Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the first episode and subscribe today. The second episode will arrive Thursday. (Thanks to KnowBe4, our sponsors for season 1.)
More Signal. Less Noise.
Are you using threat intelligence to its full potential?
Are you using threat intelligence to its full potential? Download this free report via Recorded Future to learn 12 common threat intelligence use cases.
DPRK's Covellite quiet (in the US). Cryptocurrency hacks. Lawyers easy marks? Apple updates for user privacy. Chinese spying.
Announcements
Hacking Humans: a new CyberWire podcast
Summary
Covellite, the North Korean Internet-of-things hacking group, seems to have grown quiet with respect to American targets during the runup up to the June 12th Kim-Trump summit. Covellite, tracked by Dragos, is said to share considerable infrastructure and malicious code with the Lazarus Group (a.k.a. Hidden Cobra).
NATO members (the US in particular) find themselves relearning Cold War lessons about Russian electronic warfare capabilities.
Russian authorities are said to share Western concerns over the increasing rate of criminal attacks on cryptocurrencies.
The New York Law Journal, in a look at trends in social engineering, concludes that law firms are surprisingly easy marks.
Anyone attending World Cup events this summer should be aware of the significant risk Wi-Fi hotspots present.
Apple's latest round of updates are regarded as markedly friendly to user privacy. MacOS Mojave and iOS 12 both include features designed to block "secret trackers," and a feature being tested for iOS 12, USB Restricted Mode, is designed to impede Cellebrite's unlocking tools the FBI and others have used. The Safari browser also has new features designed to impede ad-trackers.
As the US Congress considers legislation designed to restrict Chinese intelligence collection, and the FBI warns that Chinese espionage is a "whole-of-nation" problem, the US Justice Department has charged former US Army warrant officer and DIA civilian employee Ron Rockwell Hansen with fifteen counts related to spying for China, including attempting to gather or deliver national defense information to aid a foreign government and acting as an unregistered foreign agent.
Notes.
Today's issue includes events affecting Australia, Belgium, China, European Union, France, Germany, Israel, Democratic Peoples Republic of Korea, NATO/OTAN, Poland, Romania, Russia, and United States.
$8.76 million: The average yearly cost of insider threats. Get the report.
Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.
On the Podcast
In today's podcast we speak with David Dufour from our partners at Webroot on new roles for security, and how they affect hiring and education. Our guest,John Dickson from the Denim Group, discusses the challenges of securing voting infrastructure.
Sponsored Events
TU-Automotive Cybersecurity Conference (Detroit, Michigan, United States, June 6 - 7, 2018) Uniting 150+ experts from the connected car and security industries to help automotive to apply technology and best practices to deliver robust security defenses and processes. Co-located with TU-Automotive Detroit, attendees can access the world’s largest automotive technology exhibition. CyberWire audience save $100 off standard and basic passes with code TCW100.
8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.
Selected Reading
Cyber Attacks, Threats, and Vulnerabilities
North Korean hacking group Covellite abandons US targets (ZDNet) The hacking group specializes in attacks against core energy services.
What’s the frequency, Putin? 5 questions about Russia’s EW capability (C4ISRNET) To understand electronic warfare, we must first understand how Russia has adapted and trained to fight for supremacy of the electromagnetic spectrum.
Russian experts also concerned at increasing cyber-attacks on cryptocurrencies (SC Media UK) Amid widespread use of cryptocurrency globally, the number of cyber-attacks on them has significantly increased both in Russia and Western markets.
Hacker Fail: IoT botnet command and control server accessible via default credentials (NewSky Security) We observed an IoT botnet variant, Owari, which relies on default/weak credentials to hack IoT devices was itself using default…
Scammers Targeting Booking.com Users with Phishing Messages (Security Boulevard) Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information. According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave … Read More The post Scammers Targeting Booking.com Users with Phishing Messages appeared first on The State of Security.
Polish banks targeted by attackers who hijack customer sessions (PaymentsSource) Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
The Con of Social Engineering: Law Firms are Easy Prey (New York Law Journal) A discussion of the threat that social engineering (aka the human side of hacking) poses to law firms and some tips and practical guidelines to reduce its effectiveness.
The Future of Cyber Threats: When Attacks Cause Physical Harm (New York Law Journal) The ability of cyber threats to compromise information systems is an ongoing danger to all organizations. However an emerging threat presents a new challenge—cyberattacks that may cause physical harm to systems and persons. This threat has become acute for certain sectors such as critical infrastructure.
World Cup 2018 Wi-Fi hotspots could be a major security risk (TechRadar) Security researchers warn of cybersecurity issues on a number of Russian Wi-Fi hotspots
Bizarre Chrome and Firefox flaw exposed Facebook details (Naked Security) Researchers have discovered a weakness in the way Chrome and Firefox interact with CSS3 that could have caused them to leak usernames, profile pictures and likes from sites such as Facebook.
This Veteran Became The Face Of Military Romance Scams. Now He's Fighting Back (Task & Purpose) Bryan Denny had just completed a 26-year Army career when he started hearing from women he'd never met, wondering where he'd gone with their money
Security Patches, Mitigations, and Software Updates
Apple Touts Privacy Features of New Operating Systems (SecurityWeek) Apple said new MacOS Mojave and iOS 12 software powering its mobile devices and computers would include features designed to thwart the use of secret trackers to monitor people's online activities.
Apple Just Made Safari the Good Privacy Browser (WIRED) The next version of Safari takes on ad-trackers more aggressively than ever.
Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (Motherboard) Apple’s new security feature, USB Restricted Mode, is in the iOS 12 Beta, and it could kill the popular iPhone unlocking tools for cops made by Cellebrite and GrayShift.
Google Password Protects Pixel 2 Firmware (SecurityWeek) Google has made the firmware of Pixel 2 devices resistant to unauthorized attempts to upgrade it by password protecting it.
Google says fix for ‘weird’ 1975 text message bug is on the way (Naked Security) As of Monday, you could still see recent texts by searching on the string “the1975..com”.
Cyber Trends
The security state of websites of critical suppliers (Panorays) We found that despite the awareness to Web application security, more than 25% of critical suppliers still run old, outdated website content systems.
Cybersecurity: A core component of digital transformation (Help Net Security) In this podcast, Kai Grunwitz, Senior VP EMEA at NTT Security, talks about the NTT Security 2018 Risk:Value Report, and the importance of cybersecurity for a successful digital transformation. Here’s a transcript of the podcast for your convenience. Hello. My name is Kai Grunwitz, and I'm Senior VP EMEA at NTT
IDology Study Reveals Consumer Insights On Digital Identity Fraud, Points To Need For Businesses To Offer Stronger Identity Verification (PR Newswire) IDology, a leader in smart, multi-layered identity verification, today...
To pay hackers' ransom demands or to invest in more security? (Help Net Security) One third of global business decision makers report that their organization would try to cut costs by paying a ransom demand from a hacker rather than invest in information security.
Marketplace
Pressure on DoD to change JEDI cloud approach increases (FederalNewsRadio.com) The General Services Administration potentially could give the Defense Department a detour around what many in industry call a huge mistake with its JEDI cloud procurement.
Another Defense Agency to Tap CIA's Commercial Cloud (Defense One) The U.S. Army’s National Ground Intelligence Agency aims to use secret and top-secret services from the Amazon-developed C2S Cloud.
Companies still finding cybersecurity problems following M&A purchases, says report (SC Media US) Fifty-eight percent out of 100 senior health care executives whose companies were involved in a recent merger or acquisition said in a new survey that their particular organization uncovered a cybersecurity problem with its newly annexed business after the deal was already consummated.
The Skills Employers Do Not Require, and Why (Infosecurity Magazine) Which skills are employers not looking for?
AIG: Data Breaches Made 2017 Worst Year Yet (PYMNTS.com) Following a series of sophisticated cyberattacks, such as WannaCry and NotPetya, AIG received a surge of cyber claims in 2017: The insurer saw as many claims notifications as the previous four years combined, RT reported. “The combination of leaked National Security Agency (NSA) tools, plus state-sponsored capabilities, triggered a systemic event,” Mark Camillo, head of cyber for […]
Booz Allen sees future rich with VR, machine learning opportunities (Washington Technology) Booz Allen might be a 104-year-old firm but its strategy is focused on being leading edge in areas such as virtual reality and machine learning.
Trying to See: Facebook: the National Security Agency with a profit motive? (Tillamook Headlight-Herald) Editor’s note: This is part one of a three-part series about technology and its impact on us: Facebook, May 30; China’s new “social credit” system, June 13 and the Artificial
Fortinet Snaps Up IoT-Focused Security Firm Bradford Networks (CRN) Bradford Networks provides an agentless assessment of all devices accessing the network – including those that are IoT-enabled – and automatically contains the non-compliant ones in real-time.
Qualys Announces Letter of Intent to Acquire Second Front Systems (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of...
Duff & Phelps Announces New Business Unit After Completing Kroll Acquisition (BusinessWire) Duff & Phelps has launched its new Governance, Risk, Investigations and Disputes practice
ClearForce Secures Strategic Investment From Centricus (PR Newswire) ClearForce LLC today announces a new round of strategic investment from...
Gigamon Appoints Art Gilliland to its Board of Directors (PR Newswire) Gigamon, Inc. ("Gigamon"), the company leading the convergence of...
Perspecta Announces Leadership Team (WashingtonExec) Perspecta Inc. has announced the formation of its leadership team to coincide with the completion of its separation from DXC Technology Company and commencing trading on the New York Stock Exchange under the ticker symbol PRSP. With 14,000 employees and pro-forma revenues of $4.2 billion, Perspecta helps U.S.
Products, Services, and Solutions
Rookout releases serverless debugging tool for AWS Lambda (TechCrunch) The beauty of serverless computing services like AWS Lambda is that they abstract away the server itself. That enables developers to create applications without worrying about the underlying infrastructure, but it also creates a set of new problems. Without a static server, how do you debug a progr…
HotShot Launches Messaging and Collaboration App for Secure, Compliant Employee Communications (PR Newswire) HotShot today announced their launch, introducing a proven solution...
Privacy Awareness Academy Launches New GDPR "Wake-Up Call" Campaign For Small Businesses (PR Newswire) The Privacy Awareness Academy, (www.PrivacySkills.com) an emerging leader...
Microsoft Launches 'Threat Tracker' in Office 365 Security Service (Redmond Channel Partner) A new 'Threat Tracker' capability is now generally available in Microsoft's Office 365 Threat Intelligence service, the company announced this week.
Recon Perimeter Defense Solution Secure Remote Command & Control (Owl Cyber Defense) For security purposes, some organizations have disconnected or “air gapped” their OT networks
Shift Cryptosecurity Announces BitBox Basecamp, a Hardware Security Platform for Crypto Exchanges (PR Newswire) Shift Cryptosecurity http://www.shiftcrypto.ch a Swiss technology firm...
DISA unveils new streamlined security clearance application to replace e-QIP (FederalNewsRadio.com) The Defense Information Systems Agency plans to fully roll out eApp as a replacement to current Election Questionnaires for Investigations Processing (e-QIP) security clearance system toward the end of the fiscal year.
Rivetz Enhances Security for Blockchain-based Apps with Trustonic - Trustonic (Trustonic) The integration of Trustonic’s technology into the Rivetz platform means that the private keys and instructions in applications can be executed in an area protected from the device’s normal operating system.
Discover all IT assets across your global hybrid infrastructure (Help Net Security) Qualys announced Asset Inventory (AI), a new cloud app that provides customers a single source of truth for IT assets spread across hybrid environments including on-premises, endpoints, clouds and mobile, with synchronization capabilities to Configuration Management Databases (CMDBs) to keep asset data up-to-date.
Egnyte releases one-step GDPR compliance solution (TechCrunch) Egnyte has always had the goal of protecting data and files wherever they live, whether on-premises or in the cloud. Today, the company announced a new feature to help customers comply with GDPR privacy regulations that went into effect in Europe last week in a straight-forward fashion. You can sta…
Vietnam-based telco adapts German cybersecurity tech for customers (Security Brief) Vietnam-based telecommunications provider VinaPhone is offering customers a new way to protect their mobile devices through Secucloud technology.
Technologies, Techniques, and Standards
For first time, OMB can paint the governmentwide cyber risk picture (FederalNewsRadio.com) OMB said it can identify agencies in need of improved management of cybersecurity risk and will work with them to meet government standards.
Facebook defends practice of giving deep data access to device makers (Naked Security) They’re not “outsiders,” Facebook says. They’re part of Facebook, helping to make Facebook play nicely with their devices.
Why the Military Can’t Quit Windows XP (Slate Magazine) For the military, upgrading operating systems isn’t just a hassle: It’s a matter of life and death.
Design and Innovation
Microsoft Adds Post-Quantum Cryptography to an OpenVPN Fork (BleepingComputer) Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by the Microsoft Research Security and Cryptography group as part of their research into post-quantum cryptography.
Cyberwarriors need a training platform, and fast (Fifth Domain) Given the immense need for a cyber training platform, the military is looking to rapid acquisition vehicles to field capability faster.
Here's IBM's Blueprint for Winning the AI Race (The Motley Fool) Big Blue is laser-focused on serving its core enterprise customers.
Blockchain Immutability ... Blessing or Curse? (Finextra Research) I need to warn you right from the start. If you think that the ‘immutability’ of a blockchain is its...
Research and Development
Quantum Research Puts Expiration Date on Modern Cryptography Methods - Security Boulevard (Security Boulevard) According to many experts, a day of reckoning is coming for modern cryptography as soon as a decade from now, thanks to quantum computing.
Meet 'Norman,' a terrifying, psychopathic artificial intelligence (WFLD) Talk about a pessimistic worldview.
Academia
Forum speaker tells educators how to get children interested in cyber (The Augusta Chronicle) Getting children interested in cybersecurity doesn't require schools to radically change their curriculum or buy expensive computer hardware and software.
Legislation, Policy and Regulation
NATO’s Most Urgent Pledge Isn’t 2%-of-GDP. It’s Better Cyber Defense. (Defense One) The alliance has made strides toward its 2016 Cyber Defense Pledge. But more must be done, and urgently.
Cyberattacks Are 'Ticking Time Bombs' for Germany (The Atlantic) Its pacifist tradition poses a dilemma for those charged with protecting the country from hackers.
Okta - Why GDPR won’t be a bloodbath (IT Pro Portal) Okta security chief tells us why GDPR will mean changes, but why your company shouldn’t be afraid.
U.S. Lawmakers Target Chinese Interference in New Bill (Foreign Policy) Bipartisan legislation would require an unclassified report on Chinese political influence operations in the United States.
ZTE may need to pay billions to overturn US ban (TechRadar) ZTE's future could soon be secured after Trump intervention
Huawei Slams FCC Efforts to Bar It From Federal Communications Program (Nextgov.com) Government officials say the Chinese telecom poses a hacking threat to national security.
Broadband Leaders Push Back on Proposed Ban on ZTE, Huawei Gear (Bloomberg.com) Trade groups representing the leading American broadband and wireless providers told the the Federal Communications Commission to go slow as it weighs banning the use of federal subsidies to purchase gear from Huawei Technologies Co. and ZTE Corp.
Huawei Faces Security Backlash in Australia (Light Reading) The Chinese equipment vendor is deemed a security threat by some Australian politicians.
Federal Agencies Respond to 2017 Cybersecurity Executive Order (SecurityWeek) The State Department, the Department of Homeland Security, the Department of Commerce, and the Office of Management and Budget issue reports in response to the 2017 cybersecurity executive order
Federal Agencies Face an Uphill Battle in Cyber-Preparedness (Threatpost) In the wake of the elimination of the federal cybersecurity czar position, it turns out that three-quarters of agencies are unprepared for an attack.
Trump’s lack of cyber leader may make U.S. vulnerable (POLITICO) Experts and lawmakers worry the nation is rudderless on the vital issue of cybersecurity.
Challenges of a National 72-Hour Data Breach Notification Standard (New York Law Journal) Facebook CEO Mark Zuckerberg testified before Congress last month regarding Cambridge Analytica’s unauthorized use of data of an estimated 87 million…
Is the Pentagon taking over security clearances a good idea? (Washington Business Journal) The plan calls for the Defense Department to oversee all background investigations involving its military and civilian employees and contractors and eventually have the authority to conduct security reviews for nearly all other government agencies.
The Biometric Standards: How New York Measures Up in the Face of Biometric Use Regulations (New York Law Journal) Although New York has yet to enact legislation regarding the use of biometric identifiers and information (i.e. facial recognition retinal scans etc.) a recent legislative proposal and the statutes and regulations of other jurisdictions provide valuable guidance to New York businesses regarding permissible practices.
Stephen Fogarty takes lead of Army Cyber Command (Fedscoop) The lieutenant general takes over for Paul Nakasone, who moved up to head the NSA and U.S. Cyber Command.
Litigation, Investigation, and Enforcement
US arrests man for trying to spy for China (BBC News) The FBI detains a former US Defense Intelligence Agency officer on his way to catch a flight to China.
The FBI calls Chinese spies in the US a 'whole of society threat' — here's how to protect yourself (Business Insider) China is a wide and diverse nation, but its leadership, the Chinese Communist Party, takes steps to secure its interests that may shock those from open societies in the West.
Did Facebook allow Chinese firms ZTE and Huawei to access user data? A lawmaker wants to know. (Washington Post) A top lawmaker in the U.S. Congress is questioning whether Facebook allowed two Chinese telecommunications firms with alleged ties to their country’s government to harness data about the social network’s users, potentially subjecting their personal information to new privacy and security risks.
Facebook/Cambridge Analytica 'the canary in the coalmine of a new Cold War', says whistleblower Wylie (Computing) Whistleblowers, journalists and the ICO addressed the European Parliament on Monday
Kaspersky is refusing to back down over the US government’s ban (NS Tech) Kaspersky Lab has pledged to "vigorously pursue" its appeal rights after a judge ruled that a ban on the use of its products by US federal agencies was constitutional. The Trump administration imposed
Cyber attack on Atlanta's network wiped out critical police evidence (Atlanta Journal Constitution) Local attorneys say they’re concerned after finding out the cyber attack on the city of Atlant...
Masterminds behind prolific CEO fraud ring arrested (Help Net Security) It took two years and a collaborative effort of French, Belgian, Romanian and Israeli law enforcement agencies to take down an organised crime group that was behind at least 24 cases of CEO fraud across Europe, Europol has announced.
When the FBI Can Help Companies Deal With a Cyber Event (New York Law Journal) Many companies neglect to reach out to the FBI following a cyber incident turning instead to law firms and cybersecurity firms alone. This might be a mistake considering the practical assistance the FBI can provide to targets of a cyber attack.
Paul Manafort Accused of Witness Tampering in New Mueller Filing (New York Law Journal) The special counsel in the Russia probe is requesting a hearing to ask federal judge to revoke or revise the former Trump campaign chairman’s pretrial release.
The Question MSNBC Won’t Answer: Did Joy Reid Lie? [VIDEO] (Daily Caller) 'And frankly it reminds me of the Anthony Weiner issue'
Industry Events
upcoming Events
Securing Federal Identity (Washington, DC, USA, June 5 - 6, 2018) Securing Federal Identity 2018, a highly focused and high-energy event, will feature an in-depth view of the future of federal government policies and technology developments for securing federal identity and access control of facilities and network systems. Experts from the federal government and the security industry will fill the conference agenda and exhibits area to present and future direction of the government’s efforts to manage identities and control access across all federal agencies.
New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services, in partnership with the University at Albany's School of Business, and The New York State Forum, Inc., the conference is part of a statewide effort to boost cyber security awareness and empower state and local governments, academia, organizations and citizens to take better control of their digital security.
The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays-all while networking with local peers.
NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning experience for professionals in the SIGINT Development field across the U.S. Intelligence Community and the other 5-Eyes partner nations: Australian Signals Directorate (ASD), Communications Security Establishment, Canada (CSE), Government Communications Headquarters, Great Britain (GCHQ), and Government Communications Security Bureau, New Zealand (GCSB).
National Cyber Summit (Huntsville, Alabama, USA, June 5 - 7, 2018) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. Held in Huntsville, Alabama, one of the nation's largest technological hubs, the Summit attracts both government and commercial participants. Long known as the home to Department of Defense organizations and civilian departments and agencies including DHS, NIST, NASA, TVA, NSA and DOE, Huntsville also has many other industries represented. Companies are diverse and include healthcare, automotive and energy industries, academia, genetic research and high technology.
Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual cyber conference, where we tackle some of the most relevant topics surrounding operating within the cyber landscape.
TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply chain to plan for the imminent future.
SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration on security initiatives.
CYCON: Cyber for the Community (Reston, Virginia, USA, June 9, 2018) Join us for a day of Cyber Security talks on privacy, lock picking, the Dark Web, cyber education, building attack machines, phishing attacks, malware analysis, Internet of Things security, threat monitoring and analysis, personal security, password security, and cloud security.
Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly digitizing, leading to greater risks and potential impacts from cyber and physical events. Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount, and opportunities like TSSX18 that bring the industry together for training and solutions are welcomed by SANS.
Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.
Dynamic Connections 2018 (Palm Springs, California, USA, June 12 - 14, 2018) Together with you, our customers and partners, we’ll come together for 2 ½ days to learn, explore and create the possible at Dynamic Connections 2018 (DC18). To get ahead of the most critical, most pervasive threat we face in the digital domain today, we must reach into the future and pull tomorrow’s innovation forward.
Social Engineering—Rhode Island (Newport, Rhode Island, USA, June 16, 2018) Welcome to the first ever social engineering conference in Rhode Island!
Norwich University Cyber Security Summit (Northfield, Vermont, USA, June 18 - 20, 2018) Norwich University’s College of Graduate and Continuing Studies (CGCS) is pleased to announce the second annual Cyber Security Summit in June 2018. The summit, presented in a continuing education format, welcomes Norwich alumni and others interested in exploring and discussing the latest in cyber security policy from both the federal level and the practical application of that policy on a local or business level.
NITSIG Meeting: Protecting Controlled Unclassified Information On U.S. Government Contractor Information Systems (Herndon, Virginia, USA, June 18, 2018) This meeting will discuss the security control requirements for the protection of Controlled Unclassified Information (CUI), for contractor information systems upon which CUI is processed, stored on, or transmitted through. These requirements must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication (SP) 800-171: Protecting Controlled Unclassified Information In Non-Federal Information Systems And Organizations. The CUI protection requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and non-federal organizations. Failure to implement the security controls to protect CUI, would be a breach of contract.
Insider Threat Program Management With Legal Guidance Training Course (Tyson's Corner, Virginia, USA, June 19 - 20, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance an ITP. A licensed attorney with extensive experience in Insider Threats and Employment Law, will provide legal guidance related to ITP's, the collection, use and sharing of employee information, and employee computer user activity monitoring. Insider Threat Defense has trained over 500+ organizations and has become the "Leader-Go To Company" for ITP Management Training.
GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information sharing and education on security topics affecting federal, state and even local agencies.
The Cyber Security Summit: DC Metro (Tysons Corner, Virginia, USA, June 28, 2018) Learn from cyber security experts from The U.S. Department of Justice, The NSA, Pulse Secure, CenturyLink and more as they brief you on the latest security threats facing your business. This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers. Receive $95VIP admission with promo code cyberwire95 at CyberSummitUSA.com ($350 without code). Your registration includes a catered breakfast, lunch, and cocktail reception. Passes are limited. Secure your ticket while space permits.
Impact Optimize2018 (Rosemont, Illinois, USA, June 28, 2018) Impact Optimize2018, the first-ever IT and Business Security Summit hosted by Impact, will provide attendees with actionable steps that enable the betterment of information, network and cybersecurity. All of the information presented will be designed to facilitate growth and eliminate risk for organizations of all sizes and across all vertical markets, with security as the firm foundation of every solution. The event will include presentations by subject matter experts, breakout sessions among business leaders and live demonstrations of enterprise security and business software.
Nuclear Asset Information Monitoring and Maintenance (Warrington, England, UK, July 3 - 4, 2018) On July 3rd and 4th in Warrington United Kingdom, nuclear industry leaders will meet for the IoE Events Nuclear Asset Information, Monitoring and Maintenance conference to further develop the sector’s strategic ability to leverage the appropriate people, processes and technology to achieve organisational goals through an enterprise wide integrated asset information strategy.
The Cyber Security Summit: Seattle (Seattle, Washington, USA, July 19, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts. Learn from cyber security thought leaders and Engage in panel discussions focusing on trending cyber topics such as Sr. Leadership’s Best Approach to Cyber Defense, What’s Your Strategic Incident Response Plan?, Protecting your Enterprise from the Human Element and more. Your registration includes a catered breakfast, lunch, and cocktail reception. Receive half off your admission with promo code cyberwire50 at CyberSummitUSA.com and view details including the full agenda, participating solution providers & confirmed speakers. Tickets are normally $350, but only $175 with promo code.
Cyber Security Summit 2018 (Newport, Rhode Island, USA, July 18 - 20, 2018) Join us for Opal Group’s Cyber Security Summit – set in Newport, RI, this premier event will gather C-Level & Senior Executives responsible for defending their companies’ critical infrastructures together with technology providers & distinguished information security experts. Learn from acclaimed security professionals on how to protect your business from cyber attacks during interactive Panels & Keynote presentations. Convene with fellow influential business leaders, C-Suite executives, investors & entrepreneurs over 3 days of sailing, sessions, and networking opportunities.
Sponsor & Support
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.