were a country, it would have the 13th highest GDP in the world.
Are Ransomware Attacks Rising or Falling? (Security Intelligence) There are conflicting reports over whether or not ransomware attacks are growing. Many organizations state that it's the most popular malware form, but is this true?
The Bleak State of Federal Government Cybersecurity (WIRED) Nearly three out of four federal agencies are unprepared for a cyberattack, and there's no system in place to fix it.
SECURITY: White House report flags gaps in grid cyber readiness (E&E News) Federal energy officials have identified gaps in the U.S. grid's defenses against a major cyberattack, according to a highly anticipated White House report released yesterday.
US Government Botnet Report Warns About Lack of Security Tool Use (eWEEK) A report to the president from the departments of Commerce and Homeland Security outlines gaps in the fight against distributed attacks and calls on the industry to do more.
Rising number of shadow devices leaves networks vulnerable (Health Data Management) Study finds a third of organizations have more than 1,000 unauthorized IoT devices connected to their networks.
Shark Tank’s Robert Herjavec Says Complexity Will Drive More Specialization in Security (Wall Street Journal) “The level of complexity is increasing and becoming narrower,” Mr. Herjavec said in an interview with CIO Journal on Thursday. “In the past, if you knew security you could work on identity, you could work on firewalls, you could work on architecture. Because all those areas are growing and becoming much more complex, I need silos of knowledge.”
Synack Releases New Industry Report to Outline the Crowdsourced Security Testing Landscape (Benzinga) Synack releases a new industry report for CISOs and security decision makers that outlines the differences between security programs that utilize bug bounties to find...
What The Tempest Can Teach Us About Security Operations (SecurityWeek) Security teams should prioritize the value of learning from the past and experience to combat the latest cyberattacks.
Marketplace
'Techsploitation' Demonstrators Blocked Google and Apple Buses With Scooters (Motherboard) Activists in San Francisco used scooters and tech buses to protest the industry’s presence in the city.
Fraud Protection Firm Signifyd Raises $100 Million (SecurityWeek) Signifyd, a company that provides fraud protection solutions for e-commerce businesses, raised $100 million in a Series D funding round and opened its first European branch
CyberInt Completes $18m Funding Round (PR Newswire) CyberInt announces Growth Equity Investment from Viola Growth to...
Thoma Bravo to Acquire Majority Interest in LogRhythm (PR Newswire) Thoma Bravo, a leading private equity investment firm,...
Boulder cybersecurity firm LogRhythm acquired as it heads into next growth phase (The Denver Post) “We’ve had great partners to help us get from the early days when it was just three of us in Boulder to over 650 employees today,” said CEO and cofounder Andy Grolnick, adding tha…
Epiq Acquires Soliton Systems’ E-Discovery Business, Japanese Character Processing (American Lawyer) The acquisition provides a direct answer to the East Asian language barrier problems many U.S.-based e-discovery providers face.
After Funding DeferPanic Repositions to Rule the Future of Unikernel (PR Newswire) One month after closing a $1.5 million seed round, DeferPanic announces...
Dunbar Armored to be bought by The Brink’s Co. in $520M deal (Maryland Daily Record) A privately-owned cash management company in Hunt Valley has a deal to be acquired by a competitor for more than a half a billion dollars.
Citizen Lab Calls on Francisco Partners to Address Impact of Surveillance Products (CTECH - www.calcalistech.com) Nasdaq-listed business intelligence company Verint is negotiating a $1 billion merger with NSO, an Israeli cyber surveillance company controlled by the private equity firm
Cylance® New Irvine Headquarters Reflect Rapid Growth (BusinessWire) Cylance Inc., the company that revolutionized endpoint security with true AI-powered threat prevention, today announced the grand opening of its 135,0
The Chertoff Group Expands Team With Security Expert Robert Anderson (Benzinga) With more than 30 years of experience, Anderson helps The Chertoff Groups' clients tackle their most critical security challenges
Products, Services, and Solutions
New infosec products of the week: June 1, 2018 (Help Net Security) JASK transforms how SOC operators visualize cyber attacks JASK is capturing industry demand with new features centered around enterprise-wide alert linkages and analyst workflow efficiency. Enhancements include the JASK Navigator, a visually-driven, contextually-rich investigation console that provides SOC analysts a
1touch.io Launches First Privacy Management and Control Solution Purpose-Built for GDPR (PR Newswire) Technology startup 1touch.io today launched the first data and...
Interset 5.6 Zeroes in on Endpoint Security with AI-enabled Security Analytics (GlobeNewswire News Room) New and expanded analytics for the endpoint help organizations identify zero-day attacks
Dell Virtustream given permission to handle sensitive Govt data (ARN) Aussie partners tapping into Dell Virtustream’s offering may be able to step up their public sector play, with the vendor being granted authorisation to handle sensitive government data.
Network security has become irrelevant: Zscaler CEO (ETCIO.com) Jay Chaudhry, CEO, Chairman and Founder, Zscaler shares his views on how the company has redefined security, why adopting security for a non-appliance..
Edinburgh cyber security companies agree partnership (businessInsider) Assure APM links up with ZoneFox to combine its security platforms which now provide 'seamless protection' in any cloud and most end user devices
EZShield Expands Monitoring Services to Arm Financial Institution Customers with Greater Identity Protection (Virtual-Strategy Magazine) EZShield, an industry-leading provider of secure, digital identity protection and resolution services for financial institution clients and their customers, has recently made Financial Account Monitoring and Financial Transaction Monitoring services available to financial institutions.
Technologies, Techniques, and Standards
Resetting Your Router the Paranoid (=Right) Way - SANS Internet Storm Center (SANS Internet Storm Center) You probably heard the advice given earlier this week to reset your router due to some malware referred to as "VPNFilter" infecting a large number of routers. I do not want to second guess this advice, but instead, outline a couple of issues with "resetting" a router.
This Is How the Internet Crosses the Ocean (Motherboard) Many people overlook the fact that the internet relies on vast networks of cables connecting continents under the sea.
Can AI smarts replace humans in the Security Operations Centre? (SC Media UK) Newly published research suggests 27 percent of enterprise security teams see more than 1 million alerts per day.
Building Blocks for a Threat Hunting Program (Dark Reading) Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
FIDO pushes its 'death of the password' narrative into Europe (Computing) With Google, Mozilla and Microsoft all adopting the passwordless standards, FIDO2 is a 'strong regulatory fit' with GDPR and PSD2
New vulnerabilities give cybercriminals 7 days to compromise your network (CSO) Cybercriminals have a 7-day window of opportunity to use vulnerabilities against a target Web site before their activity is likely to be detected or stopped with a patch, according to new research that suggests the rapid time to exploit is keeping defenders continually on the back foot.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours (Dark Reading) The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Dealing with insider threats (Enterprise Times) Ronald Sens takes a look at how companies need to address insider threats both unintentional and intentional. He postulates that training and observation are the key to success
Design and Innovation
Air Force Cyber Strategy Conference sparks innovative ideas for cyber (Maxwell Air Force Base) Air University’s Cyber College hosted the 2018 Air Force Cyber Strategy Conference, May 22-23, here. The event welcomed cyber experts from around the nation to discuss the importance of innovating
The Real Reason Google Search Labeled the California GOP as Nazis (WIRED) No, Big Tech isn't trying to defame conservatives. But Google did make a big mistake.
Google Started a Political Sh[**]storm Because of Its Over-Reliance on Wikipedia (Motherboard) The feature that caused Google to say the ideology of the California Republican Party is "Nazism" is killing Wikipedia.
Research and Development
The 'Thanksgiving Effect' and the Creepy Power of Phone Data (WIRED) Researchers used smartphone-location data and polling results to peer into millions of people's personal lives. Could bad actors do the same?
As DHS Secretary Nielsen Maps New Cybersecurity Strategy, S&T Lends R&D Support (Newswise) The Department of Homeland Security’s Science and Technology Directorate (S&T) is working in tandem with DHS operational components by conducting research and development (R&D) in numerous areas that will help strengthen DHS’s ability to detect and defend against cyberattacks.
Academia
Queen's University invests £500k in new cyber security lab (The Irish News) QUEEN's University in Belfast in investing half a million pounds in a new state-of-the-art cyber security research lab.
UNH launches master's degree program in cybersecurity (New Hampshire Union Leader) The University of New Hampshire is offering a master's degree in cybersecurity policy and risk management to meet the demand of private and public employers.
Military Veterans and School Teachers Offered Free Cyber-Security Career Pathway & Curriculum Conference in Prince William County (BusinessWire) Free Cyber-Security Career Conference for Veterans & School Teachers to be held at George Mason University in Prince William County, Va.
Legislation, Policy and Regulation
Threat Report 2018: Russia's Military Doctrine of Deception and Deniability (The Cipher Brief) Russia’s doctrine of deception – known as Maskirovka, Russian for “masking” or “camouflage” – is a foundational component of Russia’s strategic mindset.
German lawmakers cite NSA and Facebook scandals in rejecting US drone tech (Defense News) The debate over a new German weapons-capable drone showcases mistrust by some politicians in Berlin toward U.S.-made defense equipment.
As Trump saves ZTE, it's up to Congress to keep China tech company honest (Dallas News) Why, on this green earth, is the president of the United States stepping in to save a Chinese technology company? And why now, at a time when the...
Cruz Attempts to Stop Political Weaponization of Security Clearance Process (Washington Free Beacon) Sen. Ted Cruz (R., Texas) placed a provision in the NDAA that would require the department to report to Congress when security clearances are taken away
How the NGA App Store Put Tech Acquisition in Top Gear (Nextgov.com) The National Geospatial-Intelligence Agency can bring innovative software tools to government in as little as a few months.
Security researchers call for changes to defence exports regime (Computerworld) A group of information security researchers has called for changes to Australia’s Defence Trade Controls Act. The group argues that the current DTCA regime can act as a barrier to cryptography research.
Rwanda passes cyber crime law
(Xinhua) Rwanda's lower house, Chamber of Deputies, Thursday passed a cyber-crime law aimed at helping the government and the private sector to combat cyber crime.
An advert against online privacy (Graham Cluley) Not everyone is in favour of better privacy online.
The advertising industry, for instance, has its knickers in a twist so tightly about European privacy regulations that it made an over-the-top video.
Litigation, Investigation, and Enforcement
German Spy Agency Can Keep Tabs on Internet Hubs: Court (SecurityWeek) Germany's spy agency can monitor major internet hubs if Berlin deems it necessary for strategic security interests, a federal court has ruled
ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS (Threatpost) WHOIS, the searchable "phonebook" of contact data for internet domains, may violate GDPR -- or it may not. A lawsuit seeks to find out which it is.
Civil liberties groups press Trump administration on NSA call record collection (TheHill) Two-dozen civil liberties organizations are urging U.S. officials to disclose more details on the more than 500 million call records collected on Americans by the National Security Agency (NSA) last year.
Atlanta officials deny requests for records amid cyber attack (WTOC) It has been more than two months since the City of Atlanta was crippled by a massive cyber attack. While some city services have recovered, other departments have not. The city continues to pay mil...
Policing Cryptocurrencies Has Become a Game of Whack-a-Mole for Regulators (New York Times) The challenge for the government is that cryptocurrencies are so new they don’t fit well into the laws prohibiting misconduct in the securities and commodities markets.
Criminality is still a big roadblock to cryptocurrency’s legitimacy, Bruce Croxon says (Cantech Letter) Cryptocurrencies may be the way of the future but digital currencies like bitcoin and ether still have to shed their links to crime before becoming legit, says Bruce Croxon of Round 13 Capital, who…
Olympic Heights student arrested after Snapchat threat to school (Palm Beach Post) He is the second Palm Beach County teen in as many days to threaten a school, authorities said.
Industry Events
upcoming Events
Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.
Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.
Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).
Securing Federal Identity (Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.
New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.
The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.
NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).
National Cyber Summit (Huntsville, Alabama, USA, June 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville, Alabama, one of the nation's largest technological hubs, the Summit attracts both government and commercial participants. Long known as the home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE, Huntsville also has many other industries represented. Companies are diverse and include healthcare, automotive and energy industries, academia, genetic research and high technology.
Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.
TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.
SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.
Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.
Social Engineering—Rhode Island (Newport, Rhode Island, USA, June 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!
Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.
NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, June 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.
Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.
GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.
The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.
Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.
Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.