Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. (Thanks to KnowBe4, our sponsors for season 1.)
More Signal. Less Noise.
Are you using threat intelligence to its full potential?
Are you using threat intelligence to its full potential? Download this free report via Recorded Future to learn 12 common threat intelligence use cases.
VPNFilter botnet returning? USA Really and info ops. Trojans up, ransomware down (but not out). Microsoft buys GitHub for $7.5B.
Announcements
Hacking Humans—a new CyberWire podcast launched last week.
Summary
The VPNFilter botmasters may be attempting to reconstitute their botnet. Researchers at JASK and GreyNoise reported late Friday that the threat actors behind the first round of infestations are working to herd another set of routers. They're actively scanning Mikrotik routers with port 2000 exposed online, and they're looking only for routers in Ukrainian networks. The focus is unsurprising, given that the threat actor in question is widely believed, on compelling if circumstantial evidence, to be Fancy Bear, a.k.a APT28, a.k.a. Russia's GRU.
FireEye says a news site that popped up last month, USA Really, is in fact a Russian information operation, run out of the same building in St. Petersburg that housed the famous Internet Research Agency troll farm. Some of the features are charmingly bizarre (blood-sucking mosquitoes invade Wisconsin, Louisiana oughta secede again, etc.) but the intent is thought to be malign erosion of such civic trust that Americans may enjoy.
The seesaw of criminal practice currently seems to be tilting financial Trojans up and ransomware down. Ransomware hasn't, however faded to insignificance. AlienVault notes that the Satan ransomware family has adopted new approaches to spreading itself, some of them involving the ShadowBrokers' EternalBlue exploit.
Netscout Arbor reports that criminals continue to make extensive use of evolved forms of Mirai for denial-of-service attacks.
Weekend rumors that Microsoft was in talks to buy open-source code repository GitHub were borne out this morning. Microsoft has indeed made the acquisition for $7.5 billion, about $2.5 billion more than rumor had predicted.
Notes.
Today's issue includes events affecting Australia, Canada, China, European Union, India, NATO/OTAN, Russia, Ukraine, United Kingdom, and United States.
$8.76 million: The average yearly cost of insider threats. Get the report.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.
On the Podcast
In today's podcast we speak with our partners at Accenture Labs, as Malek Ben Salem discusses using keyboard biometrics to detect mental disorders.
Sponsored Events
Cyber Security Summits: Boston on June 5 & June 28 in DC (Boston, Massachusetts, United States, June 5, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com
TU-Automotive Cybersecurity Conference (Detroit, Michigan, United States, June 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.
8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
The VPNFilter Botnet Is Attempting a Comeback (BleepingComputer) The VPNFilter botnet that was built by Russian cyberspies, which infected over 500,000 routers, and was taken down last week by the FBI is attempting a comeback, according to telemetry data gathered this week.
New internet accounts are Russian ops designed to sway U.S. voters, experts say (McClatchyDC) A new Russian website in English appears to mirror activity of earlier firm that FBI says was Kremlin tool to influence the 2016 U.S. election.
Rabid squirrels, mosquito invasions: Russia’s new internet offensive (South China Morning Post) Offbeat articles on mystery website may be Moscow’s latest assault on American democracy, a US internet security firm claims
Sigrun Ransomware Author Decrypting Russian Victims for Free (BleepingComputer) The author of the Sigrun Ransomware is providing decryption for Russian victims for free, while asking for a ransom payment of $2,500 in Bitcoin or Dash for everyone else.
Satan Ransomware Spawns New Methods to Spread (AlienVault) Today, we are sharing an example of how previously known malware keeps evolving and adding new techniques to infect more systems.BleepingComputer first reported on Satan ransomware in January 2017.
How Mirai spawned the current IoT malware landscape (Help Net Security) Even before the attack against Dyn, Mirai botmasters released the malware's source code in an attempt to muddy the waters. As expected, other malicious actors took it and used it as a base for many malware variants targeting IoT devices.
Success of Mirai Variants Highlights Security Dangers (Infosecurity Magazine) Netscout Arbor report details how black hats are building on Mirai code
As banking Trojans outpace ransomware, financial-services attacks regain their currency (CSO) Banking Trojans were a more common email payload in the first quarter of this year than ransomware, according to new figures that reflect a tactical shift that has security experts warning of a resurgence of financial cybercrime.
Researchers uncover new exploits in voice-powered assistants like Amazon Alexa or Google Assistant (CRN Australia) New potential attack methods identified.
Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries' (Cyberscoop) Researchers can see public policy elements when analyzing nation-state malware, and FireEye's CEO says if it's more restrained it's often from the U.S.
The US creates 'nice' malware. In other news, the sun sets in the east... (iTWire) A statement by the head of security firm FireEye that US government spooks produce "nice" malware when compared to that of other states has been repor...
IE Zero-Day Adopted by RIG Exploit Kit After Publication of PoC Code (BleepingComputer) An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware.
Researchers Warn of Microsoft Zero-Day RCE Bug (Threatpost) A Microsoft Windows vulnerability enables remote attackers to execute arbitrary code – and there’s no patch yet.
Tens of Vulnerabilities Found in Quest Appliances (SecurityWeek) A total of more than 60 vulnerabilities, including many command injection flaws, have been found by researchers in disk backup and system management appliances from Quest
SpamCannibal comes back to life, starts spam-blocking everyone (Naked Security) SpamCannibal returns from the dead to fail all spam queries sent to it – essentially telling you to “block the world”.
FUD Crypters Recycling Old Malware (SecurityWeek) The FUD crypter service industry is giving a second life to a lot of old and kind-of-old malware, which can be pulled off the shelf by just about anybody with confused ethics and a Bitcoin account.
Visa denies system crashed after cyber attack, blames hardware (International Business Times UK) Visa says computer systems now operating at 'full capacity' after major disruption inflicts payment chaos on stressed out customers.
Widespread Google Groups Misconfiguration Exposes Sensitive Information (Kenna Security) Summary A widespread misconfiguration in Google Groups for organizations utilizing G Suite was recently investigated and reported to Google by the Kenna Security Research Team. This blog post provides information about the misconfiguration, details on how to find and address it, and an overview of the impact on affected organizations.
Browser Side-Channel Flaw De-Anonymizes Facebook Data (Threatpost) An attacker can pick up the profile picture, username and the "likes" of unsuspecting visitors who find themselves landing on a malicious website.
Don’t Use Software to Spy on Your Spouse (Motherboard) Reason’s “To Spy on a Cheating Spouse” explains a practice that harms thousands of women who are surveilled by their partners.
Mobile users ignore shady app permissions at their own risk, warns NY State Cyber Command (SC Media US) Mobile users who download untrustworthy apps on their phone often agree to dangerous permissions requests that give attackers essentially unfettered access to their devices' data and functions -- as demonstrated yesterday by two New York State Cyber Command employees at SC Media's RiskSec NY 2018 conference.
TSB Privacy Snafu as Letters Sent to Wrong Customers (Infosecurity Magazine) Letters acknowledged recent IT incident, but leaked PII of others
Customer Data Flies Away with Ticketfly Hacker (Infosecurity Magazine) A hacker blames poor security for defacing Ticketfly homepage--and they're not sorry.
CEO lodges complaint over mysterious cyber attack on company’s server (Deccan Herald) Police suspect business rivalry or a disgruntled employee
Security Patches, Mitigations, and Software Updates
Tesla can change so much with over-the-air updates that it’s messing with some owners’ heads (The Verge) Praise for a recent software fix to the Model 3’s braking is met with worry that different update slowed some customers’ cars
RSAT Will Automatically Be Reinstalled After New Updates in Next Windows 10 Version (BleepingComputer) In Windows Insider Preview build 17682, Microsoft has made the Remote Server Administration Tools (RSAT) an on-demand software feature. What this means is that once you install RSAT in Windows 10, it will be automatically reinstalled when you install a future operating system update.
Microsoft releases new firmware update for Surface 3 to fix potential security vulnerabilities (MSPoweruser) Microsoft surprised everyone today by releasing a new firmware update for Surface 3 device which was released more than 3 years back. There’s a new firmware for Surface UEFI on devices with Windows 10 Version 1703 (Creators Update) and above that fixes potential security issues, including Microsoft security advisory 180002. For Surface 3 units with …
WordPress Disables Plugins That Expose e-Commerce Sites to Attacks (SecurityWeek) Researchers discover vulnerabilities in ten WordPress plugins made by Multidots for WooCommerce e-commerce websites. WordPress disabled many of them after the developer failed to release patches
Apple security updates, iOS and macOS now support Messages in iCloud (Help Net Security) It’s time to update your Apple devices and software again: the company has pushed out security updates for macOS, iOS, watchOS, tvOS, Safari, and iCloud and iTunes for Windows. It has also introduced Messages in iCloud in iOS and macOS.
Cyber Trends
Aussie cyber security spend surged last year (ARN) A majority of organisations in Australia and New Zealand increased their security spend by up to a third last year, new industry research suggests.
Marketplace
Exclusive: U.S. may soon claim up to $1.7 billion penalty from ZTE (Reuters) The Trump administration may soon claim as much as $1.7 billion penalty from ZTE Corp , as it looks to punish and tighten control over the Chinese telecommunications company before allowing it back into business, according to people familiar with the matter.
US and China work on ZTE rescue; Mnuchin denies quid pro quo (AP via WPXI) The United States and China are working toward an agreement that would ease U.S. sanctions that were imposed on ZTE Corp. and let the Chinese telecommunications giant stay in business.
TIA Backs FCC Banning ZTE, Huawei From USF Funds (Multichannel) Says targeted sanctions are appropriate for security risks
Current outcry over Huawei Canada’s R&D investments creates impression Chinese company's doing something sinister, but it's not - The Hill Times (The Hill Times) Attracting such R&D branch plants is Canadian policy and Prime Minister Justin Trudeau, pictured last week on the Hill, has gone out of his way to court tech companies such as Amazon, Apple, Microsoft, Alphabet/Google and Alibaba. The Hill Times photograph by Andrew Meade
Fujitsu teams up with Vault Systems to go after government cloud (ZDNet) The Protected Cloud product will offer software-, infrastructure-, backup-, and desktop-as-a-service to government users.
Google bins military contract after staff unrest: source (CRN Australia) Employees sign petition in protest of drone analytics project.
Military Contracts Are the Destiny of Every Major Technology Company (Motherboard) Google said it won’t renew its Project Maven contract, but that doesn’t mean its leaving the war business.
Five defense firms in top 25 for cyber security (Military & Aerospace Electronics) Five U.S. defense contractors are among the world's top 25 cyber security and trusted computing companies, say analysts at market researcher Cybersecurity Ventures in Northport, N.Y. Among the world's top 25 cyber security companies are the Raytheon Co., Lockheed Martin Corp., BAE Systems, Booz Allen Hamilton, and Northrop Grumman Corp., Cybersecurity Ventures experts say in their Cybersecurity 500 List, 2018 Edition, released in May.
'Techsploitation' Demonstrators Blocked Google and Apple Buses With Scooters (Motherboard) Activists in San Francisco used scooters and tech buses to protest the industry’s presence in the city.
Microsoft has acquired GitHub for $7.5B in stock (TechCrunch) After a week of rumors, Microsoft today confirmed that it has acquired GitHub, the popular Git-based code sharing and collaboration service. The price of the acquisition was $7.5 billion in Microsoft stock. GitHub raised $350 million and we know that the company was valued at about $2 billion in 20…
GitHub users are already fuming about the company's sale to Microsoft (Quartz) While Microsoft has embraced open-source software since Satya Nadella took over as CEO, many GitHub users distrust the tech giant.
Cyberbit Raises $30 Million Investment From Claridge Israel (PRNewswire) Cyberbit Ltd., a subsidiary of Elbit Systems Ltd., and a world leading provider of cyber range training and simulation platforms, and provider of IT/OT threat detection and security orchestration, today announced a US $30 million investment from Claridge Israel, to accelerate growth, and accommodate the rising demand for its Cyberbit Range product and its entire security portfolio.
Former SoftBank Executive Nikesh Arora to Run Palo Alto Networks (Wall Street Journal) Palo Alto Networks is naming former SoftBank president and operating chief Nikesh Arora as its next chairman and chief executive, a surprising decision that follows years of rapid growth for the cybersecurity company.
Meet The Women Launching Europe's First All-Female Cyber Security Conference (Forbes) After the RSA conference launched featuring an astounding lack of female speakers, BAE Systems’ Kirsten Ward and Saher Naumaan are hoping to buck the norm with a new event, RESET - which they claim is the first of its kind.
Former Reuters Risk Exec Joins Crypto Compliance Startup (CoinDesk) Thomson Reuters's former head of World-Check, Greg Pinn, is the new head of product strategy for iComply.
Products, Services, and Solutions
GDPR Solutions: Cybersecurity Vendors Offer New Compliance Products (eSecurity Planet) GDPR is here, and cybersecurity vendors are responding with privacy and security compliance solutions.
Coalition Announces Cyber Insurance for Smart Buildings: Comprehensive Coverage for Real Estate Developers and Property Managers (PR Newswire) Coalition, the leading technology-enabled cyber insurance solution, today...
Zingbox and Nuvolo Create Healthcare Partnership to Mitigate IoT Cyber Security Threat (GlobeNewswire News Room) Innovative capabilities to discover, secure and optimize IoT devices integrated with a modern data, workflow and orchestration platform for enhanced cyber security threat mitigation
CloudPost Networks and Nuvolo Create Healthcare Partnership to Reduce Medical Device Cyber Security Risk (GlobeNewswire News Room) Inventory identification, intelligence and protection integrated with a modern data, workflow and orchestration platform for cyber security risk reduction
Nuvolo and Asimily Launch Integrated Healthcare Platform to Address Operating Technology Cyber Security Risk (GlobeNewswire News Room) Inventory identification, cyber-risk prioritization, intelligence and protection integrated with a modern data, workflow, and orchestration platform for medical device cyber security risk mitigation
Technologies, Techniques, and Standards
After a Major Cyber Attack, Does the Public Deserve an Explanation? (Route Fifty) The ransomware that crippled Atlanta raises unanswered questions about how to communicate with citizens after a cyber-attack.
Organisations can't just flirt with their disaster plan (SC Media UK) A cyber-disaster plan must not only be designed to keep an organisation or business functioning in the wake of a cyber-attack, but also must be practiced.
Duck, cover, and reboot your router? Why the FBI’s new warning is no joke (Digital Trends) The FBI has discovered up to 500,000 home or office routers could be vulnerable to a dangerous cyberattack. According to experts, there are a couple of important factors that make this malware an unprecedented situation. But can resetting your router really prevent a major cyberattack?
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware (Dark Reading) Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Role of Automated Asset Management in Industrial Cybersecurity (Infosecurity Magazine) How automated asset management can aid industrial cybersecurity.
How free software tools fit into the modern cyber theater (Fifth Domain) Free tools make it possible to bring a basic level of cybersecurity to every computer network and, in the process, help feds.
Here’s how a Pentagon cybersecurity expert imagines the U.S. could respond to a North Korean cyber attack (Recode) Eric Rosenbach asks us to role-play.
An Inside Look at OpenStack Security Efforts (eSecurity Planet) OpenStack is a widely used open-source cloud platform, but isn't secure by default. OpenStack experts reveal what is needed to make your cloud secure.
Design and Innovation
Facebook Is Killing Trending Topics (WIRED) The social network announced it was getting rid of the feature, which was the source of numerous scandals.
Crime Fighting Gets High-Tech Advances (WIRED) Beyond big data, officers are increasingly turning to software and predictive analytics from companies like Palantir to anticipate when and where misdeeds are likely to occur.
Research and Development
Quantum computers and the unbreakable lattice (ZDNet) Our public/private key encryption security will one day be easily broken by quantum computers -- the lattice will protect our secrets.
On the Origins of Memes by Means of Fringe Web Communities (Arxiv.org) Internet memes are increasingly used to sway and possibly manipulate public opinion, thus prompting the need to study their propagation, evolution, and influence across the Web.
Legislation, Policy and Regulation
NATO, EU to tackle cyber threats (New Europe) NATO has to take the necessary steps to protect the alliance from external cyber threats from other countries but also weaknesses within NATO, General John Allen told a closed on the record briefing at the GLOBSEC Forum in Bratislava. Asked by New Europe if NATO is identifying specific countries as potential threats
A war in cyberspace is already raging and could lead to 'armageddon' if banks get hit (Business Insider) A war is being fought in cyberspace with “ones and zeros” instead of bullets and too-big-to-fail banks are major targets, experts with cyber security and intelligence backgrounds have told Business Insider.
5 ways to combat international cyber threats (Fifth Domain) The Department of State in a May 2018 report pledged to pursue five goals for promoting internet freedom and establishing norms in cyberspace.
US, China should work together on a rules-based order: Ng Eng Hen (The Straits Times) Both the United States and China are deviating from global norms and acting on their own to protect their core interests, but this challenges the status quo Asia has benefited from, said Defence Minister Ng Eng Hen on Sunday (June 3) at the Shangri-La Dialogue.. Read more at straitstimes.com.
Australia considers Huawei 5G ban over security concerns (Financial Times) Chairman John Lord hits back after MP claims telecoms group was controlled by Beijing
GOP lawmaker: Trump’s ZTE deal ‘put a price tag on national security' (Washington Examiner) President Trump’s decision to ease sanctions on a Chinese tech company was tantamount to putting a "price tag on national security,” according to a Republican lawmaker.
This is why the Pentagon is taking over security clearance checks (Military Times) The Defense Department is poised to take over background investigations for the federal government, using increased automation and high-tech analysis to tighten controls and tackle an enormous backlog of workers waiting for security clearances, according to U.S. officials.
Donald Trump to Name Douglas Fears as White House Homeland Security Adviser (Wall Street Journal) President Donald Trump will name Rear Adm. Douglas Fears as his new homeland security adviser, the latest reshuffling to occur within the White House National Security Council.
No one better to lead on cybersecurity than a White House coordinator (TheHill) On the same day that the White House announced that the cybersecurity coordinator position on the National Security Council (NSC) was eliminated, the Department of Homeland Security unveiled its new cybersecurity strategy.
Litigation, Investigation, and Enforcement
US expects fallout from Snowden leaks for years to come (The Seattle Times) Whistleblower or traitor, leaker or public hero? National Security Agency contractor Edward Snowden blew the lid off U.S. government surveillance methods five years ago, but intelligence chiefs complain that revelations from the trove of classified documents he...
When the FBI Can Help Companies Deal With a Cyber Event (New York Law Journal) Many companies neglect to reach out to the FBI following a cyber incident turning instead to law firms and cybersecurity firms alone. This might be a mistake considering the practical assistance the FBI can provide to targets of a cyber attack.
Homeland Security detected signs of cell phone spying in Washington DC (The Verge) IMSI catchers could have been used in proximity to ‘potentially sensitive facilities like the White House.’
MONEYVAL’s annual report: money laundering risks are increasing (Council of Europe) The Council of Europe anti money laundering and counter terrorist financing body MONEYVAL has just published its General Activity Report for 2017.
Leak suspect Winner reaches year in custody (The Augusta Chronicle) A year ago as President Donald Trump labeled the allegations of Russian interference in the 2016 election as fake news, a young woman working for a
Samsung doesn't have to offer updates for phones older than two years (Help Net Security) Dutch consumer protection organization Consumentenbond took Samsung Netherlands to court, arguing that the company should provide timely updates and upgrades for their telephones, "for a period of four years after the introduction to the market and/or two years after the time of the sale."
‘Putin's private foundation,’ spies, and a killer-monk (Meduza) The man who allegedly ordered Arkady Babchenko's murder says was working for Ukrainian counterintelligence all along
'Dead' Russian Journalist Arkady Babchenko Is Alive and Well. Does Faking His Murder Help or Hinder Ukraine’s Credibility? (Atlantic Council) On May 29, the media reported that Russian journalist and Putin critic Arkady Babchenko had been assassinated in Kyiv. He reportedly died in an ambulance on the way to the hospital. On May 30, Babchenko appeared at a press conference, alongside the...
Faulty Chinese spy technology may help convict former CIA officer of espionage (Washington Post) The phone the Chinese intelligence operatives gave Kevin Mallory was a specialized spy gadget. If it had worked like it was supposed to, he might be a free man today.
The Curious Case of Bryan Colangelo and the Secret Twitter Account (The Ringer) A collection of Twitter accounts that has criticized Joel Embiid and Markelle Fultz, disclosed sensitive information, and outlined team strategy shares eye-opening similarities. What does that have to do with the Philadelphia 76ers’ decision-maker?
Azerbaijan Court Rejects RFE/RL's Appeal Against Website Blockage (Radio Free Europe | Radio Liberty) A court in Baku has rejected an appeal by RFE/RL's Azerbaijani Service against the blockage of its website, azadliq.org, backing a move that has been condemned by rights groups and Western governments.
Industry Events
newly Noted Events
CYCON: Cyber for the Community (Reston, Virginia, USA, June 9, 2018) Join us for a day of Cyber Security talks on privacy, lock picking, the Dark Web, cyber education, building attack machines, phishing attacks, malware analysis, Internet of Things security, threat monitoring and analysis, personal security, password security, and cloud security.
upcoming Events
Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively developed by SIA and PSA Security Network’s education teams and will feature top cybersecurity leaders. Additionally, sponsor exhibits will help showcase solutions related to cybersecurity, integrated systems and physical security solutions.
Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign integrity -- covering everything from data security to countering reputation attacks.
Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience across the enterprise through leading-edge research and thinking on key topics such as agile architectures, BCM, cloud security, privacy and securing Internet of Things (IoT).
Securing Federal Identity (Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.
New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.
The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.
NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).
National Cyber Summit (Huntsville, Alabama, USA, June 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville, Alabama, one of the nation's largest technological hubs, the Summit attracts both government and commercial participants. Long known as the home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE, Huntsville also has many other industries represented. Companies are diverse and include healthcare, automotive and energy industries, academia, genetic research and high technology.
Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.
TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.
SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.
Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.
Social Engineering—Rhode Island (Newport, Rhode Island, USA, June 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!
Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.
NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, June 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.
Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.
GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.
The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.
Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.
Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.
The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.
Sponsor & Support
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.